1. About us
We are NL Mental Care B.V. and are responsible for the processing of personal data of all our subsidiaries.
Are you, or were you in the past, at/of Mentaal Beter or one of the subsidiaries:
- A client;
- A (legal) representative, parent(s)/guardian(s) or other family member of a (former) client;
- An external (business) relationship, such as a referrer, other healthcare provider or a supplier;
then please continue reading this Privacy Statement to learn about how we handle your data.
Are you now, or were you in the past, one of the following:
- A visitor of our website(s)? Then you can read everything about how we handle your data in our cookie statement.
- An applicant? Then you can read everything about how we handle your data in this privacy statement.
- A collaborator? Then you can request the privacy statement that applies to you from HR.
2. These are NL Mental Care's privacy promises
- We treat you and your data with care and respect. We handle your data with integrity and follow our ethical compass.
- We are clear about what we do with your data.
- We only collect your data if we need it for the purpose of helping you. We do not use or collect more data than necessary.
- We never sell your data. To anybody.
We are open to feedback about the way we handle your data. You can always contact us with questions or requests about the processing of your data via privacy@mentalcaregroup.nl.
3. General information about how we handle your data
What types of data do we use?
Read below which data we process if you:
- Are a client of Mentaal Beter Adults (which also includes PEP Psychologen and Vitaalpunt).
- Are a client of Mentaal Beter Child & Youth
- Are a business relation of NL Mental Care such as a referrer, care provider or supplier.
- Are family or a (legal) representative of a client of one of our divisions.
For what purposes do we use data?
Read below for what purposes we use your data if you:
- Are a client of Mentaal Beter Adults (which also includes PEP Psychologen and Vitaalpunt).
- Are a client of Mentaal Beter Child & Youth
- Are a business relation of NL Mental Care such as a referrer, care provider or supplier.
- Are family or a (legal) representative of a client of one of our divisions.
4. With whom do we exchange data?
Most of what we know about you, you have told us yourself. Yet sometimes we receive information from others. All of the data in your file is kept secret, but this does not mean that we never share data with other parties. Below we would like to explain to you why we exchange data with certain parties and for what legal reason we are allowed to do this.
We may exchange data with:
- Service providers who help us deliver our care to you. These are so-called ‘processors’. They only process data on our behalf and for our purposes, not for themselves. These are, for example, our ICT service providers, such as the party that stores our electronic client files for us, parties that provide e-health applications for us or parties that help us to exchange information (safely). We do not have to ask for your permission for this data exchange, because this is necessary to properly execute the (treatment) agreement with you and those parties working under our responsibility. Naturally we make proper agreements with them set in contracts, such as: they are not allowed to do anything with your data themselves, they must also keep your data secret, and they must properly protect your data.
- Accountants. We are required by law to be audited by an accountant. The accountant is shown data that is necessary for this audit. They can monitor us on location to check whether we have declared your care correctly. If we send data to them, we always make sure that it cannot be traced back to you. Due to the fact that these checks are required by law, we do not have to ask for your permission.
- Auditors. Sometimes it is necessary that we ourselves check our own work. This is part of providing you care. An employee of ours who has been especially assigned for this purpose does the check. This employee is only ever allowed to look at files if it is deemed necessary. We also have our work checked by external parties in order to learn from this as an organization, or to obtain a quality mark. In such cases, an external party checks our working methods. Only if you give permission for this, they can view your data.
- Government agencies with which we are required to share information. If we are required to provide information by law, we will do so without your consent. You can think of, for example, reporting a calamity to the Health Care Inspectorate or reporting serious domestic violence or child abuse to the “Meldpunt Veilig Thuis”.
The above exchanges apply to all of our divisions/business units and to everyone whose data we process. There are other exchanges for some groups or business units.
No international data transfer
We do not transfer data outside the European Economic Area (EEA).
No profiling or automated decision-making
We do not profile you based on your data and we do not use automatic decision-making.
Data retention
We will keep your data for as long as needed. The period of doing so extends to the duration of your treatment, the legal period in which you can file a complaint or lawsuit, and whenever it is required by law. Afterwards, we will delete your data or make your data anonymous. We are required by law to keep all data belonging to the client file for at least 20 years. This period of 20 years starts from the date we close your file, or (if that is later) from the moment you turn 18.
If we anonymize your data, we will delete all data that refers to you. The data can then no longer be linked to you. We use this anonymous data to conduct scientific and statistical (market) research, for example to develop new treatments or to better match our range of treatments and services to the needs of our clients.
How do we ensure that your data is safe with us?
We do everything we can to ensure that your data is safe with us. We do this by, among other things:
- Screening employees and ensuring that every employee is bound by confidentiality by law, professional codes or a contract.
- Properly secure our systems, for example by securing internet connections, using 2-factor authentication and by recording what happens in our systems.
