Privacy Policy (Personal Data Protection Policy)

This Privacy Policy informs you about the types of Personal Information ("PI"), see text below [1 ] and Personal Health Information ("PGG"), see text below [2], that Field Trip Health B.V. ("Field Trip", "we" or "us") as data controller collects, uses and discloses. It also informs you about matters relating to the choices you have regarding such use and disclosure and how you can correct that information. Data Protectors Sp. z o.o. Sp. K. in Warsaw, Poland, is the Data Protection Officer (DPO) and representative for Field Trip.

We may make changes to this Privacy Policy from time to time. The Privacy Policy will be current as of the "last revised" date that appears at the bottom of this page. We will treat PI and PGG in a manner consistent with the Privacy Policy under which it was collected, unless we have your consent to treat it otherwise.


We always collect Your PI and PII in a fair and lawful manner. We are committed to protecting the privacy and security of Your PI and PGI. We are committed to complying with our obligations under European data privacy law, including the General Data Protection Regulation 2018, Article 16 TFEU (AVG). The principles set out below govern how we collect, use, store and disclose PI or PGG obtained in the development, sale, promotion and distribution of our services.

Identifying purposes

We determine the purposes for which we use Your PI or PGI at the time we collect this information from You. We normally use Your PI and PGI for the following purposes (the "Purposes"):

  1. to provide you with ongoing medical care and therapy

  2. to give you access to digital tools and services

  3. To track your use of Field Trip services, to help us provide you with care and therapy;

  4. To facilitate communication with external service providers with whom we have a contractual relationship, such as doctors, nurses, therapists, psychologists, psychiatrists and pharmacists;

  5. To inform you about new programmes and services that may be of interest to you;

  6. To respond to your questions, complaints or requests;

  7. to collect opinions and comments on Field Trip activities;

  8. To investigate legal claims, for business and marketing purposes of Field Trip.

  9. any other use required by applicable law.

We process Your PI and PGG on the basis of a number of different legal grounds for processing. We process PI because:

If we are to process your PGG, we need your explicit consent. This consent is necessary for the provision of medical assistance and therapy. Any consent given can be withdrawn by you at any time, but such withdrawal will not affect the processing of PGG prior to the time you withdrew your consent. 

How we obtain consent

If we need Your consent, we will do so before collecting Your PI or PGG, or in any event before using Your PI or PGG for any purpose. You can give us Your consent orally, electronically or in writing. The form of consent we seek, including whether it is explicit or implicit, depends largely on the sensitivity of the PI or PDU and the reasonable expectations you might have in those circumstances. In limited circumstances, we may use a third party to obtain Your consent to share Your PI or PGI with us.

You may withdraw Your consent by notifying us. You can specifically instruct us not to use or disclose Your personal health information for health purposes without Your permission. Notwithstanding the above, we may share anonymised or aggregated data to contribute to improvements, research and general knowledge about treatments and therapy programmes. In such situations, Field Trip Health B.V. will take reasonable steps to remove personally identifiable information before such results are shared externally.

We do not process PI or PGG about minors as we do not provide a service to minors.

Restriction of use, disclosure and retention 

We will ensure that all affiliates and other third parties engaged to provide services on our behalf that see PI or PGG are contractually required to comply with our Privacy Policy.

We will use, disclose or retain your PI and PGG for as long as necessary to fulfil the purposes described above and pursuant to the legal grounds for processing set out in this Policy.

We will only disclose PI or PGG to other persons on the basis of the following principles:

We may transfer your PI or PGG as necessary to third party service providers with whom we have contractual agreements containing appropriate privacy standards, when these third parties assist us in fulfilling the Purposes for which we collect the data. These may include doctors, nurses, therapists, psychologists, psychiatrists, pharmacists and service providers who provide technology or communication services, data storage and processing, cloud-based software or other similar services.


We endeavour to ensure that all decisions relating to your information are based on accurate and timely information. We endeavour to base our decisions on accurate information and trust that you will disclose all material information and notify us of any relevant changes.

Technical and organisational security measures

We have implemented appropriate physical, organisational, contractual and technological security measures to protect your PI and PGG from loss or theft, unauthorised access, disclosure, copying, use or modification. For example, Client systems are protected with two-factor authentication and data in the systems is encrypted at rest. The only employees or third parties granted access to your PI and PGG are those who have a "need to know" and/or for whose tasks such information is reasonably required.


Information on our policies and practices regarding the management of personal health information/individual PI and PGG is publicly available on our external website and from the DPO.  

Individual access

If you make a written request for access to your PII or PGG collected, used or disclosed to date, we will provide you with this PII or PGG to the extent required by law. We will make this PII or PGG available to You in a form that is generally understandable, and we will explain any abbreviations or codes.

Rights of the data subject

If you make a written request for access to your PII or PGG collected, used or disclosed to date, we will provide you with this PII or PGG to the extent required by law. We will make this PI or PGG available to You in a form that is generally understandable and we will explain any abbreviations or codes.

You may also request that we:

a. Correct your PI/PGG. If you think there is factually incorrect information in your record, you can ask us to correct it.

b. Deleting your PI /PGG You have the right to have (parts of) your record destroyed before the end of the legal retention period. Before we destroy the file, we will ask you to sign a statement. This will show that you have taken the decision to destroy the file voluntarily and consciously and that you are aware of all the consequences. One consequence may be that the treatment cannot be continued if there is no file.

c. To restrict or object to the processing of your PI/PHI in order to transfer your PI/PHI to another provider.

You have the right to take your PI with you and transfer it to another (healthcare) provider. This right does not apply to the entire medical record. You can take the PII you have actively and consciously provided yourself and transfer it to another healthcare provider. The same applies to the data that you have provided indirectly (such as, for example, the data from a blood pressure measurement). Other data such as: decisions, the diagnosis, analyses, or treatment plans drawn up by your doctor do not fall under the right to 'portability'.

How long do we keep your data?

By law, we must retain certain medical data for up to 20 years, or longer if required for proper care. For non-medical data, our retention period is up to 7 years for financial data and 2 years for other types of data. The above-mentioned retention period commences as soon as your treatment or counselling with us has been completed. 


We encourage you to contact us if you have any questions or comments about your privacy or our privacy policy. We will investigate and respond to your concerns regarding any aspect of our handling of your information.

Any comments, questions, concerns or complaints regarding Your PI and PGG, this Privacy Policy or our privacy practices should be directed to our officer at the following email address:

. We aim to respond to all Your written requests within 30 days of receipt. We will notify you in writing if we are unable to respond to your requests within this period. You have the right to lodge a complaint with the Dutch Data Protection Authority (AP) at

Last revised: 28 May 2021

[1] "Personal data (PI)" means - "Recorded information about an identifiable individual." Examples include: home address, telephone, email address, gender, age, marital status, health information, religion; number of employees, employment history; opinions, financial data, and personal health information.

[2] "Personal health data (PGG)" - Information about a living individual. It is information that identifies an individual and covers such topics as the individual's physical or mental health, the provision of health care to the individual, payments or eligibility for health care with respect to the individual, the donation by the individual of a body part or body substance, and the individual's health number. PGG can also be information about a doctor or other health care provider, a hospital employee, a patient or a family member of a patient. Examples of such PGG include a name, medical record number, health insurance number, address, telephone number, and PGG related to a patient's care, such as blood type, X-rays, consultation notes, etc.

We use cookies to optimise your browser experience. By using this website, you agree to our Cookie Policy.