Privacy & Cookie statement
The following Privacy Statement applies to the data processing carried out by Stichting Máxima Medical Center, Veldhoven and Eindhoven locations, hereinafter referred to as the Maxima Medical Center (MMC).
Processing of personal data by MMC
MMC considers the protection of personal data to be very important. MMC respects your privacy and makes every effort to ensure that your personal data is treated confidentially and in accordance with the applicable privacy legislation.
There may be different reasons for your visit to MMC:
When you visit MMC as a patient, both your personal data and medical data are processed. All information that is necessary for implementing the treatment agreement is saved in an electronic patient file. This can include your name, address, place of residence, GP, medical and nursing files, lab results, etc. All care providers within MMC who are directly involved in your treatment have access to this, provided that the data are necessary for the work to be carried out. The electronic patient file has been set up on the basis of these rules and provides employees with user permissions and privileges (e.g. to access). Only the specialisms of medical psychology and sexuology can be accessed by employees of these departments (if necessary).
Your Citizen Service Number, a unique and personal number is also processed in our record-keeping system. In order to identify you, you may be asked to show your proof of identity. In addition, MMC requests your consent to the storing of your email address so that we can contact you more easily in the context of better quality of care. Furthermore, MMC uses a service pass which has your photo on it. You will be asked to have your photo taken when you register with MMC. This photo is shown on the pass and is also included in the electronic patient file for patient identification purposes. The fact that your photo is taken means that data about your race and/or religion will be processed.
You have the right to be examined and treated out of the sight and hearing of others. MMC does its best to ensure your privacy in outpatient clinics and in the nursing wards. For example, if you have been admitted to a multi-bed room for four people, this can be difficult. If you would like more privacy in a particular situation, please indicate this to the hospital staff. They will do their best to offer you as much privacy as possible.
We ask you to keep a respectful distance when you come to our reception desks and wait until it is your turn. By doing this, you will also be respecting the privacy of other patients.
If you are visiting someone in the hospital and using the car parking area, MMC does not use number plate recognition. In connection with general safety, (visible) cameras have been installed at both locations, where direct monitoring takes place and images are stored for a period of 3 days.
3. Job applicant
If you have applied for a position with MMC, we will process the following data. We will treat your (application) data as confidential and it will only be used for recruitment and selection purposes. We will not disclose any data to third parties, unless we are obliged to do so by law. We will keep your data for a period of one year after your most recent application. After that, the data will be deleted from the system, unless you do not want this to happen. Eleven months after your most recent application, you will receive an email from us with the option of giving us your consent to us keeping your data for longer. By sending the application form, you agree to your data being processed by MMC and entered into our database.
With regard to the processing of personal data of employees, MMC has a policy that is in line with current privacy legislation.
Purposes of the processing
Your personal data will be processed by MMC for the following purposes:
|Provision of care/treatment||– creating a patient file
– reporting on your treatment
|Implementation of the treatment agreement concluded with you. MMC must also comply with a number of legal obligations, such as recording your Citizen Service Number.|
|Quality purposes||– carrying out incident and calamity investigations
– providing the mandatory quality indicators
– carrying out file investigations following a suspicion of avoidable damage and/or complaints
|Compliance with legal obligations|
|Scientific research||– participating in medical scientific research
– carrying out research into, for instance, the effectiveness of treatments
|If the data used can be traced back directly to you as a person, we will in principle always ask for your consent. However, this is not always necessary. In some cases we can use directly identifiable data for research purposes, unless you have explicitly objected to your data being used for these purposes.|
|Invoicing||– carrying out actions required to invoice your treatment to your health insurer.
– carrying out compulsory physical checks
|Compliance with legal obligations|
|Administration / internal management||– recording and collecting amounts due (including placing claims in the hands of third parties)
– performing audits
|In implementation of the treatment agreement concluded with you|
|Provision of information||– Providing information at your request||Consent of the data subject.|
Your personal data will not be transferred to parties located in countries outside the EU.
Automated decision-making and profiling
MMC does not use automated decision-making and/or profiling.
The medical data that have been recorded about you in the electronic patient file are usually kept for a period of 15 years on the basis of a statutory provision, unless in the case of legal exceptions.
With regard to data that is processed by MMC for the purpose of conducting its business, it is legally bound to a retention period of 7 years.
All other personal data used for the above purposes (traceable to individual persons) must not be kept longer than is necessary for these purpose (unless otherwise required by law). The basic principle here is always that MMC will not process more personal data than is necessary for the purposes described above.
Withdrawal of consent
For various purposes, we process your data based on your consent. You have the right at any time to withdraw your consent. We will then immediately cease the processing. Withdrawal of consent does not have retroactive effect. All processing that has already taken place therefore remains lawful.
Security of Personal Data
MMC will take appropriate technical and organisational measures to protect personal data from loss or from any form of unlawful processing. In this context, various measures have been taken, including encryption of data, encrypted communication and the confidential handling of data.
Under the law, you have various rights, including:
- Right of access
- Right to rectification and supplementation
- Right to object
- Right to the restriction of processing
- Right to data portability
- Right to be forgotten
For further information about these rights, please refer to the website of the Data Protection Authority (www.autoriteitpersoonsgegevens.nl). MMC makes every effort to structure the procedures relating to these rights as carefully as possible.
Exercising the rights is free of charge for you, unless these rights are misused. You can exercise your rights by contacting us using the contact details below.
In principle, we will answer your questions/requests within one month. Should the answer to your question or request unexpectedly take longer, we will inform you of this within one month. It may be that due to the complexity of the requests and/or the number of requests, the total time taken to reply may be as long as three months
We may ask for further proof of your identity in case of any questions/requests. We do this to prevent us from disclosing personal data to the wrong party or making incorrect changes in the processing of personal data. In order to ensure that your request is dealt with as quickly as possible, we ask you in advance to enclose a copy of your identity document. We will delete this copy as soon as it is no longer necessary for the purpose.
Data protection officer
MMC has appointed a Data Protection Officer (DPO). The DPO monitors compliance with the privacy legislation and advises MMC on the privacy legislation.
The DPO is independent and supervises the way in which MMC implements the GDPR. The DPO reports directly to the Board of Directors of MMC. The DPO is also the contact person for all questions concerning privacy, both for you as a patient and for the supervisory authority. The details can be found at the bottom under ‘contact details’.
You are, of course, also free to ask questions about the personal data we process. If you have any questions about privacy, please contact using the contact details of the DPO.
This Privacy Statement (policy) may be amended. These changes will be published on the MMC website.
MMC may process your personal data for new purposes that are not yet mentioned in this Privacy Statement. In that case, we will contact you before using your data for these new purposes, to inform you of the changes to our personal data protection policy and to give you the option to refuse participation.
If you have any questions and/or comments regarding the processing of your personal data within Máxima Medical Center, please send an email to firstname.lastname@example.org or write to Máxima MC, f.a.o. Information Security Department, PO Box 7777, 5500 MB Veldhoven.