Your personal data and your privacy in a SAG Health Center

General Data Protection Regulation (GDPR)
The GDPR is the law for the protection of privacy and personal data. Pursuant to this law, an organization that works with personal data has certain obligations, and the person whose data is processed, has certain rights. In addition to GDPR, specific rules apply to privacy in healthcare. These rules are set out in the Medical Treatment Contracts Act (‘Wet Geneeskundige BehandelingsOvereenkomst’, WGBO). This privacy statement is intended to inform you about your rights and our obligations that apply under the GDPR and the WGBO.

You can also view this statement as a PDF.

SAG Health Center
In a SAG Health Center various personal data can be processed. This is necessary for SAG to be able to give you the right medical treatment and to handle financial matters. In addition, processing may be necessary for, for example, combating a serious threat to your health, or to comply with a legal obligation (for example, the mandatory reporting of an infectious disease under the Public Health Act).

The duties of the SAG health center
According to the GDPR, your SAG Health Center is responsible for the processing of your personal data, needed for treatment in our general practice. The practice complies with the obligations arising from this responsibility as follows:

  • Your data is collected for specific purposes:

    – for medical treatment / care provision;
    – for effective management and policy;
    – for support of scientific research, education and information.
  • In principle, no processing takes place for other purposes.
  • You will be informed that your personal data is being processed. This can be done by your healthcare provider, but also by a folder or by our website.
  • All employees within the SAG Health Center are committed to treating your personal data confidentially.
  • Your personal data is processed through secured systems/channels.
  • Your personal data will not be stored longer than necessary for proper health care.

For medical data, the retention period is fifteen years (starting from the last treatment), unless longer storage is necessary, for example for the sake of your health of your children’s health. It is up to the judgement of the practitioner to decide whether and for what duration to prolong the retention period.

Your rights as person whose data is being processed
You have the following rights:

  • The right to know whether and which of your personal medical data are being processed.
  • The right to inspect and copy that data.
  • The right to correct, supplement or delete you medical data, in case those data are incorrect.
  • The right to request (partial) destruction of your medical data. This request can only be met if:

    – the retention of the data is not of any significant importance to someone else
    – there is no law or legal requirement stating that the data must be retained.
  • The right to add a self-written declaration (being a medical statement) to your file.
  • The right to, in certain cases, object to the processing of your data.

It may happen that it is not possible to (fully) comply with your request. For example, if your inspection of the medical file leads to a violation of the privacy of others, or if the removal of certain data puts your life or the life of another person at risk or in danger. If you want to make use of your rights, you can make this known in writing, using the application form.

Providing your personal data to others
The employees of the SAG Health Center have an obligation to treat your personal data confidentially. This means, for example, that the healthcare provider needs your explicit permission to serve out your personal data to a third party. There are, however, some exceptions to this rule. The healthcare provider’s duty of confidentiality and/or code of silence can be breached in case a law or a legal requirement demands it, but also in case your health or the health of another person is at risk or in serious danger. Also, the exchange of your medical data can take place verbally, in writing or digitally/electronically amongst health care providers (for example, the general practitioner provides a prescription to the pharmacist, which is processed by the pharmacist).

Data exchange
After you have given your permission to exchange (specific) personal data, the SAG Health Center shares relevant medical data safely and reliably with the out-of-hours GP center (Huisartsenpost: HAP) through the Landelijk SchakelPunt (LSP; National Exchange Point). If you have been to an out-of-hours GP in the evening, night or weekend, this out-of-hours GP center will in turn share the medical data and results of your visit through the LSP with your health care center. This way the GP at your health care center knows exactly for which complaints you have visited the out-of-hours GP-center and what actions have been taken as a result.

Your personal medical data can also be shared with your pharmacy and your medical specialist(s). This includes, for example, the medication that your GP has prescribed, but also information on any intolerances, contraindications and allergies, so that other prescribers and providers of medication can take this into account. In this way, SAG contributes to medication safety.

Transfer of your file
If you register with a new GP, it is important that your new GP is aware of your medical situation. It is mandatory that your former GP transfers your medical file to your new GP. Once you have requested the transfer, your former GP needs to transfer your medical file as soon as possible, in any case within a month after your request. Your medical file is transferred by your GP through a secured channel.

You always have the right to inspect your file and to receive a copy of your file. Keep in mind, however, that making a copy takes time; we aim to handle your request within 4 to 6 weeks. If you are registered as a patient with SAG, you can view or download your medical file 24/7 through the online patient portal of your health care center.

Question or complaint
Do you have a question or complaint about this privacy statement? Or do you object to the processing of your personal medical data? Then your GP will be happy to discuss this with you. If you cannot find a solution with your GP, you can contact the Data Protection Officer of SAG by e-mail: You also have the right to file a complaint at the Dutch Personal Data Protection Authority (Autoriteit Persoonsgegevens) if you believe that your SAG Health Center does not process your personal data in accordance with legal requirements /privacy legislation.