Privacy Statement (GDPR compliance)
The General Data Protection Regulation (GDPR) requires Moving Balance to specifically ensure it complies in terms of protection of privacy, that only necessary personal data is recorded and kept, and that processing, access control and securitization protocols are in place to protect use (processing) of, and access to personal data.
This Privacy regulation statement provides clarity regarding the processing and use of personal data and associated material within the operational sphere of Moving Balance, based on compliance with the EU General Data Protection Regulation (GDPR).
This privacy statement applies to the following categories of individuals:
- (potential) clients
- visitors of the practice
- visitors of my website (https://www.movingbalance.com/)
- associates (supervisors, trainers etc.)
Processing of personal data
Personal data are all data that can be traced to a specific person (not to an organization, association or company). We distinguish them in ordinary and special personal data. Ordinary personal data provide factual information about a person (e. g name, date of birth, gender, nationality, Sofi-number/BSN, current address, contact details etc.). Special personal data concerns data of a sensitive nature (e.g. information related to your mental and physical health, family history etc.).
The practice collects-processes personal data:
- that the client has provided to the practice with, either in person (orally or via forms), or by
- telephone, or digitally (via e-mail or web forms on the website)
- that referrers or other care providers have submitted to the practice under the written permission of the person concerned
- via audio recordings when the client involved has signed a written permission
The practice processes personal data under the following legal grounds:
- The written consent of the (former or current) client. This permission can always be withdrawn
for the future, without this affecting the lawfulness of the processing of the data collected before
- Aiming to attend to a treatment plan and goals set in collaboration with the client
- A legal obligation, such as the obligation to keep records (according to the WGBO- The Act on the
Medical Treatment Agreement and NIP)
- A legitimate interest, such as the use of contact information for inviting a meeting or being paid
for my services.
The basis for this personal data is the agreed request for help and / or assignment.
Special personal data are stored digitally and encrypted, in accordance with the rules of the WGBO and NIP.
Provision to third parties
For example, the practice may use a third party for:
- The internet environment of the GDPR program (to safeguard the privacy of your data)
- Taking care of the invoicing
- Reporting the tax in connection with my business operations.
- Dealing with administrative tasks and referring my clients in case of death of Mattea Spatharakis or
- severe incapacity-injury to handle the tasks of the practice.
The practice never passes on personal data to other parties with whom the practice have not entered into a processor agreement. The processing agreement contains the necessary agreements to ensure the security of your personal data. Furthermore, the practice will not pass on the information provided by you to other parties, unless this is legally required and permitted. The practice will always share special personal data in accordance with the rules of the WGBO and NIP.
The practice does not store personal data longer than necessary for the purpose for which it was provided or required by law. This means:
• Psychological/medical data: at least 20 years after the end of the treatment agreement
• (financial) administrative data: 7 years after recording the data
The practice has taken appropriate technical and organizational measures to protect your personal data against unlawful processing.
Rights concerning your data
You have the right to inspect, rectify or delete the personal data that the practice has received from you (the deletion can be requested after the expiration of the “storage period” mentioned above). In any case,
the right to request any correction or removal does not apply to the findings/conclusions which are the psychologist’ s professional responsibility.
- You, also, have the right to have your data transferred by the practice to yourself or, by order of you, directly to another party. Mattea Spatharakis will ask you to adequately identify yourself before she can respond to the aforementioned requests.
- You always have the right to withdraw your consent to the practice to process your personal data in the future without this affecting the lawfulness of the processing of the data collected before the withdrawal.
If you have a complaint about the processing of your personal data, Mattea Spatharakis kindly asks you to contact her about this primarily in hope that we can come to a solution together. You always have the right to file a complaint with the Dutch Data Protection Authority, this is the supervisory authority in the field of privacy protection.
Changes to privacy statement
The practice can always change this privacy statement. A current version of the privacy statement is published on the website of the practice (www.movingbalance.com). Our network of colleagues is accountable for keeping each other updated on any important changes.
If you have any questions or comments about this Privacy Statement, please contact Mattea Spatharakis.