Privacy Statement
Privacy statement on the protection of personal data of website visitors
Sint-Trudo Hospital attaches great importance to the protection of personal data. This privacy statement (hereinafter "the statement") describes how personal data collected through our website are processed: www.sint-trudo.be (hereinafter "our website").
In addition, we have a specific privacy statement related to the protection of patient data and a statement around the data of job applicants:
In this statement, certain terms are given specific meanings:
"Sint-Trudo" means Sint-Trudo Hospital, Diestersteenweg 100 - 3800 Sint-Truiden, registered with the Crossroads Bank of Enterprises under number 0443.260.603, RPR Antwerpen (Hasselt division).
"Processor" means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing.
"Processor" means the natural or legal person, public authority, agency or any other body that, on behalf of the Processor, processes personal data.
"Personal Data" means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data or an online identifier (...) ;
1. Scope
Our website is operated by Saint Trudo. It is important to us to create and maintain an environment where visitors feel comfortable and where their information will not be misused.
In accordance with applicable data protection regulations, including the General Data Protection Regulation 2016/679 and relevant national legislation, Sint-Trudo would like to explain to you what data we collect about you and how it will be used when you visit our website and when you sign up for our newsletter, as well as to assure you that this data will be processed correctly.
2. Personal data collected
2.1 When you visit our website, we collect the following personal data:
- The IP address, and
- Cookies
We use "cookies" (and similar technologies) on our websites and applications. These small files that store information on your computer's browser allow us to remember certain information about you (for example, your choice of language).
We store them to tailor our sites and applications to your needs and to save your preferences for future visits. This allows us to quickly improve your user experience and provide you with relevant services.
2.2 In order to subscribe to the newsletter as a professional or to register for an event, Saint Trudo may collect and process the following categories of personal data about you:
- Surname, first name, title;
- Address;
- Contact details (email, phone number, fax);
- Company;
- Choice of language;
- Presence at the event (date and place);
- RIZIV number (healthcare professionals);
2.3 You may also choose to provide additional/optional information when you fill out a form on our Website or when we contact you (by phone, email or during events). The same applies if you wish to send an e-card to a patient admitted to our facility.
2.4 Saint Trudo may also collect publicly available information to verify the information we collect and to manage and develop our business.
3. Why do we collect information?
Sint-Trudo collects the above information for the following purposes:
3.1 Information and communication
We may use your personal information to inform you about our activities, services or newsletter, or to contact you if you have asked us a question.
We also collect your data to provide you with business information and to comply with legal, regulatory and compliance obligations and requirements.
3.2 Website security
Because of our legitimate interest in securing our Website, we collect and process your IP address.
3.3 Use of cookies
When you visit our Website, we place "cookies":
- that are necessary for the proper functioning of our Website, based on our legitimate interest in providing you with a functional Website, and
- to analyze your browsing habits on our Website, but only if you have given your prior consent.
If you would like more information about our use of cookies, how long they are stored, etc., please consult our cookie policy.
3.4 Using social media
In order to increase our visibility on the internet and to be close to our current and future patients, visitors, healthcare partners, etc., we also have a presence on social media such as Facebook, LinkedIn and Instagram.
When you visit these sites, you may choose to share some of your personal information directly with us by contacting us, commenting, and/or sharing our articles.
In addition, we encourage you to read the privacy statement posted by these third parties on their website to see how your personal data is processed by these third parties in their capacity as Processors.
4. Legal basis for processing personal data
We may use and process your personal data only if one of the following conditions is met:
- The use of your personal data is necessary for the performance of a contract you have concluded with us or, at your request, to take the necessary steps to conclude that contract.
- We have your free and express consent to use your personal data for a specific purpose.
For example, if you subscribe to our newsletter, you will be asked for your consent to process your personal data as described in this statement. To the extent that we process personal data based on your consent, we inform you that you have the right to withdraw your consent at any time by contacting us (see below).
- Your personal data will be used in accordance with our legitimate interests and respecting your interests and rights (collecting and storing your IP address to secure our Website).
- We are required by law to process and report certain data to the competent authorities, such as the Data Protection Authority.
5. How will your information be used and shared?
5.1 In general, your data will only be processed by the relevant department within Sint-Trudo. If necessary, Sint-Trudo may share your personal data with other departments within the hospital.
5.2 For technical purposes, we may also share your personal data with third parties who perform tasks and provide services on our behalf, such as professional consultants or IT consultants who perform testing and development work on our business technology systems.
5.3 To the extent that Saint-Trudo must comply with its legal obligations or in the interests of security, the public interest or law enforcement, we may need to disclose your personal data. We may also disclose data in connection with existing or potential litigation or to protect our assets, security, personnel and other rights or interests.
5.4 Your personal data will not be sold or rented to third parties.
6. Place of storage and processing of data
Personal data will in principle not be transferred outside the EU. However, if it is intended to store and/or process them outside the EU, we will explicitly inform you of this and ensure that the same level of protection is guaranteed.
If we use subcontractors, the data will be transferred to the countries where the data centers of these subcontractors are located.
We will enter into an agreement with these processors based on a model approved by the European Commission, pursuant to which these processors will guarantee the same level of protection as Sint-Trudo guarantees for data stored within the EU.
7. Retention period of personal data
We will retain your information only to the extent necessary to achieve the purposes set out in section 3 of this statement.
Since the need to retain data depends on the type of data and the purpose of the processing, retention periods may vary significantly. The criteria we use to determine retention periods are as follows:
- How long do we need this data to provide the service requested?
- Have we established and announced a specific retention period?
- Have we established and announced a specific retention period?
- Have we been given permission to extend the retention period?
- Do we have a legal, contractual or other obligation?
As soon as we no longer need your data and are no longer legally obliged to keep it, we will permanently delete it or, if this is not possible, anonymize it in our system.
In principle, your personal data will be kept and used for as long as necessary to comply with our legal obligations, or to settle disputes or conclude contracts.
Personal data processed to subscribe to newsletters will be retained until you exercise your right to erasure (see below). Please note that such erasure will be effective for the future only.
8. Data Security
Your data is considered strictly personal. To this end, we have taken all appropriate technical and organizational measures to protect your data against accidental destruction, loss or alteration, as well as against damage, accidental or unlawful access or other unauthorized data processing.
9. Rights of the persons concerned
9.1. You have certain rights in relation to the personal data we hold about you:
- Right to information:You have the right to be informed, at the latest at the time we collect your data, about the processing operations we carry out, about your rights in this regard and about how to exercise these rights. That is why we have drawn up this statement.
- Right of access:You have the right to access your data and obtain a copy of the data we hold.
- Right of Correction: If your personal data has changed, you can ask us to correct, supplement or delete outdated, inaccurate or incomplete data that we hold about you.
- