Privacy Policy


This privacy statement applies to all personal data, including medical data, that you provide to us orally, in writing, or digitally, for example, through a registration form, a contact form on our website, or through personal contact with our staff.


We attach great importance to your privacy and therefore exercise the utmost care in the handling and protection of your personal data. We process data in accordance with the requirements set out in the General Data Protection Regulation (GDPR) and the specific rules that apply to confidentiality and protection of medical data in the healthcare sector, such as:

  • Medical Treatment Contracts Act (WGBO)
  • Individual Healthcare Professions Act (BIG Act)
  • Quality, Complaints, and Disputes Act (Wkkgz)
  • Health Insurance Act (Zvw)
  • Long-Term Care Act
  • Healthcare Institutions Admission Act
  • Clients' Participation in Care
  • Institutions Act 2018 (Wmcz 2018)
  • Compulsory Reporting Code for
  • Domestic Violence and Child Abuse Act
  • Secure Principles in Medication Management
  • Additional Provisions for Processing Personal Data in Healthcare Act

The Grange Youth Clinic is the data controller within the meaning of the GDPR with regard to the processing of your personal data. This means that we determine which personal data are processed, for what purpose, and in what manner. We are responsible for ensuring that your personal data are processed in a fair and careful manner.

In this privacy statement, we explain what data we process, for what purposes they are used, and what your rights are under the GDPR and other relevant regulations. In addition to the GDPR, the rules of medical confidentiality continue to apply to the processing of your data.

Overview of personal data

Below is an overview of the personal data we process from you:

  • First and last name
  • Gender
  • Date of birth
  • Place of birth
  • Address details
  • Phone number
  • Email address
  • Social security number (BSN)
  • Policy number of your health
  • insurance
  • Various data about your health
  • Purpose and legal basis of the processing

We collect and retain your personal data in order to provide you with proper treatment and high-quality care and support. Furthermore, we need your data to be accountable for the quality of care (effectiveness and lawfulness) and the financial settlement of the care/treatment. The processing of your personal data may also be based on a legal obligation, such as the obligation to report a contagious disease under the Public Health Act.

Retention period

Your personal data will not be retained for longer than necessary to achieve the objectives stated above. If we have created a medical record in accordance with the WGBO regarding the care provided or the treatment, we are obliged to retain this medical record for 20 years, unless longer retention is necessary, for example, for your health or the health of your children.

Access to your record by employees
We secure your personal data against unauthorized access. Employees who do not have a treatment relationship with you and are not directly involved in the care provided generally do not have access to the medical record.

All employees within The Grange Youth Clinic are required to handle your data confidentially. These employees are subject to medical confidentiality (derivative) or are bound by a contractual obligation of confidentiality with us.

We keep a record of each individual employee, healthcare provider, or practitioner who has accessed your record ("logging"). You have the right to receive an electronic copy of this logging for a fee, so that you can see which employee, healthcare provider, or practitioner has accessed or requested your record on which date.

Provision of personal data to third parties
In accordance with medical confidentiality and the privacy rules of the GDPR, we may only provide your personal data to third parties if we have obtained explicit consent from you. Before requesting your consent, we will inform you about the purpose, content, and possible consequences of disclosing.


A cookie is a small text file that is stored on your computer, tablet, or smartphone when you first visit our website. You can opt out of these cookies by adjusting your internet browser settings to no longer store cookies. Additionally, you can also delete all information previously stored through your browser settings. For more information, please visit:

Contact and Complaints Procedure
We take the protection of your personal data and your medical records seriously. We employ appropriate measures, using the latest technology, to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized alteration.

If you believe that your data is not properly secured or there are indications of misuse, please contact our Data Protection Officer (DPO) at

You can also send a request for correction, deletion, destruction, or transfer of your records, or an objection to the processing of your personal data to this email address. Of course, you can also contact us by phone and make your request verbally.

Finally, we would like to inform you that you have the option to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) regarding the processing of your personal data by us.