Privacy policy, terms of use, and protection of patients personal data
1. Protection of patients personal data
Oogcentrum Medipolis is the trading name of Center for sight – Dr. E. Mertens NV, with company registration number BE 0553.942.551 (hereinafter referred to as “the Company”). The Company defines the purposes and means of processing all personal data and acts as the sole data controller under the General Data Protection Regulation (GDPR).
The “GDPR” (General Data Protection Regulation) is the European privacy legislation that took effect on May 25, 2018. In accordance with data protection legislation, we ask you to take a moment to review the main points of the privacy policy for patients. This policy describes how we use the data and outlines your rights as a patient regarding data protection.
Who is responsible for processing patients’ personal data?
The data controller is Center for sight – Dr. E. Mertens NV, the Company.
Whose data is processed?
The collection and processing of personal data apply to all patients of Oogcentrum Medipolis, which is the Company. Personal data concerning health is collected from the patient by independent practitioners and/or employees of the Company unless another collection method is required based on the processing purposes or the patient is unable to provide the data.
What data is processed?
The Company processes the following personal data of patients:
- Identification data, including the national registry number
- Financial and administrative data related to admission and billing, including health insurance membership
- Medical, paramedical, and nursing data, organized into the following modules:
- Medical module
- Nursing module
- Paramedical module
- Medication dispensing module
- Social data (e.g., email address)
- Other data necessary for the execution of purposes defined or imposed by law (judicial data).
On what legal grounds is the processing of personal data possible?
Physicians and staff working for the Company may only process personal data if it is legally permissible. The processing of patients’ personal data is possible, among other things, within the framework of:
- The provision of healthcare services
- The law on mandatory insurance for medical care
- Legal proceedings
What are the data processing objectives within the eye center?
Within the limits of this legal framework, the processing of patients’ personal data within Oogcentrum Medipolis, the Company, aims to achieve one or more of the following objectives:
- Patient care: performing preventive medicine or making a medical diagnosis, providing (medical, paramedical, nursing, and social) care or treatment to the patient or a relative, or managing health services in the patient’s interest.
- Patient administration: tracking and treating patients for billing purposes.
- Patient registration: recording patients’ medical data for internal purposes imposed by authorities, as well as for research and policy purposes.
- Medication management: processes related to the prescription and dispensing of medications.
- Complaint management: recording patients’ personal data and/or their representatives to mediate in handling complaints.
- Care quality: collecting and processing all data related to the medical and paramedical diagnostic and therapeutic practices administered to patients to improve care quality.
- Scientific registration: recording (medical) data for epidemiological, scientific, and/or administrative purposes, with objectives related to research, education, or objectives imposed by federal or regional authorities.
Who receives your personal data?
Only healthcare providers, such as physicians and Company staff involved in your treatment, have access to your health data—and only to the data strictly necessary for each category of healthcare provider. All our providers are bound by professional secrecy. The following categories of recipients are authorized to receive patients’ personal data:
- Insurance institutions, as required by law or with the patient’s consent.
- National Institute for Health and Disability Insurance (NIHDI), as required by law or with the patient’s consent.
- Patients or their representatives, within the limits defined by the Act of August 22, 2002, concerning patients’ rights.
- Public authorities authorized by a government decision.
- External healthcare providers treating the patient within the framework of patient care as outlined in Article 6 of this Privacy Policy.
- Other entities, as required by law or with the patient’s consent.
- The professional liability insurer of the Company or the practitioner appointed by the Company, without the patient’s consent, when necessary to defend a legal right or for the establishment, exercise, or substantiation of a legal claim.
Security procedures
The Company takes all necessary measures to ensure the accuracy and completeness of the collected data. Furthermore, appropriate technical and organizational measures are taken to secure patient records against loss or data degradation and to protect against unauthorized access, alteration, or disclosure, including pseudonymization and procedures for testing, assessing, and evaluating the effectiveness of security measures.
How long is your data retained?
In compliance with legal requirements, starting from the last patient treatment, the Company retains identifiable personal data for a minimum duration of:
- 30 years for medical data.
- 7 years for billing data from patient records used as accounting evidence and duplicates of issued certificates, individual invoices, and consolidated invoices.
Once the retention period has expired, the relevant personal data is removed from the files and destroyed within a period of one year.
Effective date and amendments
This Privacy Policy has been in effect since May 25, 2018. The Company reserves the right to modify its Privacy Policy at any time. Changes are made by the Company and, where relevant, relate to health data.
2. Privacy policy and terms of use of the website
www.medipolis.be is owned by Center for sight – Dr. E. Mertens NV (hereinafter referred to as “the Company”), with company registration number BE 0553.942.551, and processes personal data in accordance with the applicable privacy legislation, including the Belgian Act of December 8, 1992, on the protection of privacy in relation to the processing of personal data.
Permission to process personal data
You are free to visit our site, obtain information about our products and services, review the latest news, or learn about our new services without providing your personal information.
