Vaccination against mpox and protecting your data
It is important that your data is kept secure. We are careful with it, and we comply with laws such as the General Data Protection Regulation (GDPR).
Who works with your personal data?
We at GGD GHOR Nederland ask you to share your personal data with us for vaccinations. We use and store the data. We must do this the way the law says we should. This means that we handle your personal data properly and safely. We tell you what data we have about you, what we do with it, and who works with it.
We share your data with the following organisations:
When you make an appointment for a vaccination, your personal data is recorded in iMPeX. iMPeX is the system the GGD uses for the vaccination process and for communication about the vaccination process. The GGD can see your vaccination information in iMPeX. Normally, we cannot see this at GGD GHOR Nederland unless there is a problem with iMPeX that we need to fix.
What personal data do we use?
We need your personal data to carry out the vaccination properly.
This is the personal data we need from you:
What happens to your personal data?
We use your personal data so that we can give you a vaccination. You can see below what we use your personal data for.
STEP 1: You make an appointment for a vaccination
You receive an invitation. If you decide to get vaccinated, you make an appointment. In this step the regional GGD uses your personal data to decide if you should get an invitation. And they use your contact details to invite you to make an appointment.
The GGDs send invitations and make appointments in different ways:
The regional GGDs decide for themselves how to invite people and make appointments. For example, by letter, email, text message or by phone. Do you want to know how to make a vaccination appointment? Then visit the website of the GGD in your area.
STEP 2: The vaccination
You come on the agreed date and at the agreed time to the place where you are going to get the vaccination. In this step, the GGD staff check your identity and your appointment details. They also check the health screening form that you fill in before coming. Depending on the information in the form, a doctor may want to examine you first. This happens at the vaccination location.
If the GGD staff approve your health screening form, you get the vaccination.
STEP 3: Sending information to the RIVM and your family doctor
The GGD will only contact your family doctor if you have given permission for this. We ask for the name of your family doctor now in case the GGD and your family doctor need to contact each other later.
Sending information to the RIVM
In this step, the GGD sends information about your vaccination to the RIVM. The RIVM uses your information for the following things:
We do not use your personal data for anything else. Only for the things we have explained above.
What laws apply to the way we use your personal data?
The General Data Protection Regulation (GDPR) says that we can only use your personal data if we have a valid reason. The GDPR says that valid reasons can be: consent, agreement, legal obligation, vital interest, public task / public interest and legitimate interest.
We use your data to fight an infectious disease epidemic. This is a public task or a public interest task. The law also says that the GGD must record and check personal data for these types of diseases. And to carry out further research on this. This is stated in the Wet publieke gezondheid (translated here as Public Health Act).
The laws that apply here are:
When you receive a vaccination the GGD must ask you for your citizen service number and record it. This is because the GGD is a healthcare provider. And because a vaccination is a medical treatment. The law that applies to this is Article 6 paragraph 1 (c) of the GDPR in combination with Articles 5 and 6 of the Processing of Personal Data in Healthcare (Supplementary Provisions) Act.
How long do we keep your personal data?
We keep your personal data for twenty years. This is allowed by the Medical Treatment Agreement Act. After that, we destroy the data or make it anonymous. We will ask for your permission if we want to keep your personal data longer except if another law says that we are obliged to keep it.
How do we protect your personal data?
We think it is important to keep your personal data safe. To do that, we make agreements with the people and organisations that process the data for us. The agreements say what they can do with your data for us.
What else do we do?
What are your rights?
These are your rights according to the law:
In all these situations, you can contact the GGD that gave you your vaccination.
Have you given permission for your data to be passed on to the RIVM? Then you can ask for your data to be removed from the RIVM’s records at any time. You can do this on mijn.rivm.nl/vaccinaties. You will need your DigiD to do this.
Do you have questions or complaints about what happens to your personal data?
Do you have questions or complaints about what happens to your personal data? Please contact the Data Protection Officer at the GGD that gave you your vaccination. Every GGD has a privacy statement. This tells you who the Data Protection Officer is.
Appendix 1 lists the website addresses of all the GGDs.
You can also report a complaint to GGD GHOR Nederland. You can do this by sending your complaint to the GGD GHOR Nederland’s Data Protection Officer. The email address is firstname.lastname@example.org.
What if we handled your complaint and you do not agree with the outcome or the way we handled it? Then you can send a complaint to the Dutch Data Protection Authority via this website: https://autoriteitpersoonsgegevens.nl/nl/voordat-u-een-klacht-indient (in Dutch).
We will change this privacy statement if necessary. For example, if we have to change who processes personal data, or which personal data we use.
We changed this statement last on July 29, 2022.
Do you want to know which GGD belongs to your municipality? You can find this on www.ggd.nl (in Dutch).