- To have ourselves tested by an external party, which means that we also have a NEN 7510 certificate. This certificate shows that we secure our information properly.
- To pay permanent and periodic attention to training and awareness in this area.
Have you found a (security) problem despite all the measures we have taken? Then report this safely to us at fg@mentalcaregroup.nl.
5. Your privacy rights
Inspection, a copy (to transfer) and additional information
As a client, you can view your file via a client portal or via the reports sent by us. You can also ask us to provide you with a copy of your file. You can also request additional information about how we handle your data. Even if you belong to one of the other above-mentioned groups of people whose data we process, you can request access, additional information and a copy of your data.
Correction
If you notice data that is incorrect, you can ask us to adjust this. If you as a client do not agree with something a practitioner has written about you, we will in principle not adjust this, but we can add an opinion about this to your file. This can be your opinion or that of another practitioner.
Restriction/temporary stop
In addition, you can ask us to temporarily stop using your data. You can do so if you have let us know that you think that your data is incorrect, or if you are of the opinion that we should not be allowed to process it (anymore) and there is an ongoing investigation concerning this matter.
Objection
Sometimes we also use your data for our legitimate interests or for scientific research. You are allowed to object to this if you think this is extra disadvantageous for you personally. We will then carefully check if we should stop using your data due to your specific situation.
Revoke consent
In certain cases, we only use your data with your permission. If so, you can always withdraw that permission. You do not have to provide us with a reason to do so. If you withdraw your consent, we will stop using (that part of) your data.
Removal/Destruction
Finally, you can ask us to delete your data. In most cases this will be possible. However, sometimes we will have to keep certain data by law or because it is necessary in order to provide you proper care. This applies more often if you are still a minor. In any case in which we cannot delete your data, we will always provide you an explanation.
Would you like to know more about your rights? Please visit the website of the Dutch Data Protection Authority.
How can I exercise my rights?
You can submit your privacy request by sending an email to privacy@mentalcaregroup.nl. You can also contact your therapist.
In most cases we can take care of your request within a week. If this is not possible, we will send you an initial response within four weeks and a final response within three months at the latest. You will also receive a response if we are of the opinion that we cannot meet your request.
A practitioner always has the option to make his or her own decisions and to (partially) refuse a request if (s)he thinks that it is for your own good, or if it is necessary due to the interests of others, such as family members.
I am a minor and/or have a legal representative. Who is authorized to give permission and/or make privacy requests?
If you are under the age of 12, your parent(s) or guardian(s) who have custody of you will decide for you. They are also allowed access to all of your information and may make privacy requests on your behalf.
If you are 12 to 16 years of age, you can make privacy requests and give permission yourself. Your parent(s) or guardian(s) who have authority over you may also request information and participate in the decision making process about your care.
If you are 16 years or older, you are allowed to make all the decisions yourself. You can make privacy requests and your parent(s) or guardian(s) will only receive information about you if you give permission.
If you are a legal representative of someone of 18 years or older, you make all the decisions for that person. You are allowed to have all the information about that person and you can make privacy requests on their behalf. You must be able to prove that you are the legal representative.
Privacy statement changes
If something changes in the way we process your data, we will adjust our privacy statement accordingly. You will be notified of major changes or changes that have a real impact on your privacy. The latest version of our privacy statement can always be found on this website.
This latest version of the privacy statement was made on April 9, 2021.
6. Questions, tips or complaints?
In case you have a question, tip or complaint about privacy, please send an email to the Data Protection Officer at fg@mentalcaregroup.nl. You can also send a letter to:
NL Mental Care B.V.
attn. the Data Protection Officer
Steijnlaan 12
1217 JS Hilversum
In case we are not able to figure out a solution together, you can submit your complaint to the Dutch Data Protection Authority.
7. Questions about privacy – clients Mentaal Beter Child & Youth
What kind of personal data of mine do you use?
- Your contact details, such as your name, address, email address, and telephone number.
- Contact details of your parent(s)/guardian(s), family and/or representative.
- Your gender, date of birth and/or age.
- Identifying numbers, such as your insurance number or client number.
- Your citizen service number / “burgerservicenummer” (BSN).
- Information about your insurance/reimbursement.
- Your medical information. Everything we need to know to be able to provide you with treatment or care. This includes, for example, data about your complaints, the examinations you receive, the tests you make, the questionnaires you complete, your diagnosis(s), the treatment you receive, the conversations we have and your experience with the treatment.
- Possibly a student file, if you have given permission to request this from the school.
- Audio and/or video recordings, only if we have agreed this together in advance.
For what purposes do you use my data?
- We check whether we can provide you with care; we provide you with care; evaluate the care; if necessary we transfer parts of the care to other care providers. We also use your data to get compensated by health insurers/municipalities for the care we provide, but never more data than is absolutely necessary for that specific purpose.
