Privacy Statement
Version 06022025
Hartis Telezorg is responsible for the data we process in accordance with the General Data Protection Regulation. The processing of data for carrying out medical diagnostics takes place on behalf of a healthcare provider. In most cases this is your general practitioner. You have given this healthcare provider explicit permission to process your data.
Further data that Hartis Telezorg processes are client data. This care provider data is processed for the purpose of executing an agreement.
In line with current laws and regulations, Hartis believes it is important to inform you clearly about our services and additional data processing. For this reason, Hartis has designed this privacy statement.
Purpose of data processing:
Hartis Telezorg processes your data for the assessment of medical diagnostics. Your data is processed only for this purpose. Hartis will not provide your data to third parties unless Hartis has a legal obligation to do so. The data is processed within the European Economic Area (EEA).
Data type:
To perform medical diagnostics, we may process the following data:
Patient:
- Name
- Address
- Residence
- phone number
- email address
- Gender
- date of birth
- BSN
- Insured data
- Medication
- Medical indication
Hartis also processes data of children under the age of 16, this data is processed based on explicit consent of a parent or guardian.
Healthcare provider client data:
- Name
- Practice address
- Practice residence
- Gender
- AGB code
- Email address
- Phone number
- Caremail client number.
Security
Hartis has taken appropriate organizational and technical measures to prevent the loss of data or unlawful processing thereof.
Hartis works in accordance with the international and national standard for information security, better known as the NEN 7510 and ISO 27001. To demonstrate this, Hartis has been certified for this.
In addition, Hartis operates in compliance with the General Data Protection Regulation. To demonstrate this, Hartis has been certified according to the international privacy standard ISO 27701.
Rights of the data subject
As a patient, you have the right to access your personal data that Hartis processes. Besides this right you also have the possibility to correct or delete your data. If you wish to make use of these rights, please notify your care provider. Hartis acts on behalf of your healthcare provider. Your healthcare provider will process the request within four weeks of receipt.
Are you a healthcare provider and have received a request from a patient or would like to make a request for an individual within your own organization? If so, request a "Personal Data Request" form at privacy@hartis.nl. You will receive a response within four weeks of receipt.
Retention period
Hartis uses a retention period of seven calendar years for patient data, this in connection with any follow-up checks by health insurance companies. Your healthcare provider has a retention period of at least 20 years, in accordance with the Medical Treatment Agreement Act (WGBO). After seven full calendar years, the data known to Hartis will be deleted.
Customer data from healthcare providers is classified as publicly searchable information. For this reason, Hartis has not established a retention period for this.
Cookies
Our website uses only functional cookies. We have entered into a processing agreement with Google. Google may not use the data for other services. The use of a full IP address is blocked by us. We do not store any data in the cookies and in no way are the cookies placed by hartis.nl traceable to a personal identity.
Data processing contact person
Do you have any questions, comments, complaints or tips regarding the data processing carried out by Hartis? If so, please make this known to our Data Protection Officer: privacy@hartis.nl. It is also possible to submit a report or complaint to the Dutch Data Protection Authority at: https://autoriteitpersoonsgegevens.nl.
Change privacy statement
Hartis reserves the right to modify this privacy statement. The privacy statement is available online for review and can be accessed at any time to view any changes.
Certification
Data Protection and Privacy Management
The ISO 27701 certificate is an international standard for Privacy Information Management Systems (PIMS).
This means that we meet the highest standards of data protection and privacy management, providing our patients and partners with the assurance that their information will be kept safe and confidential.
Information Security
ISO 27001 certification is a globally recognized standard for information security management.
This means that we meet strict requirements for ensuring the confidentiality, integrity and availability of information. This certification gives our patients and partners assurance that their data is in safe hands with us.
NEN 7510 certificate
The NEN 7510 certificate is a Dutch standard specifically focused on healthcare information security. This certification guarantees that we are careful about the security of medical information.
At Hartis, achieving NEN 7510 certification means that we meet the highest standards for protecting patient data.
Privacy
Hartis is committed to information security and privacy of you and your patients and has therefore had its processes externally audited and is ISO 27001, ISO 27701 and NEN 7510 certified. The certificates can be downloaded for your own records.
