Privacy statement

EHM Health Services (KHS) attaches great importance to the privacy of staff members, potential and existing customers, as well as job applicants and website visitors. Their personal data is therefore always handled with the greatest possible care in full compliance with the General Data Protection Regulation or GDPR (in Dutch: Algemene Verordening Gegevensbescherming or AVG).

EHM is located in Hoofddorp, Beukenhorst Oost, The Red Office (second floor), Wegalaan 42, 2132 JC, and carries responsibility for its data processing operations.

1. Definitions

We use specific terms and abbreviations in this privacy statement, some of which are described below:

  • EHM: Executive Health Management
  • Personal data: data that relates to you directly or indirectly. For example, your name, address and medical data.
  • Processing: this refers to everything that can be done with your personal data. This includes gathering data, but it may also refer to storage, utilisation and deletion of your data from our systems.
  • GDPR: Regulation (EU) 2016/679 (General Data Protection Regulation).
  • Customers: Contracting organisations that engage EHM and/or AMS to perform services, including employers as well as natural persons to whom services provided by EHM and/or AMS relate directly.

2. For whom does EHM process personal data?

We process the personal data of people with whom we have (or have had) a direct or indirect relationship. This includes, for example, the personal data of staff members, job applicants, potential and existing customers, customer contacts, visitors to our website and/or the employees of suppliers.

3. Responsibility for processing personal data

EHM is responsible for processing all your data.

We undertake to only process legally obtained data provided by you, your employer or third parties and for which you or your employers have requested that EHM process said data. Responsibility for the accuracy of the information provided lies with you, your employer and/or the third parties concerned.

After receiving the personal data, we then bear responsibility for further processing in the context of GDPR, which includes the storage of personal data in the file.

We will process personal data in accordance with our policy pertaining to the processing of personal data and only insofar as this is necessary, based on:

(1) compliance with legal obligations

(2) entering into and executing an agreement

(3) representing the legitimate interests of EHM

(4) receiving your express permission

We guarantee that based on these provisions, your data will be processed in accordance with the purposes mentioned below for which you have provided the data, and that we will only process your personal data for these specific purposes.

4. Processing personal data

We process personal data for the following purposes:

a. To enter into relations with you as a customer

If you register with EHM with a request for a particular service, we need your personal data. This includes obvious details such as your name, (email) address and telephone number, as well as other personal data needed to provide the service requested.

b. To maintain relations with you and carry out assignments

We aim to offer you the best possible service as a customer. To this end, we process your personal data. We use your name, email address or telephone number to contact you or to remind you of an appointment for example, or occasionally we may use these details for a customer satisfaction survey aimed at improving our services. We also use customer data anonymously that cannot be traced back to an individual to generate group reports. The group reports are used to identify health trends to substantiate health policy advice for organisations and/or to optimise our services, therefore continuing to meet customer wishes and requirements.

c. For internal and external consultation

In some cases, our staff need to consult with a colleague or external specialist (e.g. a hospital physician).

d. For financial processing

We need your information to settle payment for services rendered, either with yourself or with your health insurance provider.

e. To establish and carry out agreements with suppliers

If either you or your employer have a supplier contract with EHM, we will need to process your personal data. For example, to enable you to access our establishments when carrying out short-term assignments.

f. For our business operations

As a service provider, it is necessary for us to maintain a good overview of our customer relations. Processing your data makes it possible for us to comply with the legal requirements as stipulated in the Medical Treatment Agreement Act (WGBO) and the Utilisation of Citizen Service Numbers in Healthcare Act. If we collect information about your website visit via cookies, this is included in our cookie statement.

g. For the purpose of (entering into) employment

If you respond to a vacancy, we process your personal data as a job applicant for the purpose of the application procedure. On entering into an employment contract, we process personal data of our staff members in order to fulfil our obligations as an employer.

If we wish to use your personal data for any purpose other than that for which it was originally processed, we may only do so if the two purposes are closely connected. We will not process your data further if this is incompatible with the original purpose. If we wish to process your traceable data for scientific research or statistical purposes, we will inform you accordingly and implement appropriate safeguards in accordance with GDPR.

5. Special categories of personal data

Sensitive data constitutes a special category, relating specifically to your health.
Only if strictly necessary, we process personal data in this category about your health to perform effectively in our capacity as a healthcare or service provider. We only process such data if this is required by legislation and regulations, or on the basis of your request or explicit consent.
If you ask us to record your personal data or if you choose to make your data publicly available, we will only process such data if it is essential for providing our services.

6. Sharing personal data

EHM engages suppliers, partner organisations and other third parties for the purposes of service provision and maintaining business operations. It may be necessary to share personal data with these parties. In all cases, EHM only provides the necessary data and only if there is a legitimate basis for doing so, such as complying with legal obligations, executing an agreement or with your consent.

Examples here include:

  • Suppliers forming part of our (internal) services
  • Other healthcare providers to whom we may refer you
  • Partner organisations for performing medical diagnostic examinations
  • Third parties for the purpose of accountability

7. Protection of personal data

EHM makes every effort to optimally secure your personal data against unlawful use. At EHM, your personal data is secured in accordance with national standards, which implies that your (medical) data will only be accessible to EHM staff providing you with treatment or support. Our staff sign confidentiality agreements and are not permitted to share information with unauthorised persons, even after they have terminated their employment. EHM holds valid ISO 27001 and NEN 7510 certificates.

If EHM should enter into a cooperative relationship where your personal data needs to be processed by another organisation, EHM will ensure that appropriate agreements are reached to safeguard the security, processing and storage of your personal data as part of that relationship.

If, despite all the legal, technical and procedural measures taken, a situation should arise in which we cannot guarantee your privacy, we will immediately report this to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and inform you of the situation regarding your data.

8. Data retention periods

Your personal data will not be retained longer than necessary for the purpose for which it was processed. EHM adheres to legally and internally prescribed data retention periods.

9. Rules for processing of personal data

When processing personal data, EHM must comply with the applicable legislation and regulations, including the General Data Protection Regulation (GDPR), the Medical Treatment Agreement Act (WBGO), the Utilisation of Citizen Service Numbers in Healthcare Act, the Health Insurance Act (Zorgverzekeringswet), the Working Conditions Decree and the General Tax Act.

10. Your rights

Because we process your personal data, you have the following rights:

  • The right to view, correct and/or delete your data, which includes the right to be forgotten, unless the retention of such data could be of significant importance to third parties or if deleting such data is legally prohibited
  • The right to withdraw consent for processing your personal data
  • The right to object to data processing. This could make it difficult or even impossible for us to provide the services you require
  • The right to have your personal data forwarded to yourself or other specified organisations

You can submit such requests via

11. Questions and complaints

If you have general questions about the processing of your personal or medical data by EHM, you can send them to us at the email address below. You can submit complaints by way of our complaints procedure. If EHM does not provide a satisfactory answer or deal with your complaint in a satisfactory manner, you may contact the Personal Data Authority. You will find all the contact details below.

Contact details

• Questions about the processing of your personal or medical data by EHM should be sent to
• Complaints can be submitted to
• Website of the Personal Data Authority:

12. Revision of this document

This privacy statement may be revised from time to time. You will always find the latest version of our privacy statement on this page.