Privacy statement

This is the Privacy Statement of MOOI Clinic. In order to provide you with quality and professional care, MOOI Clinic processes your personal data.

MOOI Clinic considers careful handling of your personal data of great importance. Your personal data is therefore carefully processed and secured by us. You can rest assured that your information is secure at MOOI Clinic and that we adhere to applicable legal obligations.

Why do we have a Privacy Statement?

This Privacy Statement outlines how we handle your personal data. In this Privacy Statement you can read about what personal data we process about you, for what purposes, who is allowed to see your data, how we store your data, to whom we share your data and what control you have over it yourself. Your best interests are our primary concern!

What is personal data?

Personal data is any data that can be traced to a natural person – and that is you. Personal data may include: your name, address, date of birth, phone number, e-mail address and biometric data. We obtain this type of data from you when, for example, you fill out a form, send a letter or e-mail, or call us. Also, when you visit our website, in some cases you provide us with personal data. For example, in the form of an IP address or a cookie.

The moment your personal data is shared with MOOI Clinic by you or a third party, we process it. The meaning of processing is broad and includes collecting, storing, accessing, deleting, using and providing data to third parties.

To what does this Privacy Statement apply?

This Privacy Statement applies to all personal data that we process from you (in whole or in part by automated means) in the context of our services.

From whom does MOOI Clinic process personal data?

Of all persons with whom we have contact, or who visit our website, we may process personal data.

Who is responsible for processing your personal data?

Responsibility for processing your personal data rests with MOO! b.v.. The responsible Data Protection Officer is the person who decides what personal data will be processed, for what purpose and in what manner.

What does MOOI Clinic use your personal data for?

MOOI Clinic may only process personal data about you if we have a legal right to do so. The legal bases for processing your personal data are:

  • your consent;
  • the processing of your data is necessary for the performance of a contract;
  • the processing of your data is necessary to fulfill a legal obligation;
  • the processing is necessary to protect the vital interests of you or another natural person.
  • The processing of your data is necessary in view of the interest of MOOI Clinic, in which your interest does not prevail.

We process your personal data for the purpose of efficient and effective business operations, in particular in the context of carrying out the following activities:

Below are some examples:

Delivering Good Care

As part of providing proper and professional care, we record your name and address, your contact information and any information from obtained through referrals, such as from your primary care physician, that enables us to provide appropriate and safe care. We will ask you how you got in touch with us and ask for your identification. We never make a copy, but record the type of document (passport, driver’s license, alien document, identity card) with which you identified yourself and we also record the document number. We also record your Citizen Service Number (BSN) in our electronic health record.

When your first visit our clinic, we will ask you a variety of information about your concerns and wishes regarding possible treatment, medication, allergies, lifestyle (smoking, alcohol and drug use), etc. We call this anamnesis (your account of your medical history) and we ask for it to make a good assessment of the best treatment, risks and expectations. We also take before and after photos of you; these are part of our record keeping.

All health care providers directly involved in your treatment have access to these records. For example, if you are having surgery in the hospital, anesthesiologists have access for the purpose of preoperative screening, and authorized hospital staff will also have access to some of your medical data. These are also recorded in the hospital’s electronic health record. Laboratory and research data, as well as any hospital stays abroad, are part of this too.

We send the pharmacy a prescription for medication as needed on your behalf. This information is sent electronically.

If you do not object, we will send your physician/referrer a letter detailing the treatments performed and/or recommending further care.

Image and audio recordings are sometimes made as part of providing care to clients. This may include telephone conversations, surveillance equipment recordings, and treatment recordings, for example. These recordings are subject to medical confidentiality. We only use these recordings for other purposes with your written permission.

Clients may make audio recordings of the conversation with the physician if they wish. This recording is strictly personal and may not be posted on social media or online. Clients must notify the physician before the consultation that they wish to record the conversation.

Measuring treatment outcomes and experiences

We ask your prior consent to participate in (digital) surveys that we use to measure the effectiveness of treatment and your experiences. Your privacy related to these matter is guaranteed through processing agreement with outside parties who conduct these surveys.

Scientific research

Your prior written consent is requested for participation in scientific research.

