Privacy & Cookie statement

MMC

The following Privacy Statement applies to the data processing carried out by Stichting Máxima Medical Center, Veldhoven and Eindhoven locations, hereinafter referred to as the Maxima Medical Center (MMC).

Processing of personal data by MMC

MMC considers the protection of personal data to be very important. MMC respects your privacy and makes every effort to ensure that your personal data is treated confidentially and in accordance with the applicable privacy legislation.
There may be different reasons for your visit to MMC:

1. Patient

When you visit MMC as a patient, both your personal data and medical data are processed. All information that is necessary for implementing the treatment agreement is saved in an electronic patient file. This can include your name, address, place of residence, GP, medical and nursing files, lab results, etc. All care providers within MMC who are directly involved in your treatment have access to this, provided that the data are necessary for the work to be carried out. The electronic patient file has been set up on the basis of these rules and provides employees with user permissions and privileges (e.g. to access). Only the specialisms of medical psychology and sexuology can be accessed by employees of these departments (if necessary).

Your Citizen Service Number, a unique and personal number is also processed in our record-keeping system. In order to identify you, you may be asked to show your proof of identity. In addition, MMC requests your consent to the storing of your email address so that we can contact you more easily in the context of better quality of care. Furthermore, MMC uses a service pass which has your photo on it. You will be asked to have your photo taken when you register with MMC. This photo is shown on the pass and is also included in the electronic patient file for patient identification purposes. The fact that your photo is taken means that data about your race and/or religion will be processed.

You have the right to be examined and treated out of the sight and hearing of others. MMC does its best to ensure your privacy in outpatient clinics and in the nursing wards. For example, if you have been admitted to a multi-bed room for four people, this can be difficult. If you would like more privacy in a particular situation, please indicate this to the hospital staff. They will do their best to offer you as much privacy as possible.

We ask you to keep a respectful distance when you come to our reception desks and wait until it is your turn. By doing this, you will also be respecting the privacy of other patients.

2. Visitor

If you are visiting someone in the hospital and using the car parking area, MMC does not use number plate recognition. In connection with general safety, (visible) cameras have been installed at both locations, where direct monitoring takes place and images are stored for a period of 3 days.

3. Job applicant

If you have applied for a position with MMC, we will process the following data. We will treat your (application) data as confidential and it will only be used for recruitment and selection purposes. We will not disclose any data to third parties, unless we are obliged to do so by law. We will keep your data for a period of one year after your most recent application. After that, the data will be deleted from the system, unless you do not want this to happen. Eleven months after your most recent application, you will receive an email from us with the option of giving us your consent to us keeping your data for longer. By sending the application form, you agree to your data being processed by MMC and entered into our database.

With regard to the processing of personal data of employees, MMC has a policy that is in line with current privacy legislation.

Purposes of the processing

Your personal data will be processed by MMC for the following purposes:

Purpose Examples (non-exhaustive) Basis
Provision of care/treatment – creating a patient file

– reporting on your treatment

 

Implementation of the treatment agreement concluded with you. MMC must also comply with a number of legal obligations, such as recording your Citizen Service Number.
Quality purposes – carrying out incident and calamity investigations

– providing the mandatory quality indicators

– carrying out file investigations following a suspicion of avoidable damage and/or complaints

Compliance with legal obligations
Scientific research – participating in medical scientific research

– carrying out research into, for instance, the effectiveness of treatments

If the data used can be traced back directly to you as a person, we will in principle always ask for your consent. However, this is not always necessary. In some cases we can use directly identifiable data for research purposes, unless you have explicitly objected to your data being used for these purposes.
Invoicing – carrying out actions required to invoice your treatment to your health insurer.

– carrying out compulsory physical checks

Compliance with legal obligations
Administration / internal management – recording and collecting amounts due (including placing claims in the hands of third parties)

– performing audits

In implementation of the treatment agreement concluded with you
Provision of information – Providing information at your request Consent of the data subject.

 

Sharing information with third parties

MMC will share your data with the following third parties:

  • Referrers, supply chain partners and/or their replacements for the purpose of implementing the treatment agreement / the provision of care/treatment.
  • Health insurers with whom MMC has concluded a contract. This is a legal obligation.
  • Supervisory authorities (for example, Inspectie voor Gezondheidszorg en Jeugd [Dutch Health Care Inspectorate] or the Autoriteit Persoonsgegevens [Data Protection Authority]) if this is necessary in the context of the supervisory task. This is a legal obligation.

The parties concerned will process the data in accordance with their own privacy statement.
NOTE: MMC does not share any personal data with third parties who will use the data for their own purposes, unless you have given your prior consent for the relevant data to be shared or MMC is legally obliged to disclose the data.