- To keep in touch with you regarding your treatment. You cannot unsubscribe from that contact. Also, we might want to contact you to ask if you are interested in specific things, such as a client experience survey, requests from our client council or events such as an information or evaluation meeting. You can unsubscribe from this type of contact via privacy@mentalcaregroup.nl.
- To measure treatment effect and improve quality. We are always working to improve our treatments. That is why we also use your treatment outcomes to learn from. This is part of acting on our treatment agreement. If we also want to share this data with other parties, we will only do so with your permission and make sure that the data cannot be traced back to you.
- Handling complaints and disputes. If you submit a complaint to us, it will be reviewed by our complaints officer. He or she will then contact you and ask for your permission to view the data in your file and to discuss the complaint with your practitioner.
- Scientific and statistical research. Sometimes we use some of your data to, for example, see how many and which types of treatments we have started, how long it takes us on average to complete these treatments, or how our work is spread over certain regions. The data does not immediately trace back to you, but we do use it for analytical purposes. In addition, you can sometimes participate in scientific research during your treatment to see whether one treatment works better than another. We request your permission in advance for this type of research. It is also possible that we will want to conduct scientific research with your data at a later stage. The wish to conduct such research mostly arises after your treatment has already been completed as a result of a new scientific discovery or experiences elsewhere. We also ask for your permission for this type of research if possible. Only if this is not reasonably possible, we are also allowed by law to use your data without permission. In that case we will still protect your privacy well and store the data under a code number.
- To comply with the law. We need some information to comply with the law. For example, we have to keep our entire administration for 7 years for the tax authorities and we have to keep client files for 20 years to comply with the law. We are also legally obliged to cooperate with checks on our claims by health insurers. You can read more about this on the website of the Dutch Data Protection Authority.
Who do you exchange data with?
- We receive your details from municipalities when they request care from us. If your care is paid for by the municipality where you live, we provide them with some of your data to ensure that we get paid for this care. These are, for example, your name and address, your social security number and the kind of help we provide you with. We do not share any data concerning what you have discussed with us. We do not have to ask for your permission for this data exchange, because it is needed to properly execute the treatment agreement or because it is required by law.
- Other care providers, such as your referrer, your GP, another doctor, a neighbourhood team, the center for youth and family, or youth workers. We receive data from other healthcare providers if you refer them to us, or if we request additional information from them about your health. For the latter we will ask for your permission.
- We receive your student file from school when they request our help. We provide your school with some of your data in order for them to help you better with any learning and/or behavioural problems. This will only happen with your permission.
- The Dutch Quality Institute Dyslexia (NKD). We only pass on data about your screening, diagnosis, treatment and follow-up to the NKD with your permission. The data from this database are used to improve the quality of dyslexia care and can also be used for scientific research. Whenever we share data, we do this in a pseudonymised way. This means that the NKD cannot trace this data back to you. More information can be found on the website of the NKD.
- Referral Index at Risk Adolescents (Verwijsindex Risicojongeren, VIR). If you are under the age of 23, we will report you to the Referral Index if the practitioner is of the opinion that you are at risk. We do not mention anything about why you receive our care or what you discuss with us. If you also receive help from another care provider, we will be informed of this so that we can work together and share data. We will always discuss this with you first. More information about this can be found on the website of the Association of Dutch Municipalities (Vereniging van Nederlandse Gemeenten, VNG).
- Parent(s)/guardian(s). If you are under the age of 16, we will share information with your parent(s) or guardian(s). If you are 12 years or older, you can ask us not to do so. If you are 16 years or older, we will only share data with your parent(s)/guardian(s) with your permission. If we are not certain of who has custody of a child, we can check the details of parent(s)/guardian(s) with the custody register.
8. Questions about privacy – clients Mentaal Beter Adults
What kind of personal data of mine do you use?
- Your contact details, such as your name, address, email address, and telephone number.
- Contact details of your parent(s)/guardian(s), family and/or representative (if necessary).
- Your gender, date of birth and/or age.
- Identifying numbers such as your insurance number or client number.
- Your citizen service number / “burgerservicenummer” (BSN).
- Information about your insurance/reimbursement.
- Your medical information. Everything we need to know to be able to provide you with treatment or care. This includes, for example, data about your complaints, the examinations you receive, the tests you make, the questionnaires you complete, your diagnosis(s), the treatment you receive, the conversations we have and your experience with the treatment.
- Audio and/or video recordings, only if we have agreed this together in advance.
For what purposes do you use my data?
- We check whether we can provide you with care; we provide you with care; evaluate the care; if necessary we transfer parts of the care to other care providers. We also use your data to get compensated by health insurers/municipalities for the care we provide, but never more data than is absolutely necessary for that specific purpose.
