Privacy Regulations Jessica Gal Sports Doctors

The Personal Data Protection Act specifies how and under what conditions organizations may record personal data. The European directive ‘General Data Protection Regulation’ (GDPR) also sets requirements for recording privacy-sensitive data. In these privacy regulations we want to inform you in a clear and transparent manner how Jessica Gal Sportartsen handles personal data. Jessica Gal Sportartsen complies in all cases with the applicable laws and regulations.

In order to function properly as a Sports Medical Institution, it is important to properly record data, including personal data. We use this data, for example, to keep patient records and to submit declarations to health insurers.

The starting point is that we process personal data in accordance with the purpose for which it was provided, do not process more data than necessary and handle this data confidentially. Personal data will be treated and secured with the utmost care and will not be passed on to other parties, unless this is necessary for the purpose for which they were provided. This applies to data from patients/clients as well as data from employees, suppliers and relations.

Information obligation

Jessica Gal Sportartsen is obliged to inform you about how your personal data is handled. We process personal data for activities that are necessary to provide our care in a correct and professional manner. By this we mean:

  • Providing sports medical care in the form of injury consultations, sports medical consultations and mandatory and preventive sports medical examinations.
  • Receiving and answering questions from (potential) patients/clients by telephone or email.
  • Processing incoming referrals from referring doctors and/or institutions.
  • Referring patients/clients to third parties
  • Providing medical transfers to (fellow) practitioners.
  • Sending declarations to patients/clients, factoring company Infomedics, and health insurers (via VECOZO)
  • Collecting information for policy purposes and management reports.

In order to carry out these activities properly, we sometimes work together with third parties. We only do this if it is necessary and if it fits within the purpose for which the data was collected.

Processing of personal data of clients/patients.

We only process personal data if it is relevant and reasonable in view of the purpose for which we use the data. Personal data is processed for the following purposes:

  • Scheduling appointments with clients
  • Sending appointment confirmations
  • Keeping the medical record
  • Referring patients to (para) medical specialists for (co-)treatment.
  • Taking care of the financial administration
  • Claiming invoices from health insurers (via VECOZO) or from patients/clients (via factoring company
  • Infomedics or directly to patient/client)
  • Conducting customer satisfaction surveys
  • Processing complaints
  • The implementation or application of laws and regulations.

We register the following patient/client data:

  • First names;
  • Infix;
  • Last name;
  • Address;
  • ZIP code and address;
  • Date of birth;
  • Sex;
  • Telephone number (if a minor, the telephone number of the parent/guardian);
  • E-mail address (if minor, the e-mail address of the parent/guardian);
  • Citizen service number;
  • Medical data
  • Data related to sports practice
  • Other findings relevant to medical record keeping.

We receive the personal data of the patient/client himself or through referrers (general practitioner, medical specialist, paramedic). If we receive the data via a referrer, the referral letter with the supplied data is scanned and stored in the medical file.

We include information in the medical file that is necessary for our administration as described under b. In addition, we record data about contact moments between the patient/client and (employees of) Jessica Gal Sportartsen. The medical file is only accessible to employees of Jessica Gal Sportartsen for the benefit of the services described under a. who should have access to this information.

The under b. the aforementioned personal data will not be provided to third parties without the patient’s/client’s consent other than for the purposes stated in a. If a patient/client expressly indicates this, we will not provide his/her personal data to third parties, unless this is legally required.

Processing personal data of employees.

Personal data of employees are processed by Jessica Gal Sportartsen for the purpose of executing the employment contract. The basis for processing this personal data is the employment contract.

The following personal data is processed for the purpose of performing the employment contract:

  • First name;
  • Infix;
  • Last name;
  • Phone number;
  • E-mail address;
  • Date of birth;
  • Salary data;
  • Copy ID;
  • BSN number;

Personal data of employees are provided to the following authorities:

  • Payroll office People & Payment
  • Pension fund PFZW
  • The tax consultancy VZC
  • The tax

Personal data of employees are stored by Jessica Gal Sportartsen for the above processing(s) during the term of the employment contract and then only in the financial administration for a maximum of 7 years.

Processing of personal data of suppliers

Personal data of suppliers are processed by Jessica Gal Sportartsen for the following purpose(s):

  • administrative purposes;
  • Communication about and placing orders
  • Communication about a (potential) assignment/order.
  • Executing or issuing an order.

The basis for processing this personal data is the agreed assignment;

Jessica Gal Sportartsen can process the following personal data of suppliers for the above objective(s).

  • First name;
  • Infix;
  • Last name;
  • (Business) Telephone number;
  • (Business) email address;

Personal data of suppliers are stored by Jessica Gal Sportartsen for the above processing(s) during the term of the agreement and then only in the financial administration for a maximum of 7 years.

Processing of personal data of relations.

Personal data of relations are processed by Jessica Gal Sportartsen  for the following purpose(s):

  • Information provision in the form of newsletters
  • Information provision in the form of targeted contacts.

