Skip to main content
Your session has expired. Reloading...

Privacy Policy

Privacy policy for medical data and GDPR

Version 11.12.2025

Thank you for using Levenswijs. This privacy policy explains which data we process, for what purposes and how we safeguard the privacy of those involved.

1. Introduction

Levenswijs attaches great importance to the protection of personal data and medical data. This privacy policy describes which data we process, for what purpose and on what legal basis.

Levenswijs acts in accordance with:

  • the General Data Protection Regulation (GDPR)
  • the Medical Treatment Agreements Act (WGBO)
  • the Healthcare Quality, Complaints and Disputes Act (Wkkgz)
  • NEN 7510 (Information security in healthcare)
  • NEN 7512 (Responsible exchange of medical data)
  • NEN 7513 (Logging of actions in healthcare information systems)

Levenswijs is the data controller within the meaning of the GDPR.

Levenswijs

2. Purposes and legal basis of data processing

We process, among others:

  • name
  • date of birth
  • gender
  • address details
  • contact details (email, phone)
  • medical data such as examinations and test results
  • order and payment data
  • other information provided by you

Doeleinden en grondslagen:

  • Performing laboratory research, medical record keeping and results
  • Creating and managing My Portal — performance of agreement
  • Processing payments — performance of agreement
  • Communication with medical professionals — explicit consent
  • Email marketing — consent or legitimate interest
  • Legal obligations — legal obligation
  • Use of anonymised data — legitimate interest

Levenswijs does not use automated decision-making or profiling.

3. Processing of medical data (WGBO and Wkkgz)

WGBO — Medical file

Under the WGBO there is a legal obligation to maintain a medical file. The file contains information necessary for good care.

  • medical data is only processed when necessary or with consent
  • right to access your medical file
  • right to correct factually incorrect data
  • deletion is only possible when not in conflict with retention obligations or good care

Wkkgz — Quality, safety and complaints

Levenswijs processes data in the context of quality and safety, including:

  • registration for quality assurance of laboratories
  • incident registration (where applicable)
  • data processing for complaint handling via a legally required complaints officer

This data is exclusively used for quality improvement and legal obligations.

4. Compliance with NEN 7510 — Information security in healthcare

NEN 7510 is the Dutch standard for information security in the healthcare sector. Levenswijs complies with this standard and has implemented measures in the areas of:

  • confidentiality — protection of data against unauthorised access
  • integrity — correct, complete and reliable processing of data
  • availability — systems are accessible when healthcare delivery requires it

Specific measures include:

  • two-factor authentication and strict access control
  • logging and monitoring of access attempts
  • periodic risk analyses and security tests
  • data breach policy in accordance with GDPR and NEN standards
  • encrypted storage and communication (SSL/TLS)

5. Compliance with NEN 7512 — Responsible exchange of medical data

NEN 7512 describes the requirements for safe and responsible data exchange in healthcare. Levenswijs complies with this standard by:

  • using secure communication methods for data transfer
  • identity and authentication checks of involved healthcare providers
  • only necessary data is exchanged
  • control mechanisms to ensure data reaches the correct recipient
  • application of end-to-end encryption where possible

6. Provision of data to third parties

Data is only shared when necessary or legally required:

  • contracted laboratories (according to NEN 7512 standards)
  • healthcare professionals (with written consent)
  • payment providers
  • legal authorities

No data is sold to third parties.

7. Rights of data subjects

You have the right to:

  • access your data
  • rectification of incorrect data
  • deletion (within WGBO limits)
  • restriction of processing
  • data portability
  • objection to processing
  • withdrawal of consent

Klachten kunnen worden ingediend bij:

  • the complaints officer (Wkkgz)
  • the Dutch Data Protection Authority

8. Security measures

Levenswijs applies technical and organisational measures in line with GDPR, Wkkgz and NEN standards:

  • encrypted databases
  • role-based access control
  • logging and monitoring (in accordance with NEN 7510, optionally extendable with NEN 7513)
  • data breach procedure
  • regular audits

9. Retention periods

  • Medical data: 15 years (WGBO)
  • Administrative data: fiscal retention periods
  • Anonymised data: indefinitely

10. Residual sample material

  • Retained for possible re-analysis within the applicable period
  • Thereafter destroyed according to laboratory guidelines

11. Changes to this privacy policy

Levenswijs may amend this policy. The most current version is always available on the website.

12. Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies for different purposes as described below.

Strictly necessary cookies

These cookies are essential for the website to function and cannot be disabled. They include:

  • Session cookie — maintains your login state and shopping cart
  • XSRF token — protects against cross-site request forgery

These cookies do not require consent as they are necessary for the service you requested.

Analytics and advertising cookies

We use Google Analytics 4 to understand how visitors use our website, and Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. These cookies are only placed after you give explicit consent via our cookie banner.

  • _ga — distinguishes unique visitors (retention: 2 years)
  • _ga_<ID> — maintains session state (retention: 2 years)
  • _gcl_* — links ad clicks to conversions (retention: 90 days)

Analytics data is anonymised and used solely to improve our website. Advertising cookies measure ad effectiveness and do not track health data. No personal health data is collected through these cookies.

Managing your consent

You can manage your cookie preferences at any time:

  • Use the cookie banner that appears on your first visit
  • Click "Cookie Settings" in the footer of any page
  • Delete cookies through your browser settings

13. Compliance with NEN 7513 — Logging of actions in healthcare information systems

Levenswijs complies with the requirements of NEN 7513, the Dutch standard for recording and managing logging within healthcare information systems. This standard requires that all actions regarding medical data are registered in a verifiable and secure manner, with the aim of ensuring the reliability, integrity and traceability of data processing.

Under this standard, Levenswijs records, among other things:

  • who has accessed medical data
  • what actions have been performed on medical data (such as viewing, modifying, sending)
  • when these actions took place
  • via which system or application access was obtained

This log data is exclusively used for:

  • monitoring the security and integrity of healthcare information
  • detection and analysis of (potential) security incidents
  • compliance with legal obligations and quality standards

Log data is stored securely and is only accessible to authorised staff with a clear functional need. The retention period of logging is in accordance with the relevant legislation and the guidelines of NEN 7513.