1. WHO IS RESPONSIBLE?
Dr. B. van de Ven (praktijk) BV is responsible for collecting, managing and processing the personal data you have shared with us. Having its registered offices at Ringlaan 51, 2600 Berchem, BE0607945322, hereinafter referred to as ‘2pass Clinic’, ‘we’, ‘us’ or ‘data controller’.
2. FOR WHAT PURPOSE DO WE PROCESS YOUR DATA?
We collect various types of personal data for different purposes, mainly for the provision of healthcare, the follow-up of patient records, the optimal navigation of the website and certain marketing purposes.
For our clinic, we do this so that you can use our (online) services with satisfaction and ease and in complete safety. Your privacy is guaranteed.
Personal data is processed on the basis of Article 9 of the GDPR:
- 9.2, a): subject to the express consent of the data subject;
- 9.2, h): for the provision of healthcare.
We also subdivide these data as follows:
- patient data (e.g., for medical records, scheduling for consultations and surgery, postoperative follow-up care, website content, vital interests, etc.)
- data from suppliers (e.g. third parties who support the clinic in the field of logistics, IT, medical facilities and equipment, etc.) in order to function organisationally and do business.
- staff data (e.g. for contracts, training, scheduling, salary slips, website content, etc.)
- other data (e.g. prospects, proposals, useful contacts, job applicants, etc.)
We secure your data in accordance with general standards that are accepted in the industry. Where possible, we will try to anonymise your data or apply special technical measures so that this data cannot be traced back to you.
In the following necessary cases, we will need to process your data in order to perform our services to the best of our ability:
1. When this is necessary to provide a service, e.g. in the context of your patient record, planning of operations, your operation itself, subsequent follow-up, etc.
2. When you have shared your data with us and have given us permission to do so, e.g. in the following cases:
- Signing in to our website and apps in order to facilitate use.
- Storing your settings to make the use of our services as pleasant as possible for you.
- Subscription to our email newsletters.
- Membership of our online communities (social media channels).
3. When legislation requires us to request and process your data. Depending on what you share with us, we may use personal data for the following purposes, among others:
- To determine your consumer profile and to be able to provide you with targeted offers based on that profile, e.g. via email or by post.
- Marketing knowledge, improvement and optimisation of our services.
- Targeted marketing campaigns and/or collaboration with third parties to develop promotions that match your interests.
3. WHAT PERSONAL DATA DO WE COLLECT, AND WHAT ARE THEY USED FOR?
Depending on what you share with us, we may store and process the following personal data:
- First and last name
- Email address
- Phone number
- Address details
- House number
- Gender at birth
- Desired gender
- Date of birth
- Payment details
- National registration number (in Belgium) or ID number (international)
- Diet and nutritional habit
- Medical history
- Insurance details
- Medical tests
- Details of members of your family (e.g. as an emergency contact)
- Information regarding your online activities on our service
- Recordings to supplement your medical record (e.g. Skype consultations). This processing is necessary for the provision of the healthcare.
- If you apply for a job: your resume and the data contained in it.
This data is used to realise medical records, medical follow-up, billing, administration and/or communication.
In addition, we retain personal data that you provide to us (written or oral), that follow from tests, and that we collect ourselves, such as publicly available data on the internet or when reviewing references.
These personal data are processed, stored and used in different places within2pass Clinic in order to optimally perform our services.
3.1. IN THE CLINIC
All of the above personal information can be shared with us by yourself via email, phone, when using our tablet in the clinic, or by sharing it with our staff. Registration, when you fill out a form via the tablet or at the front desk, is not necessary.
We may also ask you if you are interested in receiving our newsletter. Following your agreement, our staff can enter your information and register you as a newsletter subscriber or ‘member’. You can register through our websites or apps, but as an extra service, our staff will be happy to do this for you. When you register, you will subsequently always be the first to know about the latest news, offers and necessary information concerning the clinic. It is possible to unsubscribe from this newsletter again at any time.
3.2. ON OUR WEBSITE
Also when you visit our website, we require some necessary personal data. It is good to know in advance that we make use of asecure SSL connection when you browse our website. Your name, address and payment information are necessary to process and deal with your registration, request for a quotation or booking of an appointment, treatment or surgery. We process your gender (both your gender at birth and your desired gender) in order to correctly prepare your record and to address you personally. We use the date of birth to confirm whether or not you are a minor. We use the email address and telephone number to inform you regarding your registration, appointment, surgery, etc. Please always use the same name and email address during your transition to avoid confusion or administrative problems. If you have given us permission, we will also periodically send you a newsletter by email.
3.3. IN OUR APPS
For our clinic, we have a number of apps in use (e.g. Freshdesk, Little Hotelier, ScheduleOnce, Jotform, Infusion Soft, Trello etc.). Depending on the app, we will ask you to share certain personal data with us.
