Privacy regulations

Large amounts of personal data are processed when carrying out the health screening program. For instance, we receive personal data from the Personal Records Database (BRP), which we need to invite the target group of that specific health screening. Special category data of participants is also registered (such as the result and any medical information provided by the participant). How we process the data, the purposes for which the data is used, the organisations with which we share the data and how we safeguard privacy have been recorded in the National Health Screening Privacy Regulations. A summary of these regulations is given below.

Summary privacy regulations

Your personal data and the results of the population screening are sometimes used for scientific research. This sometimes also happens with the material from your smear test or stool test. If possible, it will be done anonymously. Anonymous means that the data cannot be seen as belonging to you. Exceptions sometimes require personal data that cannot be considered completely anonymous. The researcher still does not know who you are, but we can trace the data back to you. Even then your privacy is still optimally protected. All personal data for research is processed in highly secured environments. Government agencies have no access to it. Read more about the use of data for scientific research on the RIVM website.

You can contact our data protection officer via functionarisdataprotection@bevolkingsonderzoeknederland.nl.

A data set is determined for each health screening program. This comprises the data we need to carry out the health screening, for any referrals to healthcare and for quality control. The data sets are determined by the Netherlands National Institute for Public Health and the Environment (RIVM) in consultation with the program committee of the relevant health screening program.
We receive your personal data from the Personal Records Database in accordance with article 3.3 of the Personal Records Database (BRP) Act.

We use the data to:

  • carry out the health screening (invitations, the screening test, issue the result and make any necessary referrals);
  • monitor the quality of the health screening program;
  • contribute to the evaluation of the health screening program;
  • contribute to scientific and statistical research in healthcare.

In processing data we comply with the General Data Protection Regulation (GDPR) and the ‘Legal Framework for Data Exchange in Cancer Screening’ (RIVM, 2017).

Data processing also satisfies the NEN-7510 and ISO27001 information security standards. This means that we have an extensive information security policy. We work in accordance with a strict role and rights system, in which it is stated who may access which data. All employee actions are logged and we use secure connections.
We have appointed a Data Protection Officer, Sandra Blauw (functionarisgegevensbescherming@fsb-ssc.nl). 

We employ the standard storage period as detailed in the Medical Treatment Contracts Act (WGBO) and we save your personal data for 15 years. A shorter period applies to some data. This concerns data that, according to the professional standard, are no longer relevant for the implementation of the health screening.

You have the right to indicate that you would like us to supplement, protect, correct or erase your data. You also have the right to receive your data if you wish to transfer these to another party. After submitting a request for this, you will receive a written notification within one month of receiving application, stating whether and to what extent we can comply with your request. If you wish to modify data that we have received from an external source, you should contact the relevant body.

If you do not want us to process or share your data, you can object to this. The objection options differ per health screening. This relates to the working method and processes that take place within the various health screening programs. The objection options and an explanation of these can be found on the ‘Objection’ page.

You can file an objection via the digital client portal, My Health Screening. You will need your DigiD to log in. You can also contact us to request an objection form, or download an objection from our site. Your objection will be processed once we have received a signed objection form. You will receive a written confirmation of this.

You can withdraw any objection you made at any time. We can no longer retrieve data that has previously been deleted from the system.

You can contact our Complaint Officer or our Data Protection Officer (Sandra Blauw, functionarisgegevensbescherming@fsb-ssc.nl).

If you wish to know which of your data we process, you can request access to this. You will then receive an overview of the data that is recorded in our system. You can contact the screening organisation for this. We will send an application form on which you should indicate the data you wish to access. Once we have received your completed and signed form, we will set your request in motion.