
PRIVACY NOTICE SITE WEB: PATIENTS
As the data controller, the Clinique Saint-Jean attaches particular importance to respecting and protecting the privacy of its patients and therefore commits to process and protect your personal data with the greatest care and discretion.
The purpose of this “privacy notice” is to inform you about the various personal data processing operations that the Clinic carries out during your outpatient and/or inpatient treatment.
If you have any questions, please do not hesitate to send them to our DPO via the following e-mail address: privacy-dpo@clstjean.be.
NB: Please note that for a series of specific treatments (e.g. participation in a clinical study, organ donation, etc.) additional information notices are available and/or will be sent to you in order to inform you in the most accurate and exhaustive manner possible.
-
Legal framework
Clinique Saint-Jean processes your personal data in accordance with the regulations on the protection of privacy and personal data, including
- Point III, Article 9quater of the Royal Decree of 23 October 1964 fixing the standards to which hospitals and their services must conform;
- The European Regulation No. 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter: the “GDPR”) and its implementing laws and decrees;
- The law of 30.07.2018 on the protection of individuals with regard to the processing of personal data.
-
Definitions
- Responsible of process: this is the natural or legal person, public authority, department or other organization that determines which of your personal data are/will be processed, how they will be processed and for what purpose.
- Contractor: this is the natural or legal person, public authority, department or other organization that processes your personal data on behalf of the responsible of process. For example: the supplier of the Clinic's e-mail box, the suppliers of the diagnostic assistance equipment, the suppliers of the computerized patient file platform, etc.
- Concerned person(s): the patient(s) of the Clinique Saint-Jean, i.e. the natural persons admitted or treated within the Clinique Saint-Jean.
- EEA: European Economic Area
-
Processing activities
-
Making an appointment
When you make an appointment at the Clinic, whether by telephone, via our website or directly via your practitioner, we are obliged to process the following personal data about you:
Types of personal data |
|
Purposes of the processing |
|
Legal basis for processing |
The pre-contractual relationship you establish with the Clinic by making an appointment with one of our practitioners. |
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
|
-
Reception & Admissions
Within the context of your reception for your appointment or admission, we are obliged to process the following personal data about you:
Types of personal data |
|
Purposes of the processing |
|
Legal basis for processing |
The care contract concluded between you and the clinic in the context of your treatment by your practitioner. |
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
|
-
Medical follow-up - care
Within the context of your medical care, practitioners are required to collect, analyze and encode the following personal data in your medical and/or nursing file:
Types of personal data |
Not all of this data will be processed by your practitioner. Only the data that the practitioner considers relevant to your care and that guarantee your safety will be processed. |
Purposes of the processing |
|
Legal basis for processing |
The processing of special categories of data about you (e.g. your medical data) is also based on Article 9(2)(h) GDPR which allows us to process such data for medical diagnosis, health or social care or for the management of health care systems and services. |
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
|
-
Emergencies
When you visit - or are admitted to - our emergency department, we may process your personal data as follows:
Types of personal data |
Please note that in emergency situations all the data mentioned above that are necessary for your care will be processed by the practitioner. |
Purposes of the processing |
|
Legal basis for processing |
The processing of special categories of data about you (e.g. your medical data) is also based on Article 9(2)(h) GDPR, which allows us to process this type of data in the context of medical diagnosis, health or social care or for the management of health care systems and services. |
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
30 years for all data that will be included in your medical and nursing records. Please note that this period starts from the date of your last hospital discharge or medical treatment. |
-
Invoicing
Within the context of the invoicing of your care (i.e. care, medicines, ...) we are led to process your personal data in the following way:
Types of personal data |
|
Purposes of the processing |
|
Legal basis for processing |
|
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
|
-
Contentious
In the context of dispute management, we may process your personal data in the following ways:
Types of personal data |
Only data relevant to the resolution of the dispute will be processed by the services concerned. |
Purposes of the processing |
|
Legal basis for processing |
|
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
|
-
Audit
In the context of a targeted medical audit as provided by Article 6/1 of the Royal Decree of 15 December 1987 implementing Articles 13 to 17 of the Hospitals Act, coordinated by the Royal Decree of 7 August 1987, or any other audit related to the provision of health care, we may need to process your personal data in the following way:
Types of personal data |
Only data relevant to the audit will be processed. |
Purposes of the processing |
Quality of care, management of health care systems and services. |
Legal basis for processing |
|
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
10 years |
-
Social service
Types of personal data |