This data is needed to record your reservations (e.g. a consultation, an operation, your stay, etc.). Your name and email address are necessary to create your account. You can enter this information yourself on the website or in the app. Also at the clinic, our staff can help you create an account and ask you for your data. Following your consent, they enter this data into our system. We use your date of birth to verify that you are not a minor. Once all the data has been entered, a unique identification number will be created for you. We also use this information to build a database on which we can perform analyses regarding the procedures and services we offer. In addition, if you have given us permission, you will receive personalised emails with information relevant to you based on your interests.
3.4. THROUGH OUR SOCIAL MEDIA CHANNELS
Our brands use several social media channels. We use these channels for contact with our customers and various marketing purposes. On a number of social media channels, we may access certain personal data. We use the following social media channels:
3.5. VIA OUR CUSTOMER SERVICE
In most cases our customer service is contacted regarding questions, complaints, payments and/or cancelling or amending reservations. If you contact our customer service, we will ask you to share some personal data with us. Depending on what your question is, we may request information in addition to the data referred to in point 3.
To serve you better, the information is needed to search your data. In the case of a refund, we will need your name and account number. We register the email address and/or telephone number so that we can contact you if necessary. We can also use this data later to determine whether you were helped to your satisfaction during your contact with our customer service.
4. AUTOMATICALLY COLLECTED DATA
We automatically collect data when you use our website, apps and social media channels. If you use one of these (online) services, we may store data that may or may not be directly traceable to you, i.e.:
- IP address
- Domains of other sites that you have visited to reach our websites
- Information regarding the pages you visit on our website such as
- Duration of your visit
- Pages visited within our website and apps
- Information regarding the use of visited pages
- The browser and version you use
- We use the IP address to determine your geolocation (country). We use the other data to improve and optimise our services.
5. HOW DO WE PROTECT YOUR PERSONAL DATA?
We cannot disclose exactly how we protect your personal data to prevent misuse or targeted attacks. We implement both appropriate technical and organisational measures that comply with the current state of the art in order to protect your personal data. In the process, we do everything necessary to ensure all of these things.
The following departments have access to your data:
- Management: to be able to follow up on the reservations for treatment and payments, to keep accounts and records up-to-date
- Marketing: to optimise the user-friendliness of the website and to provide marketing-oriented content, information or promotion if required
- Customer care: to complete the patient record and provide medical guidance
- Medical team (doctors, surgeons, nurses, anaesthesiologists): in support of the healthcare
- Reception: to plan and be able to follow up on treatment reservations and payments, create files, etc.
- Beauty team: to plan, carry out and follow up on treatments
- IT: to optimise the user-friendliness of the website, the patient platform, mailboxes, etc., to be able to develop new features and to guarantee the necessary data security
- Academic team: to set up medical reporting and research.
- Media team: to gather facts, numbers and scientific articles to support papers and petitions
The list of persons involved per category is maintained by the supervisory authority. Each employment contract states that each person involved observes the confidentiality of the data involved.
6. SHARE WITH SERVICE PROVIDERS AND THIRD PARTIES
First of all, we are bound by theBelgian, Dutch and European legislation regarding the sharing of personal data with service providers and third parties. We share your data with third parties who play a role in performing our services, for example, processing your reservations, appointments, treatments and operations. In addition, we may also share your data with other parties engaged by us to improve our services and our marketing activities.
We treat all personal data obtained confidentially and with the utmost care. We will only share personal data with our partners that is necessary for service delivery and/or marketing purposes. To ensure that this data cannot be traced back to you, we anonymise it for you whenever possible and sharing takes place only through secured channels. This is how we safeguard your privacy.
7. EXPIRATION DATE AND INSPECTION
Your personal data has an expiration date. In doing so, we distinguish between different types of data and information. All data will be kept only as long as necessary for the processing purposes described above. Among other things, the following retention periods apply:
We retain medical, tax, social or legal data (which may or may not be part of documents) for as long as legally required, plus a period of one year. This allows us to properly delete the data from our systems and archives.
- Patient records: 30 years
- Patient administration: 7 years
- Patient registration: during the period necessary for the purposes of patient registration.
- Social services: 30 years (such as patient record)
- Complaints: for the period necessary to process the complaint.
- Scientific research: for at least 20 years after completion of the study
- Camera surveillance: image recordings are stored for 30 days. This does not apply to cameras without image storage (i.e., no images are stored here).
- Wi-Fi network: The collected data will be deleted after one year.
- Cookies: see section 11.
- If you apply for a job at 2pass Clinic or Clinic we will retain your information in our database for up to 24 months.
In some cases, e.g. when you ask us not to be contacted by us any longer, we may store your key data in a ‘do not contact’ file for 36 months in order to avoid you being contacted by us anyway during this period.
Data which is the subject of a dispute or which it is reasonable to assume should be used in a dispute will be retained for as long as necessary to use it in that dispute.
At any time, you have the right to access the data we have collected about you (right of access), to have it corrected, supplemented (right of rectification) or deleted (right to be forgotten), to request a restriction on the processing of the data or to oppose automated decision-making. If you wish, you may request the transfer of your data to a third party (right to data portability). To that end, you can contact N. Hermans via firstname.lastname@example.org.