Transfer abroad

Your personal data will not be transferred to parties located in countries outside the EU.

Automated decision-making and profiling

MMC does not use automated decision-making and/or profiling.

Retention period

The medical data that have been recorded about you in the electronic patient file are usually kept for a period of 15 years on the basis of a statutory provision, unless in the case of legal exceptions.
With regard to data that is processed by MMC for the purpose of conducting its business, it is legally bound to a retention period of 7 years.
All other personal data used for the above purposes (traceable to individual persons) must not be kept longer than is necessary for these purpose (unless otherwise required by law). The basic principle here is always that MMC will not process more personal data than is necessary for the purposes described above.

Security of Personal Data

MMC will take appropriate technical and organisational measures to protect personal data from loss or from any form of unlawful processing. In this context, various measures have been taken, including encryption of data, encrypted communication and the confidential handling of data.

Use of cookies

When you visit our website, we may store cookies on your computer. Cookies allow us to automatically identify you on your next visit. Cookies are small text files that are placed on your computer. By placing cookies, we are able to remember certain information about you, such as your browser settings or your preference for text size on our website. These preference settings are not linked to your name, address, email address, etc., but we use them to ensure that information and advice on our website is as relevant to you as possible. However, the data can never be traced back to you as an individual person and will never be used for marketing purposes. Our website only uses cookies that are permitted by law. Our overview of cookies shows you exactly what cookies we use, what they do and how long we store them.

We use Google Analytics and Universal Analytics on our website. The information that cookies collect about the use of the website (such as your IP address) will be stored on servers, for example, with Google. In order to keep your information confidential, we use IP Anonymizer. This ensures that the last part of your IP address is not saved and you will therefore remain anonymous. In addition, MMC complies with the requirements set by the Data Protection Authority regarding the use of Google Analytics. This means that:

  • MMC has concluded a data processing agreement with Google;
  • the data stored by Google are not shared with third parties;
  • and no other Google services are used in combination with the Google Analytics-cookies

You can set your browser so that it doesn’t accept cookies. Only you can delete cookies, as they are stored on your computer. Please refer to your browser manual for more information.

Your rights

Under the law, you have various rights, including:

  • Right of access
  • Right to rectification and supplementation
  • Right to object
  • Right to the restriction of processing
  • Right to data portability
  • Right to be forgotten

For further information about these rights, please refer to the website of the Data Protection Authority (www.autoriteitpersoonsgegevens.nl). MMC makes every effort to structure the procedures relating to these rights as carefully as possible.

Exercising the rights is free of charge for you, unless these rights are misused. You can exercise your rights by contacting us using the contact details below.

Deadlines

In principle, we will answer your questions/requests within one month. Should the answer to your question or request unexpectedly take longer, we will inform you of this within one month. It may be that due to the complexity of the requests and/or the number of requests, the total time taken to reply may be as long as three months

Identification

We may ask for further proof of your identity in case of any questions/requests. We do this to prevent us from disclosing personal data to the wrong party or making incorrect changes in the processing of personal data. In order to ensure that your request is dealt with as quickly as possible, we ask you in advance to enclose a copy of your identity document. We will delete this copy as soon as it is no longer necessary for the purpose.

Data protection officer

MMC has appointed a Data Protection Officer (DPO). The DPO monitors compliance with the privacy legislation and advises MMC on the privacy legislation.

The DPO is independent and supervises the way in which MMC implements the GDPR. The DPO reports directly to the Board of Directors of MMC. The DPO is also the contact person for all questions concerning privacy, both for you as a patient and for the supervisory authority. The details can be found at the bottom under ‘contact details’.

Supervisory authority

You are also free to file a complaint with the supervisory authority. The supervisory authority for the privacy legislation is the Data Protection Authority. You can find the contact details of the Data Protection Authority via the website www.autoriteitpersoonsgegevens.nl.

Any questions?

You are, of course, also free to ask questions about the personal data we process. If you have any questions about privacy, please contact using the contact details of the DPO.

Changes

This Privacy Statement (policy) may be amended. These changes will be published on the MMC website.

MMC may process your personal data for new purposes that are not yet mentioned in this Privacy Statement. In that case, we will contact you before using your data for these new purposes, to inform you of the changes to our personal data protection policy and to give you the option to refuse participation.

Contact details

If you have any questions and/or comments regarding the processing of your personal data within Máxima Medical Center, please send an email to gegevensbescherming@mmc.nl or write to Máxima Medisch Centrum, f.a.o. Information Security Department, PO Box 7777, 5500 MB Veldhoven.