Privacy Statement

Privacy Statement JansApp

I. General

I.1 JANS HUISARTSEN

This JansApp privacy statement has been drawn up for the benefit of the general practices of Jans Huisartsen, which are:

  1. Jans Huisartsen Rotterdam Kralingen BV
  2. Jans Huisartsen Rotterdam Centrum BV
  3. Jans Huisartsen Rotterdam Zuidplein BV


Each of these practices will be independently referred to as ‘Jans Huisartsen’ in this privacy statement.

I.2 Data Controller

Jans Huisartsen Rotterdam Kralingen BV has been appointed within the group of the above-mentioned companies to determine the purposes and means for which, and on the basis of which, personal data are processed by the general practices of Jans Huisartsen within, or through the use of, the JansApp.

Jans Huisartsen is therefore to be considered as the data controller which regards to the General Data Protection Regulation (GDPR) and with respect to the use of, and the processing within, the JansApp, by the patients of the general practices of Jans Huisartsen.

The contact details of Jans Huisartsen Rotterdam Kralingen BV are:


Address: Struisenburgstraat 46, 3063 BR Rotterdam

Telephone: 010-3116010

Email: info@janshuisartsen.nl

KVK: 81943938

AGB: 01009638


Hereafter, Jans Huisartsen Rotterdam Kralingen BV will be referred to as ‘Jans Huisartsen RK’.

I.3 Duty to Inform

Jans Huisartsen RK – as data controller – has the obligation to inform the individuals whose personal data Jans Huisartsen processes about how and why these processing operations take place. Jans Huisartsen RK fulfils this duty to inform through this privacy statement with regards to the data processing that takes place when using the JansApp.

I.5 Changes

This privacy statement was established on @ June 2023. Jans Huisartsen RK may adjust this statement in the future. If Jans Huisartsen RK adjusts this statement, the amended privacy statement will be published on the website of Jans Huisartsen (www.janshuisartsen.nl), indicating the date of when the changes take effect. If there are changes that could significantly affect one or more individuals, Jans Huisartsen RK will do its best to also directly inform those individuals.

II. JansApp

The purpose of the JansApp is to provide an accessible platform that allows patients to contact the practices of Jans Huisartsen for health-related and non-health-related inquiries.

Use of the JansApp is voluntary and is only possible if you have given Jans Huisartsen permission to process your personal data, including that data related to your health and information shared via the instant messaging service. You will be asked for consent before using the JansApp.

If you do not wish to use the JansApp, that is no problem. It is strictly voluntary. You can also reach Jans Huistartsen by telephone.

The JansApp serves as a means:

  1. to easily establish digital contact with Jans Huisartsen for non-health-related inquiries;
  2. to provide digital care to you, if this care can be provided digitally.

The relevant (non-)health-related data that you provide via the JansApp are stored in our Huisartsen (General Practitioner) Information System (HIS) and the conversation history in the JansApp is also kept for one month before it is deleted. When providing care to you, the data in the HIS will always remain leading.

The JansApp is not intended to provide complex digital care that can be better provided physically in one of the practices. In the case of complex care, you will be asked to come to one of the practices of Jans Huisartsen for a physical consultation.

III. Purposes and Means

Jans Huisartsen processes your personal data for the purposes and with the means listed below if:

  1. you create an account for the JansApp;
  2. you use the JansApp; and
  3. your data is transmitted through the JansApp.

In this section of the privacy statement, the following terms have the meaning as indicated below:

Account Holder: a registered patient of Jans Huisartsen who has created an account in the JansApp;

Data Subject(s): the (categories of) data subject(s) as mentioned in the privacy statement.

Message: a message sent via the JansApp, which may contain words, photos, videos and/or voice memo attachments.

Special Personal Data: personal data about health, medical data, genetic data, data about sexual activity or sexual orientation, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, the processing of biometric data for the purpose of uniquely identifying a natural person, and potentially sensitive family and financial information included in a message;

Third Party: a an indirect person who is not a registered user, such as your (minor) child, life partner, family member or housemate;

Personal Data: all information relating to a Data Subject, not being Special Personal Data, included in a message.

If you use the JansApp, your personal data may be processed for the following purposes and using the following means by us:

A. Purposes and Bases

PurposeBasis
1Creating an account for you in JansApp
  • Performance of contract
2Communication between Jans Huisartsen and the user by sending messages via JansApp in the context of care and non-care related questions
  • Consent
3Recording (Special) Personal Data – communicated by you via Messages – in the HIS and/or CRM system of Jans Huisartsen
  • Legal obligation
4Providing Jans Huisartsen with aggregated management information about the use of JansApp
  • Legitimate interest
5The security, control, and prevention of abuse and improper use, and the prevention of inconsistency and unreliability, of the (Special) Personal Data within JansApp and the continuity and proper functioning of JansApp
  • Consent


Insofar as the basis for the processing of personal data for a purpose is based on the existence of a legitimate interest (balancing the interest of Jans Huisartsen vs. the interest of you as a user of JansApp), the legitimate interest of Jans Huisartsen or third party (per purpose) is formulated below:

PurposeLegitimate interestFrom whom?
A.4Enabling Jans Huisartsen based on aggregated information on how JansApp operates within Jans HuisartsenJans Huisartsen

B. Means

B.1 (Categories of) involved parties

Jans Huisartsen distinguishes the following groups of involved parties in the context of the processing that takes place as a result of the use of JansApp:

1Account Holder

2

 Third Party

B.2 (Categories of) personal data

Jans Huisartsen may process the following (categories of) personal data per purpose if you are going to use the JansApp.