Internal and external quality control

Our clinic is visited annually by an external auditor who checks that we meet the quality requirements of the ISO9001-2015 seal of approval. Inspection of patient records is part of this quality audit. We only provide access to records for which the client has specifically given prior written consent. This is also the case with quality reviews by the medical specialty profession.

Health and Youth Inspectorate may conduct announced and unannounced inspections of the clinic. By virtue of legal duty for the Inspectorate, this does not require the client’s consent; nevertheless, we strive to present it as anonymously as much as possible. IGJ inspectors are subject to professional secrecy.

Complaints and disputes

The handling of complaints may require the use of an external complaints officer or the Disputes Committee. If they require a copy of your file containing relevant information, we first ask for your specific, written permission.

Incidents, emergencies and special situations

To systematically monitor, control and improve the quality of care, it is important to report and analyze unintentional events during the care process that have resulted or could result in harm to the patient/client (“incidents”). We also call this the VIM (Safe Incident Reporting) system.

The law does allow a physician to make available without the patient/client’s consent, information necessary to investigate the incident. The data in the reporting system is not public, including to the patient/client. The data can only be used by those handling the incident. The report of findings is for internal use; the patient/client will not receive a copy and has no right to inspect this report. You will be informed of a serious incident or emergency and its reporting; this will also be recorded in your file.

We are required to report serious emergencies to the Health and Youth Inspectorate; we do not ask permission for this. The IGJ may ask us to conduct an investigation. In the event of a possible outbreak of infectious diseases, we are required to pass on your information to the Public Health Service.

Needlestick injury is a collective term for puncture, cut, bite, splash or crab accident in which a person comes into contact with the blood or body fluid of another person. Situations where our employees accidentally have unprotected contact with blood are reported through a VIM report and investigated at a cooperating Hospital. We will then ask for your cooperation to have your blood tested for infection with hepatitis B, hepatitis C or HIV, among other things. Results of this examination are recorded in the electronic patient record.

MOOI Clinic is required to report suspected child abuse or domestic violence to the Advice and Reporting Centre for Domestic Violence ASHG or the Advice and Reporting Centre for Child Abuse AMK. The starting point for a report is our protocol “Reporting Code for Domestic Violence and Child Abuse.”

Legal obligations

Sometimes we are required to provide your personal information to third parties. For instance the NZa, police and judiciary, the FIOD-ECD. We then first check the purpose and verify that it meets legal requirements. We also follow the guidelines established by the physician federation KNMG (Royal Dutch Society for the Promotion of Medicine).

Marketing and communications

The data collected from the contact form is made visible via an internal e-mail and also processed as such. If necessary, data are recorded in the electronic patient record.

The intake form is made visible through an internal e-mail and also processed as such. Data are recorded in the electronic health record.

MOOI Clinic does not mention personal information in its postings on social media. By means of a processing agreement with the external parties who conduct marketing surveys, for example, your privacy is guaranteed. We ask for your prior consent if we want to notify you via a newsletter or request to share your experience, for example on our website.

Supervision of personal data processing

The rules on protecting your personal data are set out in the Personal Data Protection Act, as of May 25, 2018 it concerns the General Data Protection Regulation. The Personal Data Authority (AP) enforces this law.

If you believe that we have not sufficiently or completely complied the provisions of this Privacy Statement, you have the right to file a complaint with the AP. The AP’s contact information is:

Bezuidenhoutseweg 30 2594 AV The Hague 0900-2001201


To protect your privacy and the confidentiality of your data, MOOI Clinic takes appropriate technical and organizational measures. The starting point here is the standards from NEN7510 information security. We have security measures in place to prevent misuse of and unauthorized access to personal data.

Our electronic healthcare systems, which contain your medical data, are secured in various ways including access restrictions, logging, etc. We work as much as possible with systems and parties that meet the requirements of NEN7510/ISO 27001. We also provide measures against data loss such as backups, against fire and loss or theft. For these security reasons, we do not use paper records. Documents containing personal data are stored in locked cabinets and rooms. For employees and hired third parties, we make arrangements for privacy and the security of your data. MOOI Clinic is subject to periodic privacy and security audits. Some employees have been trained in prevention of security incidents and use of the data breach notification code in case your data has been misused despite all measures.