Only the data necessary for your support by the social service will be processed. |
Purposes of the processing |
|
Legal basis for processing |
The care contract between you and the Clinic. |
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
30 years |
-
Spiritual, religious and/or philosophical guidance
Types of personal data |
|
Purposes of the processing |
|
Legal basis for processing |
The care contract between you and the Clinic. |
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
30 years |
-
Benchmarking
Types of personal data |
|
Purposes of the processing |
|
Legal basis for processing |
|
Receivers/categories of receivers and transfers outside the EEA |
You will find this information in the dedicated section “Potential external receivers of your personal data”. |
Conservation period |
Minimum 3 years and maximum 4 years. |
Withdrawal of the consent |
At any time, without specific reason(s), without affecting the validity of the processing carried out prior to the withdrawal. |
- Potential external receivers of your personal data
Within the limits imposed by the GDPR, in compliance with the legal basis on which we process your personal data and to the extent necessary to achieve the purposes of processing described above, we have to transfer some of your personal data to the following receivers:
CATEGORY |
TRANSFERT OUTSIDE OF THE EEA |
APPROPRIATE GARANTEES |
Insurance organizations when required by law. |
Not applicable |
Not applicable |
The National Institute for Sickness and Disability Insurance where required by law. |
Not applicable |
Not applicable |
External care providers as part of the continuity of patient care. |
Not applicable |
Not applicable |
Public instances and judicial or administrative authorities where required by law. |
Potentially |
If an action is start up in a country outside the European Economic Area, some of your data may be transferred to that country. In this case, the transfer is subject to strict security and confidentiality rules in accordance with Articles 44 to 49 of the GDPR in order to ensure a level of security for your data that is essentially the same as that which you benefit from in Europe. |
The civil liability insurer of the Clinic or its care providers insofar as this communication is necessary to defend a legal claim or to establish, exercise or support a legal action. |
Not applicable |
Not applicable |
The external subcontractors used by the Clinique Saint-Jean as well as the subcontractors they use for the processing of personal data.
|
Yes |
Some of our subcontractors may host data outside the European Economic Area. All transfers are subject to strict security and confidentiality rules in accordance with Articles 44 to 49 of the RGPD in order to guarantee a level of security of your data essentially similar to that which you benefit from in Europe. The Clinic remains your main contact for further information regarding these transfers. |
The patients concerned or their representatives in accordance with the provisions of the law of 22 August 2002 on patients' rights. |
Not applicable |
Not applicable |
-
Your rights regarding the processing of your personal data
Right of information |
You have the right to be informed about the processing of your personal data by the Clinique Saint-Jean. |
Right of access |
You have the right to access your data and obtain a copy. |
Right of rectification |
You have the right to rectify incorrect data about yourself.
Medical data cannot be rectified, but you can always ask for a note to be added to your file. |
Right of erasure (*) |
In limited cases, you have the right to request the deletion of some of your personal data. |
Right of limitation of processing (*) |
In limited cases, you have the right to request that all or part of your personal data are no longer processed. |
Right of portability (*) |
In limited cases, you may request that your data be provided to you or to a particular receiver in a commonly readable format. |
Right to object (*) |
In limited cases, you have the right to object to the processing of some or all of your personal data. |
For processing based on your consent |
You have the right to withdraw your consent
To do so, please contact the DPO at the following address: privacy-dpo@clstjean.be |
You can exercise these rights by contacting:
- The DPO at the following address: privacy-dpo@clstjean.be
- The mediator at the following address : mediation@clstjean.be
In order to ensure your security, we reserve the right to verify your identity when you request to exercise your rights.
(*) These rights are not absolute. All requests will be analysed by the DPO who will decide what action to take.
-
Right to submit a complaint
You have the right to file a complaint at the supervisory authority:
Autorité de protection des données
Rue de la Presse 35, 1000 Bruxelles+32(0)22744800
+32(0)22744835
contact@apd-gba.be
- Securing personal data
Clinique Saint-Jean takes reasonable technical and organizational precautions to prevent the destruction, loss, alteration, unauthorized access or inadvertent disclosure to third parties of personal data under its control. In addition, measures are taken to physically secure the location of the stored data.
- Managing personal data breaches
Any person who becomes aware of a breach, leakage or loss of personal data must notify the Clinique Saint-Jean through its Data Protection Officer as quickly as possible and provide as much information as possible about the breach.
Thereafter, the Clinique Saint-Jean will take the necessary steps, i.e.:
- Investigation, evaluation and follow-up of the incident;
- Taking measures to remedy, prevent or reduce the consequences of the incident;
- Notification to the Data Protection Authority, if applicable;
- Communication to data subjects, if applicable.
- Contact
If you have any further questions about the processing of your personal data, please do not hesitate to contact our DPO at the following email address: privacy-dpo@clstjean.be.