At OpenUp, openness and transparency are part of our core values. That is why we also want to be open and transparent about how we handle your personal data. Your privacy is always our top priority. Your data is safe with us and we will use it wisely.
In case you visit our website, chat with us, call with us or have a conversation with one of our psychologists, you are sharing your personal data with us. In this way we can be of service in the best possible way. We consider it important that you know what happens to your data in these occasions.
The last changes were made on August 1, 2021.
Who is responsible for processing your personal data?
OpenUp B.V. (“OpenUp”), having its registered office at Nieuwe Herengracht 47 in Amsterdam and registered with the Chamber of Commerce under number 77340159, is responsible for processing your personal data.
For Example: (potential) clients, visitors to the practice, visitors to the website, participants in meetings of the practice, job applicants and all other persons who contact us or whose personal data we process. OpenUp employees are excluded.
What is personal data?
Personal data refers to any data that can be traced back to you as a person. The most basic personal data are your name, phone number, address or e-mail address. In addition, all other data you that can be traced back to you and which are relevant to your contact with OpenUp are considered as personal data. Examples are your request for help, information about your personal situation, or the results of your health check.
What personal data do we process?
At OpenUp, we process your data for different purposes
We may process the following data:
- Your first and your last name
- Email address
- Telephone number
- Information about your personal/medical situation, including your request for help
- The results of your health check
- Your BSN (only if the use of OpenUp’s services is covered by the additional insurance of your health insurance company instead of by your employer)
- Any other personal data you share with us
For what purpose and on what basis do we process your personal data?
We process the above data in order to execute the treatment agreement between you and OpenUp and to handle any invoices for our work.
The treatment agreement comes into effect when you ask one of our psychologists for help. This agreement does not have to be in writing. The treatment agreement is therefore implicitly established when you ask for medical or other assistance or make an appointment by chat, telephone or video call.
The basis for processing these personal data is layed down in article 6 paragraph 1 sub b of the AVG: the processing is necessary for the performance of the agreement between you and OpenUp.
Insofar as the above data are medical data, your data will only be processed based on the treatment agreement we have concluded with you, in accordance with Article 9(2)(h) of the AVG.
We also process your above contact details to keep in touch with you, provide you with information or to invite you to meetings. The basis for processing this personal data is Article 6 (1) (f) of the AVG: we have a legitimate interest in processing this personal data. Without these data we cannot offer any of our services to you.
How do we obtain your personal data?
We process personal data that comes to us through various means. This may be when:
- You personally – during a conversation, meeting or by telephone – share your personal details with us, think of your contact details, information about your medical condition or other personal data.
- You share digital data with us – during an online consultation or via e-mail, chat or web forms on the website – such as your contact details, information about your medical condition or other personal data.
- With your permission, we request information from or share it with other care providers or referrers.
- We obtain information during your visit to the OpenUp website. For example, your surfing behavior, including data about your first, last and current visit, which pages you view, how you navigate through the site and which parts you click on.
How do we protect your personal data?
OpenUp takes measures to protect your personal data, both technically and organizationally. We are constantly alert to this, so that your data are processed carefully. We do this by:
- Taking appropriate measures so that your personal data are safe, given the possible risks.
- Ensuring that all OpenUp staff who have access to your personal data comply with confidentiality requirements. All of our practitioners are subject to strict professional secrecy. They and the other OpenUp staff members are also contractually bound to secrecy.
- Usernames and passwords are set on all our systems. We regularly test these systems for their functionality and robustness.
- Where possible, to anonymize or pseudonymize your personal data, in order to guarantee your privacy in the event of an emergency.
What are our rights and obligations when processing your personal data?
The law is strict, so we strictly adhere to it. OpenUp always processes your personal data on one of the following legal grounds:
- We have received your permission. You always have the right to withdraw this permission. This does not affect the lawfulness of the processing of your data, based on the consent you gave before withdrawing it.
- We have agreed on a treatment contract. To execute this contract, the processing of your personal data is necessary, as well as for the possible declaration of incurred costs – for example, to the health insurance.
- We have a legal obligation, such as the obligation to maintain a medical file or to register your BSN, if the use of the services of OpenUp is reimbursed by your health insurance company.
- We have a legitimate interest, such as using your contact information so you can be invited to a meeting or webinar.
Who do we share your data with?
OpenUp may share personal data with the following parties:
- With you as a client or your legal representative, in case we have concluded a treatment agreement.
