Privacy Statement

Privacy statement - DokterEs B.V.

Last modified: September 23, 2025

We are DokterEs B.V.
Address: Mauritsstraat 8, 5616AA Eindhoven - KvK 84962127 - BTW NL863441452B01
Phone: 040 237 7334 - E-mail: [email protected] - Website: dokteres

1. Who is this statement intended for?

For (future) patients and clients, website visitors, newsletter recipients, and other stakeholders of DokterEs B.V.

2. Who is a data controller?

DokterEs B.V. is the controller for the processing of personal data mentioned in this statement.

3. What data do we process?

• Identification and contact information (name, date of birth, address, email, phone, ID verification if required).
• Medical records (health questionnaire, medications/allergies, medical history, treatment plan, record keeping, medical photographs serving quality of care).
• Appointment and transaction information (appointment history, no-show, payment status, billing information).
• Communication and preferences (email/phone inquiries, consent to photos or newsletter, unsubscribes).
• Website/technical (IP address, cookie IDs, device/use - see separate Cookie Statement).

4. Purposes and legal bases.

• Care provision (intake, treatment, record keeping, aftercare) - performance of the treatment agreement (Art. 6(1)(b) AVG) and processing of health data for healthcare purposes (Art. 9(2)(h) AVG); compliance with WGBO.
• Scheduling, billing and administration - agreement & legal duties (including tax retention obligations; Art. 6(1)(c) AVG).
• Quality & safety (incident handling, internal audits) - legitimate interest and/or legal obligations.
• Complaint handling (Wkkgz) - legal duty and legitimate interest.
• Marketing (newsletter) - only with consent (Art. 6(1)(a) AVG) or, in the case of existing customers, via the so-called "soft opt-in" for own, similar services with easy unsubscribe option (Telecommunications Act Art. 11.7). Unsubscribing is always possible.
• Website and cookies - legitimate interest (functional/analytical within frameworks) or consent (marketing cookies). See Cookie Statement.

5. Photos and imagery.

Medical photos are kept on file for quality of care. External use (website/social media/education) is done only with separate, free and revocable consent. Revocation will not affect your treatment.

6. Retention periods

• Medical records: minimum 20 years from last change (WGBO).
• Financial/administrative data: 7 years (tax retention requirement).
• Newsletter/marketing data: until you unsubscribe or no later than 2 years after the last contact.
• Applications/general contact inquiries: maximum 6 months after completion unless you agree to longer.

7. Data Sharing.

We do not share data with third parties, except as necessary for the purposes listed above, with:

• Processors (including EHR provider, hosting/IT service providers, email/newsletter provider, payment services/collection, third-party customer service).
• Healthcare providers involved (upon medical transfer/referral, with your consent or legal basis).
• Complaint and Dispute Resolution Bodies (Wkkgz; in case of a formal complaint).
• Government agencies when we are required to do so by law.

We conclude processing agreements with processors. They may only process data on our behalf.

8. Transfer outside the EEA

We aim to process data within the EEA. If transfers take place outside the EEA, we apply appropriate safeguards (e.g. Standard Contractual Clauses) and inform you in the Cookie or this Privacy Statement.

9. Security

We take appropriate technical and organizational measures (including access management, logging, encryption where appropriate, need-to-know, periodic reviews). In case of suspected misuse or data breach, please contact us immediately at [email protected].

10. Your Rights

You have the right to access, rectification, data erasure, restriction, portability, and objection (especially to direct marketing). Where we process on consent, you can always withdraw that consent. You can exercise your rights at [email protected]. We will respond no later than one month (extendable under the AVG).

11. Newsletter & direct marketing

• We send newsletters only if you choose to do so (consent; checkbox not pre-ticked), or - if you are a client - about our own, similar services via soft opt-in with a clear unsubscribe option when specifying your e-mail and in each e-mail.
• You can unsubscribe free of charge at any time using the link at the bottom of each email or at [email protected].

12. Minors

We basically treat 18+. Treatment of 16-17 year olds can be done under the WGBO regulations; we do injectables only for 18+. Parents/guardians of minors cannot derive marketing consent for themselves from care consent for the child.

13. Cookies

We use functional and (limited) analytical cookies. For marketing cookies, we ask permission. Please see our Cookie Statement for details and your settings.

14. Questions or complaints.

Questions or requests about privacy? Email [email protected]. We will be happy to assist you.
If you are not satisfied with our handling, you can file a tip or complaint with the Personal Data Authority.

15. Changes

We may update this statement. The most recent version is always on this page. In case of substantial changes, we will actively inform you (e.g. by e-mail).