Privacy statement other

The Netherlands Cancer Institute (hereinafter: AVL) considers it important that personal data is handled with care.

In addition to personal data of patients and employees, personal data of various other categories of data subjects at the hospital are also processed.

With this privacy statement, we inform you how we handle that personal data. The protection of personal data is regulated by law, including in the Medical Treatment Agreement Act (WGBO) and the General Data Protection Regulation (GDPR).

This privacy statement has been drawn up in accordance with the requirements of the GDPR.

Who is the (controller) responsible for the processing of your personal data?

AVL (Formally: Netherlands Cancer Institute Foundation - Antoni van Leeuwenhoek Hospital) is the (processing) party responsible for the processing of your personal data.

AVL has a Data Protection Officer (DPO) who supervises compliance with the applicable laws and regulations regarding the processing of personal data. You can reach the DPO via privacy@nki.nl

What personal data do we process about you?

We record contact details of patient contacts, subscribers to the newsletter/magazine, participants in training courses, volunteers and contact persons of suppliers and cooperation partners, such as name and e-mail address.

For visitors to the NKI who use the Wi-Fi network and website visitors, we record the source and destination IP addresses, as well as data of the device with which the Wi-Fi network was used, the host name (the name you give to your device yourself, e.g. iPhone), MAC address, the moment you log in with your device and get a local IP address, websites visited and network protocols used.

In addition, camera images are made of visitors to the NKI.

For what purposes do we process your personal data?

The contact details are used to maintain contact if communication with a patient is (temporarily) not possible or because a contact person of a patient has been appointed as the (legal) representative of the patient.

In the context of the treatment agreement, information relating to the patient's treatment is then discussed with the contact person.

In addition, contact details are used to handle requested information or to send data relating to a training course or to send the newsletter.

The processing of data about the Wi-Fi network and website visits is done on the one hand for support and diagnostics in the event of problems and on the other hand for the continuity and security of the network and for analytical purposes (see also our cookie statement: https://www.avl.nl/footer/cookieverklaring/).

We also use tracking cookies from Google so that you see relevant and personalized advertisements on other websites, based on your surfing behavior.

Think, for example, of showing a vacancy or an interesting event in our institute.

Camera images are recorded to protect AVL employees and visitors and/or to prevent damage to AVL's property or building users and/or to track down persons who may have been guilty of a criminal offence or an unlawful act.

What is the basis for the processing of your personal data?

• The processing is necessary for the performance of a contract to which you are a party as a data subject, such as the medical treatment agreement, training agreement or an agreement with a supplier;
• You have given unambiguous consent to the processing, such as your statement as a contact person or registration for the newsletter;
• The processing is necessary for compliance with a legal obligation, for example on the basis of a court order;
• The processing is necessary to safeguard your vital interest, such as engaging a healthcare provider in the event of an emergency;
• The processing is necessary for the purposes of a legitimate interest of the NKI, such as measures in the interest of occupational safety.

 

How long do we keep your personal data?

We only process your personal data to the extent necessary for the purposes described in this Privacy Statement. When the personal data is no longer relevant, we will destroy or anonymize it.

The data that we receive from you as a contact person for the treatment of a patient is included in the patient's medical file.

We are legally obliged to keep the medical file for at least 15 years after the end of the treatment agreement.

We may retain this data for a longer period of time if this is required by law or if it is necessary for proper assistance or care.

In the event of permission from a volunteer, after termination of the activities, his name and address details and date of termination will also be retained after the aforementioned retention period for the purpose of relationship management.

The logging data of the use of the Wi-Fi network or website visit is stored for 20 days.

The cookies we use from Google are not automatically deleted. You will have to remove it yourself. In principle, the retention period of camera images is four weeks.

Who receives your personal data?

In the context of the treatment agreement, it may be necessary to involve various care providers from the NKI or from other healthcare institutions.

In that case, the treating physician may provide these healthcare providers with the data necessary for the treatment of the patient and thus also the data of the contact persons.

Data of participants in training courses and volunteers are provided to internal managers within the NKI.

When you visit the AVL website, cookies from third parties (e.g. from YouTube) are placed (with your consent). These third parties receive your IP address. See also https://www.avl.nl/footer/cookieverklaring/

In addition, third parties receive your personal data if they must be provided in execution of a law or court order or if this is necessary to safeguard your vital interest.

Is your personal data processed outside the EEA?

By placing cookies, your IP address is shared with parties from countries outside the European Union, including the United States.

In an agreement with these parties, we have laid down the purposes for which the data may be used, how the data must be handled and how it must be secured.

How do we protect your personal data?

We have taken and/or had taken appropriate technical and organizational security measures to protect your personal data against loss or unlawful use.

For example, we secure our systems in accordance with the applicable standards for information security and we also make agreements about this with our service providers.

Within the NKI, personal data is only accessible to those who are authorised to process it. In other situations, third parties will only be given access to your personal data if we have a valid basis for doing so.

Automated decision-making and profiling

At the moment, automated decision-making and profiling do not apply.

Your rights regarding your personal data

Right to be forgotten; this concerns the right to be 'forgotten';

Right of access; this concerns the right to inspect your personal data or to request a copy;

Right to rectification and completion; this concerns the right to change your personal data that is factually incorrect; Right to restriction of processing; this concerns the right to have less data processed;

Right to object to data processing;

Right to data portability; you can request the NKI to hand over the data that you have provided digitally to you so that you can make it available to other organisations;

The right not to be subject to a decision based solely on automated processing (NB: this is currently not the case within the NKI);

To exercise your rights, you can contact us by email: rechtenvanbetrokkenen@nki.nl. We may ask you to identify yourself in response to your request.

Anyone whose personal data is processed has the right to lodge a complaint with the competent authority in the event of (possible) violations of the applicable law with regard to the protection of personal data.

In this case, this is the Dutch Data Protection Authority. More information can be found on the website https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/avg-nieuwe-europese-privacywetgeving/controle-over-je-data

Alterations

This Privacy Statement may be amended from time to time. We recommend that you consult this Privacy Statement from time to time.

If the changes give cause to do so, we will ask you to re-consent to the data processing as described in the Privacy Statement.

Contact

If you have a question about the way in which we process your personal data, you can contact the Data Protection Officer. You can reach the DPO via privacy@nki.nl.

You can also contact the Patient Information Centre in the central hall of the NKI (Plesmanlaan 121, Amsterdam) or call 020-5129111. If you have any questions about your rights as a data subject, please contact us by e-mail: rechtenvanbetrokkenen@nki.nl.

25 May 2018