General Data Protection Regulation (GDPR)

From May 2018, a new European law, the General Data Protection Regulation (GDPR), will apply. This law has been drafted to ensure that your personal data is handled with care. The data held about you must be accurate and complete and will only be used for the purpose for which you provided it. Information about the GDPR can be found here.

Reiki College complies with the requirements of the GDPR. Within the practice, data from clients are collected exclusively for the provision of good naturopathic care and assistance; the financial settlement of the care provided with the client or his health insurer, including the creation, registration and processing of invoices; conducting effective management and policy within the practice. A copy of all issued invoices is processed by the administration office with which Reiki College has a processing agreement.

Your data will be obtained on the form that you fill in yourself before your first appointment; these are processed in your file. The file is supplemented with reports of the treatment sessions during the treatment. These reports will not be shared with others unless necessary for the treatment and only after your consent. Your digital file is stored on the computer and is then protected with three passwords; in addition, you have a paper file that is stored in a closed file cabinet. All data will be kept for at least fifteen years after your last treatment. If you wish to be "forgotten", you can submit a reasoned request in writing; if this request is granted, your file will be destroyed immediately.

The GDPR gives you a number of rights that allow you to exercise limited control over the use of your personal data. You have the right to request access to your personal data and your file. You must ask this in writing, with a date, your personal data and your signature to the therapist, also the owner of the practice. After your written request has been received, the therapist is obliged to provide you with an overview of the data within four weeks.

For children up to the age of 12, parents can submit a request. Young people aged 12 to 16 have the right to submit a request themselves. Parents/guardians of young people aged 12 to 16 years have this right only with the consent of the child.

The therapist may refuse to comply with the request for inspection for reasons of his own.

After you have been given access, you can request the therapist to correct, supplement, delete or protect your data. A condition for granting this request is that the data as used are factually incorrect, incomplete or irrelevant for the purpose of the processing. This request must also be provided with a date, your personal data and your signature. The therapist must respond to your request within four weeks. A refusal to edit your data must be justified.

If the request is granted, other organisations to which the data have been provided must be informed of the changes, unless this is impossible or requires an unreasonable effort on the part of the controller. This must be done within eight weeks of the date of the application.

The right to object means that you have the right to object in writing, with a date, your personal data and your signature, to the use of your data by the therapist. If this objection is met, you may not be treated at Reiki College.

Finally, you have the right to data portability. This means that you can request Reiki College to provide your data in a form that makes it easy for data subjects to reuse it.

The Dutch Data Protection Authority mediates in disputes about the exercise of the rights. You can submit a request for mediation directly to the Dutch Data Protection Authority. There is no charge for processing this request.

If you believe that you have suffered damage as a result of the controller's failure to comply with certain obligations, you can submit this to a judge. The latter can request advice from the Dutch Data Protection Authority.