- To keep in touch with you regarding your treatment. You cannot unsubscribe from that contact. Also, we might want to contact you to ask if you are interested in specific things, such as a client experience survey, requests from our client council or events such as an information or evaluation meeting. You can unsubscribe from this type of contact via privacy@mentalcaregroup.nl.
- To measure treatment effect and improve quality. We are always working to improve our treatments. That is why we also use your treatment outcomes to learn from. This is part of acting on our treatment agreement. If we also want to share this data with other parties, we will only do so with your permission and make sure that the data cannot be traced back to you.
- Handling complaints and disputes. If you submit a complaint to us, it will be reviewed by our complaints officer. He or she will then contact you and ask for your permission to view the data in your file and to discuss the complaint with your practitioner.
- Scientific and statistical research. Sometimes we use some of your data to, for example, see how many and which types of treatments we have started, how long it takes us on average to complete these treatments, or how our work is spread over certain regions. The data does not immediately trace back to you, but we do use it for analytical purposes. In addition, you can sometimes participate in scientific research during your treatment to see whether one treatment works better than another. We request your permission in advance for this type of research. It is also possible that we will want to conduct scientific research with your data at a later stage. The wish to conduct such research mostly arises after your treatment has already been completed as a result of a new scientific discovery or experiences elsewhere. We also ask for your permission for this type of research if possible. Only if this is not reasonably possible, we are also allowed by law to use your data without permission. In that case we will still protect your privacy well and store the data under a code number.
- To comply with the law. We need some information to comply with the law. For example, we have to keep our entire administration for 7 years for the tax authorities and we have to keep client files for 20 years to comply with the law. We are also legally obliged to cooperate with checks on our claims by health insurers. You can read more about this on the website of the Dutch Data Protection Authority.
Who do you exchange data with?
- We do this if your care has to be paid for by the health insurer or if this has to be done because of a check. We do not have to ask for your permission for this data exchange, because it is necessary to properly execute the treatment agreement or because it is required by law.
- Akwa GGZ. To keep track of whether we are on the right track, we will check at the beginning, during and at the end of your treatment how you are doing and whether our help is sufficient. We can share this information with Akwa GGZ with your permission. By sharing this knowledge, experience and results of treatments, healthcare professionals can learn from each other and improve their treatments. When we share data, we do this in a pseudonymised way. This means that Akwa GGZ cannot trace the data back to you. More information can be found on the Akwa GGZ website.
- Referral Index at Risk Adolescents (Verwijsindex Risicojongeren, VIR). If you are under the age of 23, we will report you to the Referral Index if the practitioner is of the opinion that you are at risk. We do not mention anything about why you receive our care or what you discuss with us. If you also receive help from another care provider, we will be informed of this so that we can work together and share data. We will always discuss this with you first. More information about this can be found on the website of the Association of Dutch Municipalities (Vereniging van Nederlandse Gemeenten, VNG).
- Other healthcare providers, referrers, general practitioners, other specialists. We receive data from other healthcare providers if they refer you to us, or if we request additional information from them about your health. For the latter we ask for your permission.
- Sometimes we work together with researchers from other organizations for scientific purposes. We only ever provide them with pseudonymised data, meaning that the data cannot be traced back to you. We also make proper contractual agreements, concerning among other things what exactly they are allowed to do with the data, that they also must keep the data secret, and that they must properly secure the data. We usually ask for your permission before participating in research. We can only do this without permission if there is an exception in the law why this is not necessary.
- If you do not pay our invoice (on time), we can engage a collection agency. In such cases we will provide them the necessary information to collect the invoice. We do not have to ask for your permission for this data exchange, due to the fact that it is necessary in order to properly execute the treatment agreement.
9. Questions about privacy – external (business) relationship such as referrer or supplier
What kind of personal data of mine do you use?
- Your contact details, such as your name, gender, (work) address, email address, and telephone number.
- The organization you work for.
For what purposes do you use my data?
- To keep in touch with you with regard to our outstanding contract. In some cases we will contact you to ask if you are interested in attending an information meeting or anything of the likes. You can unsubscribe from this type of contact via privacy@mentalcaregroup.nl.
10. Questions about privacy – family or (legal) representative of client
What kind of personal data of mine do you use?
- Your contact details, such as your name, gender, date of birth, address, email address, and telephone number.
- Information about your upbringing, childhood, contact with the family, education level, profession, and employment.
For what purposes do you use my data?
- To keep in touch with you. Sometimes the contact is necessary because of the treatment of your (foster) child or family member. In other cases we might contact you to ask if you are interested in informational or evaluation meetings. You can unsubscribe from this type of contact via privacy@mentalcaregroup.nl.
- In order to be able to provide good care and guidance to your child or family member, we need background information about the parents and we would like to know if there are any (step) brothers or (step) sisters. This is because family life is (or has been) an important part of the life of your child or relative.
- To check whether you have custody of your (foster) child. We check this in the “gezagsregister”.