If you choose to provide us with your personal information, we will process it confidentially in accordance with current provisions and applicable national and international regulations.
By providing your personal data to www.medipolis.be, you expressly authorize us to process this information for the purposes listed below.
Processing purposes
The Company values your privacy. Although most information on this site is available without requiring personal data, the user may be asked to provide personal information.
If you provide us with your personal information, it will be included in our files and processed. This information will only be used:
- In our communication with you
- To schedule an appointment
- For managing the contact file, providing product information, and conducting market studies
Legal basis of processing
Personal data is processed on the basis of Article 6.1 of the General Data Protection Regulation: (a) consent, (b) necessary for the performance of a contract, (c) necessary to comply with a legal obligation.
Insofar as the processing of personal data is based on Article 6.1(a) (consent), the customer has the right to withdraw consent at any time.
Transfer to third parties
If necessary to achieve the intended purposes, the patient/client’s personal data will be shared with other companies within the European Economic Area that are directly or indirectly affiliated with the Company or with any other partner of the Company. The Company ensures that these recipients will take the necessary technical and organizational measures to protect the personal data.
Retention period
Personal data processed for customer management will be retained for the period necessary to meet legal requirements.
Right of access, correction, deletion, restriction, objection, and portability of personal data
The customer has the right at any time to access their personal data and to correct it if it is incorrect or incomplete, have it deleted, restrict its processing, and object to the processing of personal data concerning them based on Article 6.1 (f), including profiling based on those provisions.
Additionally, the customer has the right to obtain a free copy (in a structured, commonly used, and machine-readable format) of their personal data and to have the personal data transmitted to another company.
To exercise the aforementioned rights, the customer is asked to send an email to info@medipolis.be with proof of identity (copy of ID card).
Use of cookies
During your visit to the website, ‘cookies’ may be placed on your computer’s hard drive to tailor the website to the needs of returning visitors.
Internet browsers like Internet Explorer®, Mozilla Firefox®, or Google Chrome® allow you to block the use of cookies, to receive a warning when a cookie is installed, or to delete cookies from your hard drive afterward. Please consult your internet browser’s help function for further details.
This website may also use cookies that track the pages you visit on this website to identify the products or services you may be interested in. Using these cookies and with the tools of Google’s advertising network (Google AdWords, Google Analytics, the Google Display Network, and DoubleClick), we can display advertisements for products and services you may find interesting on other websites that are part of the Google advertising network. This technology is known as ‘remarketing.’ However, these cookies do not contain personal data.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the website.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate your use of the website, compile reports on website activity for website operators, and provide other services related to website activity and internet usage.
Google may transfer this information to third parties if required by law or if such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
You can refuse the use of cookies by selecting the appropriate settings in your browser. However, please note that this may limit your ability to use certain features of this website. By using this website, you consent to the processing of your data by Google in the manner and for the purposes described above.
Direct marketing
The customer has the right to object, free of charge, to the processing of their personal data for direct marketing purposes. To do so, the user can contact info@medipolis.be.
Complaints
The customer has the right to file a complaint with the Data Protection Authority (Drukpersstraat 35, 1000 Brussels – commission@privacycommission.be).
Intellectual property rights
The content of this website, including trademarks, logos, designs, data, product or company names, texts, images, documents, etc., is protected by intellectual property rights and belongs to the Company or third parties holding those rights.
Limitation of liability
The information on the website is of a general nature. It is not adapted to personal or specific circumstances and therefore cannot be considered as personal, professional, or legal advice to the user. If you need specific or personal advice, please contact our office at 03/828.29.49 or via info@medipolis.be.
The Company makes every effort to ensure that the information provided is complete, accurate, precise, and up-to-date. Despite these efforts, inaccuracies may occur in the information provided. If the information provided contains errors or if certain information on or via the website is unavailable, the Company will make every effort to rectify this as soon as possible.
The Company cannot be held liable for any direct or indirect damage resulting from the use of the information on this website. If you find any inaccuracies in the information provided via the website, please contact the website manager at info@medipolis.be.
The content of the website (including links) may be modified, changed, or supplemented at any time without prior notice. The Company does not guarantee the proper functioning of the website and cannot be held liable in any way for poor functioning or temporary (un)availability of the website or for any form of damage, direct or indirect, resulting from access to or use of the website.
The Company can in no case be held liable, directly or indirectly, specifically or otherwise, for damages resulting from the use of this website or of another, particularly as a result of links or hyperlinks, including, without limitation, all losses, work interruptions, damage to programs or other data on the user’s computer system, hardware, software, or otherwise.
The website may contain hyperlinks to websites or pages of third parties or its partners or refer to them indirectly. The placement of links to these websites or pages does not imply any implicit approval of their content.
The Company expressly declares that it has no control over the content or other characteristics of these websites and cannot in any case be held liable for the content or characteristics of these websites or for any other form of damage resulting from their use.
Applicable law and competent courts
Belgian law applies to this website. In case of dispute, only the courts of the district of Antwerp have jurisdiction.