Privacy (GDPR)
The General Data Protection Regulation (GDPR) requires Resynthesis to specifically ensure it complies with the terms of protection of privacy, that only necessary personal data is recorded and kept and that processing, access, control and security protocols are in place to protect use (processing) of, and access to personal data.
This Privacy Regulation Statement provides clarity regarding the processing and use of personal data and associated material within the operational sphere of Resynthesis, based on compliance with the EU General Data Protection Regulation (GDPR).
This privacy statement applies to the following categories of individuals:
- (potential) clients
- visitors to the practice
- visitors to my website (https://www.resynthesis.nl)
- associates (supervisors, trainers etc.)
Personal data consists of all data that can be traced to a specific person (not to an organization, association or company). We distinguish them in ordinary and special personal data. Ordinary personal data provide factual information about a person (e. g name, date of birth, gender, nationality, Sofi-number/BSN, current address, contact details etc.). Special personal data consists of data of a sensitive nature (e.g. information related to your mental and physical health, family history etc.).
The practice collects-processes personal data:
- that the client has provided the practice with, either in person (orally or via forms), or by
- telephone, or digitally (via e-mail or web forms on the website)
- that referrers or other care providers have submitted to the practice under the written permission from the person concerned
- via audio recordings when the client involved has signed a written permission
The practice processes personal data under the following legal grounds:
- The written consent of the (former or current) client. This permission can always be withdrawn in the future, without this affecting the lawfulness of the processing of the data collected before
the withdrawal - Aiming to attend to a treatment plan and goals set in collaboration with the client
- A legal obligation, such as the obligation to keep records (according to the WGBO- The Act on the Medical Treatment Agreement and NIP)
- A legitimate interest, such as the use of contact information for planning a meeting or being paidfor my services.
The basis for this personal data is the agreed request for help and / or assignment.
Special personal data are stored digitally and encrypted, in accordance with the rules of the WGBO and NIP.
For example, the practice may use a third party for:
- The internet environment of the GDPR program (to safeguard the privacy of your data)
- Taking care of the invoicing
- Reporting fiscal information in connection with my business operations.
- Dealing with administrative tasks and referring my clients in case of death or severe incapacity-injury to handle the tasks of the practice.
The practice never passes on personal data to other parties with whom the practice has not entered into a processor agreement. The processing agreement contains the necessary agreements to ensure the security of your personal data. Furthermore, the practice will not pass on the information provided by you to other parties, unless this is legally required and permitted. The practice will always share special personal data in accordance with the rules of the WGBO and NIP.
The practice does not store personal data longer than necessary for the purpose for which it was provided or required by law. This means:
– Psychological/medical data: at least 15 years after the end of the treatment agreement
– (financial) administrative data: 7 years after recording the data.
The practice has taken appropriate technical and organizational measures to protect your personal data against unlawful processing.
You have the right to inspect, rectify or delete the personal data that the practice has received from you (the deletion can be requested after the expiration of the “storage period” mentioned above). In any case, the right to request any correction or removal does not apply to the findings/conclusions which are the psychologist’ s professional responsibility.
- You, also, have the right to have your data transferred by the practice to yourself or, by order of you, directly to another party. Lia Sotiriou will ask you to adequately identify yourself before she can respond to the aforementioned requests.
- You always have the right to withdraw your consent to the practice to process your personal data in the future without this affecting the lawfulness of the processing of the data collected before the withdrawal.
The practice can always change this privacy statement. A current version of the privacy statement is published on the website of the practice (www.resynthesis.nl). Our network of colleagues is accountable for keeping each other updated on any important changes.
If you have a complaint about the processing of your personal data, Lia Sotiriou kindly asks you to contact her about this primarily in hope that we can come to a solution together. You always have the right to file a complaint with the Dutch Data Protection Authority, this is the supervisory authority in the field of privacy protection. If you have any questions or comments about this Privacy Statement, please contact Lia Sotiriou: E-mail: info@resynthesis.nl