Reporting incidents personal data

If there is an unexpected breach of your personal data, or we suspect that your data has been breached, we will report this to the AP. If the breach of your personal data may have unfavorable or adverse consequences for you, we will let you know as soon as possible.


We assume that your information is always confidential in nature. All of our employees are therefore sworn to confidentiality. This includes third parties hired or otherwise appointed by us to perform work.

Persons charged with performing technical work on our systems are also required to maintain confidentiality. In short, anyone who has access to your data has a duty of confidentiality.

How long do we keep your data?

We do not retain your data for longer than is necessary for the purposes for which your data is processed and as permitted by law. How long certain data is kept depends on the nature of the data and the purposes for which it is processed. Thus, the retention period may be different for each purpose.

Sharing with third parties

We expressly do not provide your personal data to third parties, unless it is necessary for the performance of a contract, if required by law, or if you have given us your consent to do so. These include providing information on breast implants for the DBIR (Dutch Breast Implant Registry) and LIR (National Implant Registry).

MOOI Clinic may also be required to provide personal data based on laws or regulations, on the basis of a ruling by a court of competent jurisdiction, or in cases of fraud or abuse. If that is the case, we will cooperate.

Transferring your data to countries outside the European Union

MOOI Clinic will not pass on your data to a company or branch in a country outside the European Union, unless a model agreement is in place for this purpose or you have signed a statement giving your consent to the transfer.

Personal contact with MOOI clinic

Many contacts between you and MOOI Clinic are by phone, forms, email or social media. We record personal data you provide in the process, that is necessary for administering our services.

Collection mechanisms

Increasingly, clients are contacting us via email, social media (Facebook, Twitter) or through our website. Texting and chat are also used. Of course, much information is still exchanged through letters and forms. The initiative to have contact can come from you, but also from us. The personal data you provide to us through any of these mechanisms may be processed by us. For example, to answer your questions or to improve the quality of our services.

Calling MOOI Clinic

If you call us or we call you, we can record the phone conversation. We can do this to train, coach and assess our employees and to optimize the quality of our services so that we can better serve you.

Visiting our website

When you visit our website, we record your IP address, visitor information and cookies. Please read our disclaimer at for information about what we use this data for.

What are your rights?

When we process personal data about you, you have certain rights under applicable legislations. Your rights will be explained below.

Accessing your data

If you are a patient/client of MOOI Clinic and would like to see what personal data about you is known to us, you can exercise your ‘Right of Inspection’. We do ask that you indicate specifically which personal data you would like to receive.

Right of correction

You have the right to correct data if your data is inaccurate or incomplete. You also have the right to correct the data if the data is not relevant to the purpose for which we process it, or if your data has been processed by us in violation of a legal requirement.
We will notify the third party or parties who have received your data from us of any corrections, unless this is impossible or requires a disproportionate effort on our part.

If we disagree with the substance of the correction, we offer you the option of adding a statement to your medical record.

Right to delete data

In addition, you have the right to have certain data deleted. For example, if your data is no longer needed for the purposes for which we received it, you object to the processing, or if your data has been unlawfully processed by us. However, we cannot always remove all requested data because we are (or may be) required to retain certain data from you by law or otherwise.

Right to restriction of processing

You also have the right to restrict the processing of your data. The right to restriction means that we may not process or modify your personal data (temporarily). This occurs if you dispute the accuracy of the data, if you believe that the personal data is no longer necessary for the purposes it was collected, or if you believe that our processing of your personal data is unlawful.

Right to object

You may object to the processing of your personal data by us if your personal data is used for purposes other than thoe necessary for the performance of a contract or necessary for the fulfillment of a legal obligation.

How can you exercise your rights?

If you wish to exercise your rights, you may contact us at any time using the contact information below or by sending a letter to us with your name, address and telephone number. We will respond to your request within one month.
We ask you to identify yourself, using a valid ID so that we can verify that we are providing the personal data to the correct person.

Excessive requests regarding the provision of information may be rejected by us. Excessive requests occur when, for example, you approach us with information requests more than average and necessary.

About this privacy statement

MOOI Clinic may modify this Privacy Statement. You can always find the most recent version on our website. Do you have any questions or comments about our Privacy Statement? If so, please feel free to contact us:

MOOI clinic

Sphinxcour 6C01

6211 XZ Maastricht