The basis for processing this personal data is oral consent, the issuance of a business card and/or a link on Facebook or LinkedIn;

Jessica Gal Sportartsen can process the following personal data of relations for the above objective(s):

  • First name;
  • Infix;
  • Last name;
  • (Business) Telephone number;
  • (Business email address.
  • (Business) Address details

Personal data of relations are stored by Jessica Gal Sportartsen for the above processing(s) during the period that one is seen as a relation.

Management of the processing of personal data

The person responsible within Jessica Gal Sportartsen keeps a register of the files in which personal data has been processed, manages these files and is responsible for the processing of personal data in accordance with the GDPR and the WBP.

If there is a new processing of personal data, the controller is responsible for registering this processing of personal data with the AP.

Provision to third parties

We may provide personal data to third parties if this is necessary for the implementation of the purposes described above.

For example, we use a third party for:

  • Taking care of our sports medical services
  • Taking care of the internet environment;
  • Taking care of the (financial) administration and invoicing;
  • Taking care of communication.

Agreements are made with these parties (processors) to guarantee the security of your personal data. These are laid down in a processing agreement. Personal data is never provided to parties with whom no processing agreement has been concluded, unless this has a legal basis (for example, if (personal) data are requested by the police in the context of an investigation). In all other cases, personal data will only be shared with third parties if you give explicit permission for this.

Inside the EU

We do not provide personal data to parties located outside the European Union unless the country can guarantee an adequate level of protection of the rights and freedoms of individuals with regard to the processing of personal data.


We only process personal data of minors (persons under the age of 16) if permission has been given by the parent or legal representative.

If the person concerned is sixteen years of age or older and is unable to value his interests in a reasonable manner, the following persons will act in his place in order: curator, mentor, authorized representative, life partner, parent, child, brother or sister.

Retention periods

Jessica Gal Sportartsen does not store personal data longer than necessary for the purpose for which it was provided or required by law.

The retention period of the medical and nursing patient file is at least 15 years, counting from the last treatment of the patient, or as much longer as reasonably follows from the care of a good care provider. The relevant specialist must specifically indicate that a status must be retained for longer than this period.

If the retention period has expired, the relevant personal data will be removed and destroyed if possible. However, destruction will not take place if it is reasonably likely that the retention is of considerable importance to someone other than the data subject, or if there is agreement on this between the data subject and the healthcare professional.

If the relevant data has been processed in such a way that it is reasonably impossible to trace it back to individual persons, it can be kept in anonymised form.


Jessica Gal Sportartsen has taken appropriate technical and organizational measures to protect your personal data against unlawful processing. Protection of digital personal data is regulated in the information security policy. The following measures have been taken:

All persons who can take note of your personal data on behalf of Jessica Gal Sportartsen are bound to observe confidentiality.

  • We have a username and password policy on all our systems;
  • We pseudonymise and encrypt personal data if there is reason to do so;
  • We make backups of the personal data in order to restore it in the event of physical or technical incidents;
  • We regularly test and evaluate our measures;
  • Our employees have been informed about the importance of the protection of personal data.

Right to access/copy your personal data

You have the right to inspect and/or receive a copy of the personal data that we have processed about you. The requested inspection and/or the requested copy will be honored as soon as possible, but no later than one month after receipt of the request. You can also object to the processing of your personal data (or part of it) by us or by one of our processors. If we are allowed to process your personal data on the basis of permission given by you, you always have the right to withdraw this permission. You also have the right to have the data provided by you transferred by us to yourself or on your instructions directly to another party. We may ask you to identify yourself before we can comply with the aforementioned requests.

Addition, correction or destruction of your personal data

If requested, the information included in a processing of your personal data can be supplemented by you with a statement issued by you.

You can also submit a request to correct the data relating to you. The controller is only obliged to correct your data if they are factually incorrect, if the data are incomplete or irrelevant for the purpose of the processing or if the data otherwise conflicts with a regulation of the AVG, the WBP or under another law. The responsible party will inform you of its decision within eight weeks of receipt of the request. A refusal to make a correction will be reasoned.

You can also request the controller in writing to destroy data that can be traced back to you. There is a written procedure in house that is followed if a request to destroy the medical and nursing file reaches the person responsible.


If you have a complaint about the processing of your personal data, we ask you to contact us directly. We will do our utmost to resolve your complaint with you. If we cannot come to an agreement with you, you have the right to submit a complaint to the Dutch Data Protection Authority, which is the supervisory authority in the field of privacy protection.


If you have any questions or comments regarding our Privacy Policy, please contact us. Our contact details are:

Jessica Gal Sportartsen
IJsbaanpad 6
1076 CV Amsterdam
088-229 0999
[email protected]

Wil je teruggebeld worden?

Door het invullen van het contactformulier ga je akkoord met onze privacy policy.