Privacy Policy (Personal Data Protection Policy)

This Privacy Policy informs You about the types of Personal Information [1] ("PI") and Personal Health Information [2] ("PGG") that Field Trip Health Inc. ("Field Trip", "we" or "us") collects, uses and discloses, and further informs You of the choices You have regarding such use and disclosure, and how You can correct that information.

We may make changes to this Privacy Policy from time to time. The privacy policy will be current as of the "last revised" date that appears at the bottom of this page. We will treat PI and PGG in a manner consistent with the privacy policy under which it was collected, unless we have Your permission to treat it differently.

Accountability

We are committed to protecting the privacy and security of Your PI and PGG. We are committed to fulfilling our obligations under European data privacy law, including the General Data Protection Regulation 2018, Article 16 TFEU (AVG). The principles set forth below govern how we collect, use, store and disclose PI or PGG obtained in the development, sale, promotion and distribution of our services.

Identifying Purposes

We identify the purposes for which we use Your PI or PGG at the time we collect such information from You and, in any case, request Your consent prior to such use. We generally use Your PI and PGG for the following purposes (the "Purposes"):

Knowledge and consent

Generally, we will obtain Your consent before collecting or in any event using Your PI or PGG for any purpose. You may give us your consent orally, electronically or in writing. The form of consent we seek, including whether it is express or implied, depends largely on the sensitivity of the PI or PGG and the reasonable expectations you might have in those circumstances. In limited circumstances, we may rely on a third party to obtain Your consent to share Your PI or PGG with us. You may withdraw Your consent by notifying us. You may expressly indicate that Your personal health information may not be used or disclosed for health purposes without Your consent. Notwithstanding the above, we may share anonymized data to contribute to improvements, research and general knowledge about treatments and therapy programs; in such situations, Field Trip Health Inc. will take reasonable steps to remove personally identifiable information before such results are shared externally.

Restrict collection

We always collect Your PI and PGG in a fair and lawful manner. We may collect PI or PGG directly from You and/or from third parties, where we (and/or those third parties) have obtained Your consent, or as otherwise required or permitted by law.

Restrict use, disclosure and retention

The information we request from you will only be used for the purposes described above; we will seek your consent for other purposes.

We ensure that all affiliates and other third parties engaged to perform services on our behalf and who see PI or PGG are contractually obligated to comply with the intent of this Privacy Policy and our privacy practices.

We will use, disclose or retain Your PI and PGG for as long as necessary to achieve the Purposes described above and as permitted or required by law.

Generally, we will only disclose PI or PGG to such persons for whom you have given your consent. Notwithstanding the foregoing:

Accuracy

We try to ensure that all decisions relating to your information are based on accurate and timely information. While we will do our best to base our decisions on accurate information, we trust that you will release all material information and notify us of any relevant changes.

Safeguards

We have implemented physical, organisational, contractual and technological security measures to protect Your PI and PGG against loss or theft, unauthorised access, disclosure, copying, use or modification. The only employees who are given access to Your PI and PGG are those on a need-to-know basis and/or whose duties reasonably require such information.

Openness

Information about our policies and practices regarding the management of personal health information / individual PI and PGG is available to the public on our external website and from the Privacy Officer.

Individual access

If You make a written request to access Your PII or PGG collected, used or disclosed to date, we will provide You with such PII or PGG to the extent required by law. We will make such PI or PGG available to You in a form that is generally understandable, and we will explain any abbreviations or codes.

Compliance

We encourage you to contact us if you have any questions or comments about your privacy or our privacy policy. We will investigate and respond to your concerns about every aspect of our handling of your information.

Any comments, questions, concerns or complaints regarding Your PI and PGG, this Privacy Policy or our privacy practices should be forwarded to our officer at the following e-mail address: privacy.nl@fieldtriphealth.com

We will endeavour to respond to all Your written requests within 30 days of receipt. We will notify you in writing if we are unable to respond to your requests within this period. You have the right to make a complaint to the Personal Data Authority (AP) within this period; https://autoriteitpersoonsgegevens.nl/

How long do we keep your data

According to the law, we have to keep your data for 20 years. Or longer if that's necessary for proper assistance. The period of retention starts when your treatment or counselling with us is completed. For records of minors, this period starts when the patient reaches the age of majority (18 years).

Correction and addition

Do you think that data is factually incorrect in your file? Then you can ask the practitioner to correct it. You can also have your statement included in the file. Does your practitioner disagree with you?

Destruction

You have the right to have (parts of) your file destroyed before the end of the legal retention period. Before we destroy the file, we will ask you to sign a statement. This will show that you have taken the decision to destroy the file voluntarily and consciously and that you are aware of all the consequences. One consequence, for example, is that the treatment cannot continue if there is no file.

Transferring data

You have the right to take PI with you and transfer it to another (care) provider. This right does not apply to the entire medical file. The PI that you have actively and consciously provided yourself can be taken with you and transferred to another (healthcare) provider. The same applies to the data that you have provided indirectly. Think, for example, of the data from a blood pressure monitor. Other data such as: decisions, the disease that has been diagnosed, suspicions or treatment plans that your doctor draws up, do not fall under the right to 'transferability'.

[1] "Personal Information (PI)" - "recorded information about an identifiable individual." Examples include: home address, phone, email address; gender, age, marital status, health information, religion; number of employees, employment history; opinions, financial data, and personal health information.

[2] "personal health data (PGG)" - Information about an individual, living or deceased and in oral or recorded form. It is information that can identify an individual and relates to such things as the individual's physical or mental health, the provision of health care to the individual, payments or eligibility for health care related to the individual, the donation by the individual of a body part or body substance, and the individual's health number. PGG may be information about a physician or other health care provider, a hospital employee, a patient, or a patient's family member. Examples of PGG include a name, medical record number, health insurance number, address, phone number, and PGG related to a patient's care, such as blood type, X-rays, consultation notes, etc.