Privacy statement
I take your privacy seriously. That is why I assessed and charted which of your data I collect and use and what measures I take to ensure this personal data is treated with confidence and with due care.
Processing of your data
In a register I recorded which data activities need to take place to enable me to treat you optimally and to meet my other responsibilities as self-employed Ayurvedic practitioner. The main activity is the compilation of a (legally required) client file, but there are more. Outlined below are a few aspects of these activities, in order to make it more transparent what goes on behind the scenes.
Types of processed data
- Contact details (name, address, telephone number, email address)
- Client file data (information regarding your health and other data relevant for therapy that emerge during anamnesis, consultations and treatments)
- Data for invoice (name, address, date of treatment, brief description of the treatment, consultation fee)
Purpose of processing
- Arrange appointments; exchange data. Allowing us to get in touch and share information relevant for setting time and date and for proper treatment
- Compile your file; establish and execute treatment plan. Enabling me to give you the care that you deserve and that your situation requires.
- Generate an invoice. So I can live up to my responsibilities regarding financial administration.
Legal basis of processing
In other words: the grounds for processing your data. These are mainly the WGBO (Medical Treatment Agreement Act), the BW (Civil Code) and the treatment agreement. Additionally potential handling of complaints is regulated by the WKKGZ (Healthcare Quality, Complaints and Disputes Act) and the AVG (GDPR – General Data Protection Regulation). For certain types of processing I will ask your explicit consent.
Note: as AyurJoya is founded and registered in Holland, the company operates according to Dutch law and regulations. Therefore the Dutch abbreviations are mentioned above.
Access to your data
In the capacity of Ayurvedic therapist I am the only one who accesses the data in your client file. I am bound by the obligation of professional secrecy. During potential peer review or confidential consultations with colleagues your details will be subject to pseudonymisation.
Which external persons and companies will receive data?
Essentially none. In case there arise practical reasons during our collaboration for sharing your details with third-parties, I will ask for your consent first. This might be the case when it is desirable that a distributor sends herbs directly to your address, or when a colleague-practitioner substitutes in my absence.
Retention period of the data
Your client file has to be retained 15 years after your last consultation or treatment. The retention period for administrative information (including invoices) is 7 years.
As mentioned above, the data processing is mainly based on legal obligations and the treatment agreement that you will receive at the beginning of our collaboration. A few activities, especially the ones in which details would be shared with third-parties without anonymisation, will only occur when I have received your explicit permission to do so. If such an occasion arises, I will ask you for your consent.
I briefly want to bring your attention the possible future newsletters of AyurJoya. I will only use your contact details if you checked the opt-in for receiving newsletters on your intake form. Of course you can withdraw this consent at any moment. You can send an email to do so.
Careful management of your data
I make efforts to assure your privacy. This implies that I handle your personal and health details carefully. With this aim I documented the risks of data leakages and how I can minimize these risks within reasonable limits in a privacy protocol.
Here are a few of the precautions I have taken to prevent data getting lost and to prevent unauthorized access to your details.
- When data is send by mail, like invoice, intake form or questionnaire, AyurJoya uses webmail provided by a Dutch IT-company. They operate according to the AVG. There also is a data processing agreement (DPA) concluded with this company.
- You will not be requested to send details via AyurJoya.com, nor is it possible to send an email via this site, which makes it free from risks of data leakage. In addition to that the website has an SSL-certificate. Which means that there is an https-connection, assuring potential data to be sent encrypted.
- AyurJoya.com does not contain any ‘plug-ins’. There is no embedded content either. Neither is it possible to leave comments, publish or edit an article or to log in to this site. According to the standard privacy statement that came with this theme, there are therefore no cookies. I checked this for you (chrome://settings/content/cookies) and it indeed seemed to be the case.
- Electronic storage of your details and client file will only happen locally on hard disk memory secured with a password, not ‘in the cloud’. A backup will be made monthly.
- Paper documents and electronically stored data and files will be stored in a locked place which only I can unlock.
Your rights
As interested party you have several rights when it comes to processing of your personal details.
Access, rectification or erasure of your personal data
You have the right of access, rectification or erasure of your personal data. If you want to make use of these rights, please send a request by mail (info@ayurjoya.com).
Right of complaint
In the event that you disagree with how your data is handled, please do not hesitate to contact me. Hopefully we can work out a solution together. If that is not the case, you can file a complaint. Want to know how? Contact the Dutch Data Protection Authority (https://www.autoriteitpersoonsgegevens.nl) for more details.
In conclusion
I hope this gives you enough insight in the way AyurJoya handles your privacy. If there are any remaining questions, please let me know!
Miranda,
Ayurvedic practitioner & owner of AyurJoya