Privacy statement

The EHM head office, located at Hoofddorp, Beukenhorst Oost, The Red office (second floor), Wegalaan 42, 2132 JC, is responsible for the company’s data processing.

Definitions

We have used specific terms and abbreviations in this privacy statement. Some of these are defined and explained below:

• EHM: Executive Health Management;
• Personal data: data that relates to you directly or indirectly. For example, your name, address and medical data;
• Processing: this refers to everything that can be done with your personal data. This includes gathering data, but it may also refer to storage, utilisation and deletion of data from our systems.

For whom does EHM process personal data?

We process the personal data of people with whom we have (or have had) a direct or indirect relationship. This includes, for example, the personal data of customers, the next-of-kin of our customers, visitors to our website, or the employees of suppliers.

Processing personal data

EHM is responsible for processing all your data. Any reference to EHM in this privacy statement extends to all establishments and departments of EHM where personal data is processed.

We undertake to only process legally obtained data that has been provided by you, your employer or third parties and for which you or your employers have requested that EHM process said data. You, your employer or the relevant third party are responsible for the accuracy of the information that is provided.

Hereafter, our responsibility for processing the personal data that we receive must be seen in the context of the GDPR (General Data Protection Regulation). We are responsible for the processing that takes place after receiving the personal data, which includes the storage of personal data in the dossier.

We will process personal data in accordance with our policy pertaining to the processing of personal data and only insofar as this is necessary, based on:

1. compliance with legal obligations
2. entering into and executing an agreement
3. representing the legitimate interests of EHM
4. receiving your express permission

We guarantee that, on the basis of these provisions, the processing of your data will take place in accordance with the purposes mentioned below for which you have provided the data, and that we will only process your personal data for these specific purposes.

Special catagories of personal data

We process personal data for the following purposes:

a.  To enter into customer relations with you

If you register with EHM with a request for a particular service, we need your personal data. These are obvious details such as your name, (email)address and telephone number, but also data needed to render the requested services.

 b. To maintain relations with you and carry out assignments

As our customer, we want to offer you the best possible service. To this end, we process your personal data. We use your name, email address or telephone number, for example, to contact you or to remind you of an appointment.

We also use the client data anonymously for making group reports, which cannot be traced back to an individual. The purpose of these group reports is to be able to identify health trends in order to provide health policy advice for organizations and / or to optimize our services, therefore continuing to meet the wishes and needs of clients.

c. For internal and external consultation

In some cases, our staff need to consult with a colleague or external specialist (e.g. a hospital doctor).

 d. For financial processing

We need your information to settle payment for services rendered, either with yourself or with your health insurance provider. In the case of occupational health services, we will need to settle with your employer.

 e. To establish and carry out agreements with suppliers

If either you or your employer have a supplier contract with EHM, we need to process your personal data. For example, to give you access to our establishments when carrying out short-term assignments.

 f. For our business operations

As a service provider, it is necessary for us to maintain a good overview of our customer relations. Processing your data is one aspect of maintaining quality assurance records, as stipulated in the Medical Treatment Contracts Act (WGBO) and the Utilisation of Citizen Service Numbers in Healthcare Act.

EHM is authorised to process your personal data for the above purposes under the following conditions:

• if you have given your consent for such processing and/or;
• if the processing is necessary in order to render the agreed services and/or;
• to comply with a legal obligations. Examples here include provisions in the Healthcare Insurance Act, the Utilisation of Citizen Service Numbers in Healthcare Act and the Public Health Act.

 Special categories of personal data

Sensitive data constitute a special category. Sensitive data are those relating to your health, ethnic background or religion, among other things. We process personal data in this category to provide you with health services effectively. Other than that, we only process special personal data if this is required by law or regulation, or if you give us explicit permission, or if you request us to do so.

If you ask us to record your personal data or if you choose to make your data publicly available, then we will only process these data if this is essential for providing our services.

Protection of personal data

At EHM, we protect your personal data in accordance with national security standards, which implies that your (medical) data will only be accessible to EHM staff providing you with treatment or support. Our staff sign confidentiality agreements and are not permitted to share information with unauthorised persons, even after they have terminated their employment with us.

If we wish to process your personal data for any other purpose than originally intended, we may only do so if there is a close match between the original purpose and the new purpose. For instance, if you require medication from a pharmacy after undergoing medical treatment. If we want to process your personal data for any other purpose than originally intended, then we will request your explicit permission to do so.

If, despite all the legal, technical and procedural measures that are taken, a situation arises in which we cannot guarantee your privacy, we will immediately report this to the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) and inform you of the situation regarding your data.

Data storage

Your personal data are never stored longer than necessary, depending on the purpose for which they were stored. Medical data are stored for 20 years, unless laws and regulations (such as the Working Conditions Decree) stipulate otherwise. For instance, if the data  are necessary to ensure proper treatment (e.g. in the case of  a chronic ailment) or if they are exceedingly important to others (e.g. your children in the case of hereditary diseases).

Rules for the processing of personal data

When processing personal data, EHM must comply with many different laws and regulations, including the General Data Protection Regulation, the Medical Treatment Agreement Act, the Utilisation of Citizen Service Numbers in Healthcare Act, the Healthcare Insurance Act, the Working Conditions Decree and the General Tax Act.

Your rights

Because we process your personal data, you have the following rights:

• The right to view, correct and delete your data, which includes the right to be forgotten, unless the retention of these data is of significant importance to third parties or if erasure of such data is legally prohibited.
• The right to withdraw permission for processing your personal data.
• The right to object to data processing. This could make it difficult or even impossible for us to provide the services you require.
• The right to have your personal data forwarded to yourself or other organisations you specify.

You can submit such requests via info@ehm.nl.

Questions and complaints

If you have general questions regarding the processing of your personal or medical data by EHM, you can send them to us. You can submit complaints by way of our complaints procedure.

If EHM does not provide a satisfactory answer or deal with your complaint in a satisfactory manner, then you may approach the Personal Data Authority.

You will find all the contact details below.

Contact details:

• Questions with regard to the processing of your personal or medical data by EHM should be sent to: compliance.health@klm.com
• If you have a complaint, please submit it via info@ehm.nl.
• Website of the Personal Data Authority: https://www.autoriteitpersoonsgegevens.nl/en

 Revision of this document

This privacy statement may be revised from time to time. You will always find the latest version of our privacy statement on https://ehm.nl/en/.