Privacy Policy

Introduction

philtewblh B.V. ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you visit our website at philtewblh.top and use our dermatology services.

As a healthcare provider operating in the Netherlands and the European Union, we comply with the General Data Protection Regulation (GDPR) and all applicable data protection laws. This policy applies to all personal data we process in connection with our services.

Data Controller

philtewblh B.V. is the Data Controller responsible for your personal data. Our contact details are:

Data Collection and Types of Information

The data we collect includes personal information that you provide directly to us and information that is automatically collected when you use our website and services. We collect the following categories of personal data:

Personal Identification Information

• Full name and contact details (address, phone number, email)
• Date of birth and age
• Government identification numbers (when required for healthcare services)
• Emergency contact information

Medical and Health Information

• Medical history and current health conditions
• Skin condition details and symptoms
• Treatment records and progress notes
• Medication history and allergies
• Photographs of skin conditions (with explicit consent)
• Test results and diagnostic information

Website and Communication Data

• IP address and device information
• Browser type and operating system
• Website usage patterns and preferences
• Cookies and similar tracking technologies
• Communication records (emails, phone calls, messages)

Financial Information

• Insurance information and coverage details
• Payment method and billing information
• Transaction records and payment history

How We Use Your Information

We explain how we use your information in this section to provide transparency about our data processing activities. The use of your data is essential for delivering quality healthcare services and maintaining our professional obligations.

Healthcare Service Delivery

• Providing medical consultations and dermatological treatments
• Diagnosing skin conditions and developing treatment plans
• Monitoring treatment progress and adjusting care as needed
• Coordinating care with other healthcare providers when necessary
• Maintaining accurate medical records for continuity of care

Communication and Administration

• Scheduling and confirming appointments
• Sending appointment reminders and follow-up communications
• Responding to your enquiries and providing customer support
• Processing payments and managing billing
• Sending important health information and treatment updates

Legal and Regulatory Compliance

• Complying with healthcare regulations and professional standards
• Maintaining records as required by medical licensing authorities
• Reporting to health authorities when legally required
• Defending legal claims and protecting our rights

Service Improvement

• Analysing website usage to improve user experience
• Conducting quality assurance and service improvement initiatives
• Training staff and maintaining professional standards
• Developing new treatments and services (with anonymised data)

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Vital Interests: Processing necessary to protect your vital interests or those of another person, particularly in emergency medical situations.
• Legitimate Interests: Processing necessary for our legitimate interests in providing healthcare services, improving our services, and operating our business, provided these interests do not override your fundamental rights.
• Consent: Where you have given explicit consent for specific processing activities, such as marketing communications or photography for treatment documentation.
• Legal Obligation: Processing necessary to comply with legal obligations, including healthcare regulations and professional requirements.
• Contract Performance: Processing necessary to perform our contract with you for the provision of healthcare services.

Data Sharing and Third Parties

We may share your personal data with the following categories of recipients when necessary for the purposes outlined in this policy:

Healthcare Providers

• Specialist doctors and consultants for referrals
• Laboratories for diagnostic testing
• Other healthcare professionals involved in your care
• Your general practitioner (with your consent)

Service Providers

• IT service providers and cloud hosting companies
• Payment processors and financial institutions
• Insurance companies (for claim processing)
• Professional advisors (lawyers, accountants, auditors)

Regulatory Authorities

• Dutch healthcare regulatory bodies
• Professional licensing authorities
• Public health authorities (when legally required)
• Law enforcement (when legally compelled)

Data Retention

We retain your personal data for different periods depending on the type of information and the purpose for which it was collected:

• Medical Records: We retain medical records for 15 years after your last consultation, in accordance with Dutch healthcare regulations.
• Financial Records: Payment and billing information is retained for 7 years for tax and accounting purposes.
• Website Data: Website usage data and cookies are typically retained for 2 years unless you withdraw consent earlier.
• Communication Records: Email and phone communication records are retained for 3 years for quality assurance purposes.
• Marketing Data: Marketing preferences and communication history are retained until you withdraw consent or request deletion.

After the retention period expires, we securely delete or anonymise your personal data. In some cases, we may retain data longer if required by law or for legitimate business purposes, such as defending legal claims.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request access to your personal data and receive information about how we process it. You can request a copy of your medical records and other personal data we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data. For medical records, corrections will be made as amendments to preserve the integrity of your medical history.

Right to Erasure

In certain circumstances, you can request deletion of your personal data. However, this right may be limited for medical records due to legal and professional obligations to maintain healthcare records.

Right to Restrict Processing

You can request that we limit how we process your personal data in specific circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another healthcare provider.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time. This will not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have violated your privacy rights.

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer your personal data outside the EEA, we ensure adequate protection through:

• Transfers to countries with adequacy decisions from the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules for multinational service providers
• Your explicit consent for specific transfers

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Staff training on data protection and security
• Secure disposal of physical and electronic records
• Business continuity and disaster recovery plans

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website usage. For detailed information about the cookies we use, please refer to our Cookie Policy.

You can control cookie settings through your browser preferences and our cookie consent banner. Disabling certain cookies may affect website functionality.

Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:

• Email notification to your registered email address
• Prominent notice on our website
• Direct communication during your next appointment

We encourage you to review this policy regularly to stay informed about how we protect your personal data.

Contact Information

If you have any questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your personal data, please contact us using the following methods:

Regulatory Information

philtewblh B.V. is registered with the Dutch healthcare authorities and operates under the supervision of relevant regulatory bodies. Our data processing activities are conducted in accordance with:

• General Data Protection Regulation (GDPR) - EU 2016/679
• Dutch Implementation Act GDPR (UAVG)
• Dutch Healthcare Quality, Complaints and Disputes Act (Wkkgz)
• Medical Treatment Contracts Act (WGBO)
• Professional standards for dermatological practice in the Netherlands