Finally, you always have the right to complain to the data protection authority, if you believe that we are not handling your data with sufficient care.
- For the Netherlands, you can file a complaint with the Dutch Data Protection Authority (authoritypersoonsgegevens.nl)
- For Belgium, please contact the Data Protection Authority (https://www.gegevensbeschermingsautoriteit.be/burger),Ruede la Presse 35 - 1000 Brussels.
- For the UK: gov.uk/data-protection/make-a-complaint
- For Germany, please visit here: https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html
9. MODIFICATION OF PERSONAL DATA
Should you decide to exercise your above right(s), you may do so through our websites and apps. Should you encounter any problems here (e.g. you can no longer access your data or are unable to change it yourself), please submit a request to our customer service. Here you indicate what you want to do with your personal data. To that end, you can contact N. Hermans via email@example.com.
If you are subscribed to our newsletter, you can unsubscribe at any time. You will find the ‘unsubscribe’ button at the bottom of the newsletter. If you click on this, you can easily unsubscribe. You will then no longer receive our newsletter unless you re-subscribe.
10. PARENTAL CONSENT
We are required to only process personal data of minors after consent of parent or guardian. Should we discover that personal data relating to minors is being processed, we will delete this data within one month of discovery unless we are required by law to retain this data.
11.1. WHAT ARE COOKIES?
By using cookies and other techniques, we ensure, for example, that:
- It is easier to visit our websites.
- You do not receive or have to enter the same information each time you visit our website.
- We can offer you functionalities such as the patient platform.
- We can measure how our website is being used and where we can further improve it.
- We can show you a more relevant website by means of ‘personalisation’ techniques such as product recommendations and give you the option whether to display certain blocks or items on the website.
- To better tailor advertisements to your needs and interests and to prevent you from seeing a particular advertisement too often.
11.2. WHAT KIND OF COOKIES DO WE USE?
There are mandatory, functional and analytical or statistical cookies, as well as advertising and social media cookies. You can specify whether you want to use only mandatory cookies, or also the other types.
We use Google Analytics (anonymous), a web analytics service provided by Google, to track the statistics of our website. Our website uses YouTube, Instagram, Facebook and other third-party services. These external services may place cookies to record certain data, for example to analyse the click behaviour of visitors.
11.2.1. FUNCTIONAL AND ANALYTICAL COOKIES
These cookies are necessary to provide you with a working website. For example, they help you to navigate and search the website. These are cookies that are only stored during a specific visit.
Functional cookies ensure that our website functions correctly. With analytical cookies, we collect statistics from the users of our websites. By measuring usage, we can continue to improve and optimise our websites.
Examples of functional cookies on our website:
- The browser settings are saved so that you can view our websites perfectly on your desktop, laptop, tablet or mobile.
- Login information is stored so you do not have to enter it every time.
- The websites load evenly, keeping them functional and accessible.
- Detecting possible abuse or potential problems on our websites (consecutive failed login attempts are recorded).
- October (Session)
Examples of analytical or statistical cookies on our websites:
- The IP address, which is made anonymous.
- Technical characteristics such as the browser you are using and the resolution of your computer, tablet or mobile screen.
- From which page you came to our website.
- When and how long you visit or use our website.
- Whether you use our functionalities (placing an order).
- Which pages you visit within our website.
- Crazy Egg
- Google Analytics
- Google Tag Manager
11.2.2. ADVERTISING COOKIES
With advertising cookies we are able to show you (via third parties) a relevant advertisement / offer at the right time. We also use these cookies to ensure that you do not see an advertisement too often. We strive to show advertisements only when we think they will be of interest to you.
Examples of advertising cookies on our websites:
- We can track which advertisements you have seen and prevent you from seeing the same advertisement more than once.
- We can track how many visitors click on a particular advertisement.
- We can track how many orders take place through a particular advertisement.
11.2.3. SOCIAL MEDIA COOKIES
Social media cookies make it possible to share items/products onsocial media, follow or like our pages and allow our customer service to chat with you if you wish. The social media cookies are applied when you click on one of the social media icons.
Examples of social media cookies on our website:
- You can share certain pages within your social media channel.
- You can ‘follow’ our brands.
- You can ‘like’ our brands.
- Tracking pixels
11.3. DELETE COOKIES?
Most internet browsers offer the possibility to delete cookies from your hard drive. You can also reject cookies in advance or you can indicate that you want to receive a warning before they are placed. Refer to the instructions or help function of your internet browser for more details. Please note that blocking certain cookies will prevent our websites from working correctly.
12. CAMERA SURVEILLANCE
Camera surveillance is used in our clinic. The cameras are used to ensure the safety of our customers, staff and goods. For this purpose, you may therefore be filmed, images recorded and temporarily retained.
The retention period is never longer than one month, except if the recorded images can contribute to proving a crime, damage or nuisance or to identifying a perpetrator, someone who breaches the peace, a witness or a victim.