Privacy Statement

The controller for the processing of your personal data is:

• Psychology Practice Gerard Dekkers
• Don Carlos 9, 5629 NW Eindhoven, The Netherlands
• KvK: 73460931 · AGB: 90/24500
• NVPA: 100578 · NIP: 95352 · RBNG: 204097
• Email: info@psycholoogineindhoven.com · Phone: +31 40 248 8376

The practice is not required to appoint a Data Protection Officer; for privacy questions you can contact Gerard Dekkers directly.

Depending on the type of contact, we process the following categories of data:

2.1 For contact and the introductory call

• Name, telephone number, email address.
• A short description of the reason for contact.
• Appointment details (date, time, type of session).

2.2 During treatment

• Name and address details, date of birth, Dutch citizen service number (BSN, only if required for insurance claims).
• Details of your health insurer and, where relevant, your referring doctor.
• Health data and notes required for good care: intake information, complaints, treatment goals, progress, methods used and evaluations.
• Correspondence between you and the psychologist.

2.3 When using the website

• When filling in a (booking) form: the data you provide.
• When using the AI Psychologist / Quick Scan: your answers, any email address provided, and the contents of the chat (only to send you a summary and to improve the quality of the chat).
• Technical data such as IP address, browser type and pages visited, in order to keep the site secure and functioning properly.

• Provision of care — performance of the treatment agreement, maintenance of your file and safeguarding the quality and continuity of care.
• Scheduling and confirming appointments — including reminders by email or SMS.
• Invoicing and insurance claims — with you and, where applicable, with your health insurer.
• Legal obligations — such as the file-keeping obligation under the WGBO and the statutory retention period for invoices.
• Communication — answering questions and, if requested, sending a summary of a Quick Scan or chat conversation.
• Website improvement — anonymised analysis of usage.

The GDPR requires a legal basis for every processing operation. We rely on:

• The treatment agreement (Article 6(1)(b) GDPR) for everything needed to treat you properly.
• Legal obligation (Article 6(1)(c) GDPR) for the file-keeping obligation, tax obligations and insurance claim processing.
• Explicit consent (Article 9(2)(a) GDPR) for the processing of health data, insofar as such consent does not already follow from the treatment agreement, and for sharing information with third parties (such as your GP).
• Legitimate interest (Article 6(1)(f) GDPR) for the safe operation of the website and the prevention of abuse.

The psychologist is bound by professional confidentiality. What you share in a session stays in the consulting room. We only share your data with third parties when this is necessary for the treatment, required by law, or when you have given explicit consent. Specifically:

• Your GP or referring doctor — only with your written consent, for example via a referral or closing letter.
• Health insurer — only the data required for insurance claims.
• Substitute — during prolonged absence a colleague may stand in; the substitute is also bound by professional confidentiality.
• Bookkeeper and accountant — only invoice data, not the contents of your file.
• Supervisory authorities — when required by law or by a disciplinary tribunal.

On the basis of a conflict of duties (Article 7:457 of the Dutch Civil Code), information may be shared without consent when this is necessary to avert serious danger to you or to another person. We will discuss this with you in advance wherever possible.

We use a number of external service providers that process personal data on our behalf. A data processing agreement has been concluded with each of these parties. They include:

• The practice management software and file system used to maintain client files.
• The accounting software used to process invoices.
• Email and calendar providers used for business communication.
• The scheduling and booking tool used to plan sessions.
• The hosting provider of psycholoogineindhoven.com.
• The provider behind the AI Psychologist and Quick Scan (LeadHub), for processing chat and scan input.

We select our processors for reliability and for a level of security appropriate to (special categories of) personal data. Transfers outside the EEA are avoided; where they do take place, they are based on appropriate safeguards under the GDPR.

• Treatment file — twenty years after closure of the file, in accordance with Article 7:454 of the Dutch Civil Code (WGBO).
• Invoices and accounting records — seven years, in accordance with Dutch tax retention requirements.
• Data from the contact form and introductory calls that do not lead to treatment — at most one year.
• Chat logs of the AI Psychologist and Quick Scan results — at most twelve months, unless you ask for earlier deletion.
• Technical website log files — generally at most six months.

We take appropriate technical and organisational measures to protect your data against loss or unauthorised access. These include encrypted connections (HTTPS), two-factor authentication on systems containing file data, authorised access per employee and secure storage for paper documents. Should a data breach nevertheless occur that involves a high risk to your rights and freedoms, we will inform you and, if required, the Dutch Data Protection Authority.

psycholoogineindhoven.com places as few cookies as possible. Functional cookies are required for the basic operation of the site and are placed without consent. Analytical cookies are used only for anonymised statistics. We do not place any tracking or advertising cookies. You can always refuse or delete cookies via your browser settings.

Under the GDPR you have the following rights regarding your personal data:

• The right to access your file and the other data we process about you.
• The right to rectification of inaccurate data.
• The right to erasure (‘right to be forgotten’), subject to statutory retention obligations.
• The right to restriction of processing.
• The right to object to processing based on legitimate interest.
• The right to data portability for data you provided yourself and that is processed on the basis of consent or the agreement.
• The right to withdraw consent at any time.

You can submit your request by email to info@psycholoogineindhoven.com. We will respond in principle within four weeks. To prevent misuse we may ask you to verify your identity in a secure way.

If you are not satisfied with how we handle your data, please contact us first — we will look for a solution together. If we do not reach an agreement, you always have the right to lodge a complaint with the Dutch Data Protection Authority via autoriteitpersoonsgegevens.nl.

We may amend this statement, for example when legislation changes or when we start using a new tool. The current version is always available at psycholoogineindhoven.com/en/privacy. We will actively inform you of significant changes.