- Employees of OpenUp directly involved in the treatment of you as a client. But only to the extent that the data are necessary for the performance of their work.
- Employees of OpenUp who are involved in administration and conducting research to improve our treatment approach. Our researchers only have access to personal data that is anonymous or pseudonymous.
- Subsidiary companies of OpenUp. These are iPractice Holding B.V., iPractice Zorg B.V., iPractice Software B.V. and OpenUp GmbH.
- Health insurance companies, to the extent necessary. This concerns any obligations from current or future insurance agreements. Health insurance companies will never have access to the content of your treatment.
In addition, we may engage other service providers (“processors”) to process your personal data. In these cases, they will work exclusively in accordance with the instructions and guidelines of OpenUp. We have concluded a processing agreement with these processors that meets the requirements of the General Data Protection Regulation (GDPR). An overview of our processors can be found below:
- 24sessions (booking appointment and video calling)
- Microsoft Azure (hosting data of medical records)
- LiveChat (if chatting without an appointment)
- Google (for analysis of website visits and e-mail contact)
- Voys (for direct telephone contact through the website)
Your personal data will only be shared with other parties if there is a basis for doing so. We never share your personal data with your employer. We also never share your information with third parties for commercial purposes without first asking your permission. In that case, only necessary contact details will be shared.
We recommend that you also read the privacy policies of the above parties.
Where do we store your data?
We store your data on servers located within the European Union. In principle, we never transfer personal data to countries outside the EU. Should this nevertheless be necessary, for example because an external service provider is located elsewhere, we will take all appropriate measures to ensure the protection of your data as best as possible, in accordance with the provisions drawn up by the European Commission in this regard and in line with the General Data Protection Regulation (GDPR).
How long will your data be kept?
We like to get to know you, but never keep your personal data longer than necessary. In doing so, we take the following retention periods into account:
We keep these for fifteen years after the end of our treatment agreement. This is laid down in the Medical Treatment Agreement Act (WGBO).
Medical information shared during an online consultation, which we link to your medical file
This information will be kept for fifteen years after the end of our treatment agreement. This is so laid down in the Medical Treatment Agreement Act (WGBO).
Personal & chat data that are shared during online consultations
We only keep these data for the duration of the treatment.
Financial and administrative data
We keep these for seven years after the data was recorded.
Data of employees and freelancers, other than (financial) administrative data
These data will be retained for seven years after leaving employment or after the end of the contract for the assignment. A copy of your passport will be kept for five years and other data from your personnel file will be kept for two years.
We keep these data for four weeks after completion of the application process, unless we have asked your permission to keep them longer. In that case it will be for the maximum period of one year.
Visitors to the website
We keep these data for two years after the last visit to the website. It is possible to object to that. In that case we will destroy these data.
What about cookies and other technologies on the website?
Above all, we are a mental health care provider. We use our website mainly to share information and to be able to reach you as a (future) client.
How can you see, change or delete your personal data?
If you have any questions or would like to know what personal data we hold about you, you can always contact us at email@example.com.
Amongst other things you can:
- Get an explanation about what personal data we have and what we do with it;
- get access to the exact personal data we hold;
- exercise your right to receive data from us so that you can transfer it (data portability);
- have errors corrected;
- have outdated personal data removed:
- withdraw consent given by you: and/or
- object to a certain use of personal data.
More specifically, your psychologist can always show you the data contained in your file, if you ask for it. Your therapist may also share a copy of your file with you. If you would like to see your file or receive a copy from us, please send us your request by email to firstname.lastname@example.org. If you believe that the personal data in your file is factually incorrect, you can ask your therapist to correct it.
If you wish to have your personal data removed before the expiration of the retention period we have indicated, you may also send us a request to that effect by e-mail (email@example.com). In most cases, we will comply with your request and remove your personal data as soon as possible. There are exceptional situations in which we cannot comply with your request to delete your file. An example is when so-called ‘good care’ prevents this. Think of information that is so crucial to the treatment, that we can no longer provide you with good care after its destruction.
The right to lodge a complaint
If you have a complaint about the way we process your personal data, please send us an email to firstname.lastname@example.org, or discuss it directly with your therapist. We will be happy to help you and will of course try to resolve any complaints to your satisfaction. It is also possible to submit a complaint to the Dutch Data Protection Authority.
Still have questions?
You can ask your question to us by mail at email@example.com, or directly to your therapist. We are happy to help you, whatever your question is!