PurposeCategories of personal data
A.1

Account Holder:

  • first name *
  • surname *
  • telephone number *
  • email address *
  • birth date *
  • Which practice they are registered with
  • opt-in *
  • agreement with terms of use *
  • login data *
  • communication regarding account creation
A.2

Account Holder:

  • all personal data included in a message
  • all special personal data included in a message
  • logging data
  • communication data
  • communication / e-consultation review: number of stars
  • communication / e-consultation review: user comment

Third Party:

  • all personal data included in a message
  • all special personal data included in a message
A.3
  • All personal data included in a message
  • All special personal data included in a message
A.4
  • aggregated management information regarding:
  • the number of closed tickets/inquiries
  • the number of outstanding tickets/inquiries
  • the response time to a message
  • average customer rating
A.5
  • all personal and special data mentioned under A1 – A.3

Explanation A.1

Part of the login data is your password. Jans Huisartsen does not have access to the password you created. This is managed in a protected and secure environment by Amazon Cognito (an independent, third-party authentication and authorisation platform for accessing apps). If you have forgotten your password, Jans Huisartsen can only indicate within that system that the procedure can be initiated to create a new password.

C. Obligation to provide personal data

The provision of certain personal data is necessary if you wish to start using JansApp. Personal data that is necessary for Jans Huisartsen to enable you to use JansApp are indicated with a * under B. If you choose not to provide this data to Jans Huisartsen, you cannot use JansApp.

D. (Categories of) recipients

The following (categories of) recipients can receive your personal data in the context of the use of the JansApp:

(Categories of) recipients
InternalExternal
  • a general practitioner
  • OneAssist BV (service provider)
  • our medical assistants
  • Amazon (Cognito and Lambda) (service provider)
  • SendBird Inc. (service provider)

E. Source of personal data

The personal data that Jans Huisartsen process from you as a customer originate from, or may originate from:

Source of the personal data
  • yourself
  • a member of the Jans Huisartsen team

F. Data retention periods

Jans Huisartsen retains your personal data for the periods below. After the expiry of these retention periods, the relevant personal data is deleted/destroyed by Jans Huisartsen.

PurposeRetention Period
A.1personal data is retained for no longer than six (6) months, counted from the day an account Holder deregisters at Jans Huisartsen, with the proviso that Jans Huisartsen delete this personal data centrally twice a year (in the first week of January and the first week of July).
A.2

Messages, logging data, and communication data in the JansApp are not retained longer than one (1) month, counted from the day the message has been sent.

Other personal data is kept as long as it is relevant and useful to Jans Huisartsen for no longer than two (2) years, counted from the end of the calendar year in which this data was obtained by Jans Huisartsen.

A3

Health data and medical data is retained for a period of twenty (20) years, counted from the moment the last change in the file of the Account Holder or Third party took place.

Other personal data is not retained longer than two (2) years, counted from the moment Account Holder or Third party deregister from Jans Huisartsen.

A.4the aggregated data is kept as long as it is considered to be relevant and useful to Jans Huisartsen
A.5the personal data is not retained longer than one (1) month after they have been obtained for this purpose, unless it is deemed necessary by a health professional to retain this personal data for longer.

The above table is based on the different purposes for which personal data is processed when using JansApp. Some personal data is processed for multiple purposes. If a particular personal data is no longer retained and will be deleted for a certain purpose, it may be the case that that personal data is still relevant for another purpose and is therefore kept in JansApp. In addition, Jans Huisartsen may also process certain personal data for purposes other than in the context of using JansApp. For example, Jans Huisartsen stores your data in the HIS and its CRM system.

Therefore, only if all of the retention periods applicable to personal data have expired, that personal data will disappear from all Jans Huisartsen systems.

IV. Transfer of personal data to SendBird

The personal data that Jans Huisartsen processes from you via JansApp is sent via, and stored and preserved on, an allocated server that is in the European Economic Area (EEA). Every message sent and received with JansApp is also stored on this server.

