PRIVACY STATEMENT — JOS FREDERIKS
Date: 29-11-2024

‍GDPR
As of 25 May 2018, the GDPR (General Data Protection Regulation) has been in effect across the European Union and applies to all parties, including you.This privacy statement explains which personal data we process, for what purpose, and how we handle it.

Your Privacy
Jos Frederiks is committed to being transparent and responsible regarding the processing of your personal data. This privacy statement applies to all individuals who register with Jos Frederiks, including children, adolescents, their parents, adult clients, and business contacts. Some sections may only be relevant to specific groups.

We use a digital client file, supplemented with physical documentation such as intake forms, attendance lists, signed agreements, treatment plans, flip charts, and emails related to appointments.When and how you are informedUpon registration, you receive an appointment confirmation with a reference to and copy of this privacy statement. The latest version is also available on our website. By attending an intake meeting, we assume you have read and agree with the statement. You will be asked to sign a treatment agreement confirming this.

Personal data we process
We process your data either because you make use of our services or because you voluntarily provide it (e.g., via our website). This includes, but is not limited to:
- Registration date
- Full name, initials, address, postal code, residence (and parents’ info if underage)
- Country (if living abroad)Date of birth
- Citizen Service Number (BSN)
- Family structure and legal guardianship
- Phone number(s), email address
- General practitioner, insurer and policy number
- School/teacher
- Nature of the complaint or support request
- Preferred appointment times and session duration
- Attendance list, signed agreements
- Copy of ID and/or health insurance card
- Contact details for invoicing (upon consent)

For business clients: company name, address, Chamber of Commerce number, VAT number, and contact person
- Website registration. We do not intend to collect data from individuals under 16 via the website. If you suspect this has occurred without parental consent, please notify us via info@josfrederiks.com so we can delete the information accordingly.

Purpose of data processing
We are legally required (under the Dutch WGBO) to keep a medical file containing your health status, assessments, and treatments. With explicit consent, this may include sensitive data such as religion, sexuality, and legal/childcare situations when relevant to treatment.We may also collect a copy of your ID and health card, especially to verify identity or comply with reimbursement procedures. BSN numbers and ID copies are used to apply for local funding or report to municipalities.Additional purposes for data useCommunication with municipalities/SVB regarding fundingReferrals or information sharing with other care providers, employers, or legal representatives (with consent)Internal team consultations or anonymous peer reviews

Financial administration and invoicing
Data is never used beyond what is legally required or agreed upon, and only with your explicit permission when necessary.

Legal basis for data processing
‍
‍Dossier requirement (WGBO): a file must be maintained for medical purposes.

‍Retention period: 15 years from the date of each entry, extendable if necessary for chronic care.

‍Confidentiality: all staff are bound by professional confidentiality and contractual agreements.

‍Minors: special rights apply based on age and legal guardianship.Invoicing: services may be invoiced via:Infomedics (insurance-based)Municipalities (for minors)Jos Frederiks (direct or foreign clients)Invoices include details required by insurers: name, DOB, date of session, treatment code, and cost.Access to your fileAccess is limited to:Front & Back Office (Ingrid Vromans): handles administrative matters and creates digital recordsGZ Psychologist: oversees treatment plans

‍Therapists / Interns: involved in your direct care

‍Jos Frederiks: practice owner, therapist, and file administratorData protection measuresJos Frederiks applies strict safeguards to prevent misuse, loss, unauthorized access, or alteration:Paper files stored in locked cabinetsEncrypted, password-protected digital filesDaily backups and secure software updatesUse of secure email with password-protected attachmentsNo external marketing or data sharingNo unattended laptops/files — stored securelyExternal processors (with processing agreements)Access may be granted to:IT specialists and software providersWebsite developerMunicipalities and insurersInfomedics, Promeetec, accountantsSecure communication platforms (e.g., Vecozo, CRS, Negometrix)Your rights

‍Right of access: to your own data and a copy upon request, in a structured, readable format

‍Right to data portability: receive digital data to transfer to another provider

‍Right to erasure: request deletion after the 15-year legal retention or earlier with valid reason

‍Right to rectification: ensure your personal data is accurate and up to dateRight to restriction: limit processing if data is inaccurate or under dispute

‍Right to object: especially against direct marketing or when you withdraw consentSome exceptions apply (e.g., financial obligations, third-party involvement, or legal obligations).Data breach policyA data breach will be reported to the Dutch Data Protection Authority if it may pose significant risks. You will be notified if it likely affects your privacy.

Contact
‍Jos Frederiks
Woesthoeve 1, 5708 VN Helmond
Tel: 085 – 060 9596
Website: www.josfrederiks.com
‍
Contact:
Ingrid Vromans — info@josfrederiks.com
‍Ingrid is responsible for managing the processing register and breach notifications.

‍Issued in Helmond on 29-11-2024
Signed by the Management of Jos Frederiks
J.P.M. Frederiks