A data set is determined for each health screening program. This comprises the data we need to carry out the health screening, for any referrals to healthcare and for quality control. The data sets are determined by the Netherlands National Institute for Public Health and the Environment (RIVM) in consultation with the program committee of the relevant health screening program.
We receive your personal data from the Personal Records Database in accordance with article 3.3 of the Personal Records Database (BRP) Act.
We use the data to:
The data is processed by five regional screening organisations. Together, these are responsible for all data processing in the national information system via the Facilitating Health Screening Partnership (FSB). Other parties are engaged for certain sections of the health screening (for instance for the analysis of smear tests and stool sample tests). We have signed a processor agreement with these parties, in which agreements are recorded with respect to privacy and data protection.
We share data with:
In processing data we comply with the General Data Protection Regulation (GDPR) and the ‘Legal Framework for Data Exchange in Cancer Screening’ (RIVM, 2017).
Data processing also satisfies the NEN-7510 and ISO27001 information security standards. This means that we have an extensive information security policy. We work in accordance with a strict role and rights system, in which it is stated who may access which data. All employee actions are logged and we use secure connections.
We have appointed a Data Protection Officer, Sandra Blauw (firstname.lastname@example.org). She works for the five health screening organisations.
We employ the standard storage period as detailed in the Medical Treatment Contracts Act (WGBO) and we save your personal data for 15 years. A shorter period applies to some data. This concerns data that, according to the professional standard, are no longer relevant for the implementation of the health screening.
If you wish to know which of your data we process, you can request access to this. You will then receive an overview of the data that is recorded in our system. You can contact your regional health screening organisation for this. We will send an application form on which you should indicate the data you wish to access. Once we have received your completed and signed form, we will set your request in motion.
You have the right to indicate that you would like us to supplement, protect, correct or erase your data. You also have the right to receive your data if you wish to transfer these to another party. After submitting a request for this, you will receive a written notification within one month of receiving application, stating whether and to what extent we can comply with your request. If you wish to modify data that we have received from an external source, you should contact the relevant body.
You can contact our Complaint Officer or our Data Protection Officer (Sandra Blauw, email@example.com).
If you do not want us to process or share your data, you can object to this. The objection options differ per health screening. This relates to the working method and processes that take place within the various health screening programs. The objection options and an explanation of these can be found on the ‘Objection’ page.
You can file an objection via the digital client portal, My Health Screening. You will need your DigiD to log in. You can also request an objection form via your regional health screening organisation, or download an objection from our site. Your objection will be processed once we have received a signed objection form. You will receive a written confirmation of this.
You can withdraw any objection you made at any time. We can no longer retrieve data that has previously been deleted from the system.