We process data related to the medications or medical supplies of our patients. Due to the sensitivity of this data, we highly value privacy. In our privacy policy, you can read which personal data we process and for what purpose. It also outlines your rights. If you have any questions or wish to exercise your rights, you can contact Jan-Pieter Dupon via dupon@regenapotheek.nl.
Scope of the Privacy Policy
This privacy policy applies to the following pharmacies:
- Pharmacy Name: Apotheek Tolakker
Address: Tolakker 1, 4854 NV, Bavel
Phone Number: 0161-458040 - Pharmacy Name: Regenboog Apotheek Bavel BV
Address: Brigidastraat 12, 4854 CT, Bavel
Phone Number: 0161-437137 - Pharmacy Name: Regenboog Apotheek Scharlo BV
Address: Scharlo 41-43, 1815 CN, Alkmaar
Phone Number: 072-5156040
Data Protection Officer: Jan-Pieter Dupon
Email Address: dupon@regenboogapotheek.nl
1. Introduction
1.1 Necessary for Our Services
To provide proper care, we collect personal data from you. This is necessary for prescribing medication, contacting you, and handling billing. Since we do not deliver all services ourselves, but sometimes engage other service providers, it is sometimes necessary to share data. For instance, if you pick up medication from a service pharmacy, we will share your medication file. We only do this with your consent.
1.2 Legal Obligations
Healthcare providers are required to keep medical records, including medication records, for 15 years. If the statutory retention period has expired and you are no longer our patient, the data will be destroyed. If you remain a patient, we will retain the personal data for future medication dispensing.
1.3 To Whom Does This Privacy Policy Apply?
This privacy policy applies to all our patients. Additionally, this privacy policy applies when you visit our website, are a former patient, want to become a patient, or wanted to become a patient but eventually did not, and if we are observing for your pharmacy.
1.4 Who Is Responsible for Your Data?
Our organization is responsible (controller) for collecting and using your data.
2. Personal Data and Processing
2.1 What Are Personal Data?
Personal data are data that can be traced back to an individual. There are various categories of personal data such as data regarding medication, billing, and referrals. When you become our patient, we ask for several personal details, such as your name, address, date of birth, account number, phone number, and email address.
When you are our patient, data is recorded in the medication file concerning the medicines you take, contraindications, intolerances, and other information relevant to prescribing the correct medication.
2.2 What Does Processing Mean?
The term ‘processing’ is broad and includes, among other things: collecting, storing, consulting, using, linking, and providing to third parties who perform certain services for us.
2.3 Why Do We Need Your Consent for Processing?
We cannot just process your personal data. We need a legitimate reason for this. Often, this stems from the treatment agreement or a legal obligation. Sometimes it is based on your explicit consent.
We may ask for your consent for various matters. We ask for your consent to share your data with another healthcare provider, such as the hospital. We also need consent if you pick up medication for someone else. You must give consent before we share data with a service pharmacy so you can pick up medication there.
For children under 16, we ask for parental consent. You can withdraw your consent at any time. If you do not agree or withdraw your consent, we cannot serve you well. Appropriate care can only be delivered if all relevant data is available. Moreover, we are obliged to maintain a medication file to ensure the quality of (future) care.
You can give or withdraw consent for the availability of data in the LSP (National Exchange Point) data exchange system to various parties on www.volgjezorg.nl, as further mentioned under section 3.2 of this privacy policy.
3. What Do We Do with Your Data?
3.1 Registration
If you register, in addition to the data mentioned under 2.1, you must also provide your BSN number. We must verify this on your identity document. We do not make a copy or scan of it. If applicable, we will ask for your file from your previous healthcare provider.
3.2 Sharing Information
We share your information with various parties. We can share your information via our exchange system with a service pharmacy, a compounding pharmacy, the hospital, the general practitioner, a substitute doctor, or other healthcare providers. We share this data only if you have given consent to share it with the relevant party. We receive the prescribed prescriptions from your general practitioner.
3.3 Payment
We use your data to send an invoice to your insurer or you for the treatment. This can also be done via a factoring company or administrative office. The invoice contains your name, address, and treatment specification. We keep these invoices for our debt administration. If an invoice is not paid after several reminders, data may be shared with third parties for collection.
3.4 Health Insurer
If you are insured, we exchange your personal data with the health insurer. We only exchange the necessary data.
The insurer can also request data for an audit. Depending on the type of audit, we must provide the requested data. We will always prioritize patient privacy.
3.5 Website
When you visit our website, we may process some data via cookies. It is also possible to order medication via the website. You enter your details yourself. These personal data are also handled confidentially.
3.6 Incident Reporting
If something unexpectedly goes wrong with the protection of your personal data – or we suspect this is the case – we will report this to the Dutch Data Protection Authority. If this incident concerns your personal data and may pose a high risk to your rights and freedoms, we will inform you as soon as possible.
3.7 Processor
It may be necessary to share data with third parties, such as an ICT supplier or administrative office. If this third party qualifies as a processor, we enter into a processor agreement with this party to protect your privacy.
3.8 Care
We use your data to deliver the right care and dispense the right medicines. In this context, we automatically screen the medication data to guide you optimally.
4. Obligations of the Healthcare Provider
4.1 Security
Healthcare providers have a duty of confidentiality and, in principle, may not disclose anything to others. All our staff who process or become aware of patient data are bound to confidentiality.
Data from your file is only shared with those involved in the treatment or when you have given consent to share that data. We do not transfer personal data to a country outside the European Economic Area (EEA).
Each healthcare provider may only log in under their account. In exceptional cases, quick access to a file may be necessary, such as in emergencies.
In addition to the organizational measures mentioned above, we will also take sufficient technical security measures to protect your personal data.
4.2 Accountability
To comply with our accountability obligation, we maintain records of processing activities and any data breaches.
5. What Are Your Rights?
5.1 Right of Access and Copy
You have the right to access your file. You can view your file by appointment under the supervision of the healthcare professional. You also have the right to a copy of your file. Personal notes do not fall under this right of access. Data from third parties in your file will generally be made invisible.
5.2 Right to Rectification
You have the right to correct inaccurate personal data. You can also supplement your file, for example, with a second opinion from another healthcare provider or your own view on a treatment. Also, ensure that you notify us of changes in your details, such as your home address when moving or changing a phone number. For simple changes, you can call or email the pharmacy. For a more complex request, you can find where to submit a request at the bottom of the statement.
5.3 Right to Deletion
You have the right to have data deleted. This deletion is not possible in all cases. Consider the significant interest of another to retain the data (e.g., a lawsuit or inheritance) and other legal provisions that oppose destruction.
5.4 Right to Complain
If you have a complaint about processing your personal data, we ask you to contact us about this. If this does not lead to the desired result, you can file a complaint with the Dutch Data Protection Authority, the supervisory authority in the field of privacy.
5.5 Other Rights
You also have the right to information, restriction of data processing, the right to object to data processing, and the right to obtain your data in electronic form.
If you wish to exercise any of your rights, we ask you to submit a written request. You can find where to submit a request at the bottom of the regulations. We strive to respond to your request within four weeks.
Questions?
If you wish to exercise any of your rights or have further questions, you can contact Jan-Pieter Dupon via dupon@regenboogapotheek.nl.