The way JansApp is designed and used means that Jans Huisartsen does not need support from Send bird (the technology provider of JansApp). That support is therefore not taken by Jans Huisartsen. In the event that a technical problem occurs within the infrastructure of JansApp, it does not necessarily require support and JansApp access to SendBird Korea (SendBird) to JansApp. When required, SendBird Korea provides technical support from South Korea. This means that in some cases, SendBird would get access from South Korea to the technical part of JansApp. Each time, Jans Huisartsen will have to actively provide SendBird with limited access to JansApp on a one-off basis, with SendBird only receiving a ‘view-only mode’ access to that part of the JansApp environment. SendBird Korea can then only see what is happening and cannot change, adjust, or delete users’ personal data.

SendBird Korea would not gain access to the content of the messages when providing this – infrequent – technical support to Jans Huisartsen. Nonetheless, this does not prevent SendBird from potentially gaining access to other personal data than the personal data in the messages. For that reason, in those incidental cases, access by SendBird Korea in the JansApp environment in the context of support could be considered a transfer of Personal Data to South Korea (and thus outside the EEA).

An adequacy decision exists for the transfer of personal data to South Korea. This means that the protection of your personal data in South Korea is considered equivalent to the protection provided by the GDPR and is therefore deemed to have an adequate level of data protection.

V. Processing based on your consent

Jans Huisartsen processes your personal data within the JansApp, among other things, on the basis that you have provided Jans Huisartsen your consent for those processes. You have the right to withdraw this consent at any time. Withdrawal of your consent can be done via JansApp or via email (privacy@janshuisartsen.nl).

If you withdraw your consent, Jans Huisartsen will no longer process your personal data for the purpose for which you had given consent. The withdrawal of your consent does not affect the legality of the processing of your personal data prior to the withdrawal of your consent.

You also have the right to stop using the JansApp at any time and remove it from your phone or tablet.

VI. Personal data of Third Party

It is possible that you provide personal data of someone other than yourself to Jans Huisartsen via the JansApp. Jans Huisartsen assumes that in that case:

  1. you are the parent or guardian of that person (the Third Party) and that person is under the age of 16; or
  2. you have obtained this person’s consent to provide the personal data concerning him/her/they to Jans Huisartsen.

If it turns out that you are not the parent or guardian of the relevant person and/or this person is older than 16 years, or that you have not obtained prior consent from this person, Jans Huisartsen – after first warning you – is entitled to deny you the use of the JansApp (temporarily).

VII. Older than 16 years

The use of the JansApp is only permitted by patients of Jans Huisartsen who are 16 years of age or older. When creating an account for the JansApp, Jans Huisartsen checks the age of the user. If the age noted at registration is younger than 16 years, then no user account will be provided by Jans Huisartsen.

VIII. Automated decision making

JansApp does not use fully automated decision-making processes with respects to your care.

IX. Your rights as a data subject

As a user of the JansApp, you have the right at all times to the processing of your personal data by Jans Huisartsen including:

  1. have Jans Huisartsen show you the personal data that it processes from you (right of access);
  2. have your personal data rectified if they are incorrect (right to rectification);
  3. have your personal data erased (right to erasure/right to be forgotten);
  4. restrict the processing of your personal data (right to restrict processing);
  5. object to the processing of (some of) your personal data (right to object);
  6. have your personal data provided by Jans Huisartsen, or have your personal data provided to another data controller (right to data portability).

The above rights are derived from the GDPR. These rights do not always apply. The exercise of some rights must be based on specific circumstances. Jans Huisartsen refers to Articles 15 to 18, 20, and 21 of the GDPR for these specific circumstances.

If you would like to exercise your rights, you can send a message via the JansApp or an email to Jans Huisartsen RK (privacy@janshuisartsen.nl) describing which right you are exercising and which personal data the request pertains to.

In the case you send an email to Jans Huisartsen RK exercising any of the aforementioned rights, you may be asked to identify yourself. The reason for this is that Jans Huisartsen RK needs to be certain that they are indeed providing (or otherwise processing) the personal data at the request of the person making the request. Only if it reasonably cannot be done otherwise, we may ask you to identify yourself with your official identification document.

If Jans Huisartsen RK does not honour a request from you to exercise one of the above rights, Jans Huisartsen will explain in writing why it cannot or will not do so.

X. Complaints

If you have a complaint about the way Jans Huisartsen handles your personal data, Jans Huisartsen would like to try to resolve the matter with you first. You can contact us via JansApp, email (privacy@janshuisartsen.nl), or by telephone (010-3116010).

However, you have the option to file a complaint directly with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) or the Stichting Klachten & Geschillen Eerstelijnszorg (SKGE).

We're here
for you.

Pages

Information

©2023 Jans Huisartsen, All rights reserved

Design Gabriele Ibelings & Objekt Studio
Development Dijs Media

Menu

Rotterdam Kralingen
Struisenburgstraat 46
+31 10 311 6010

Rotterdam Centrum
Vasteland 22
+31 10 318 8100

Menu

Rotterdam Kralingen
Struisenburgstraat 46
+31 10 311 6010

Rotterdam Centrum
Vasteland 22
+31 10 318 8100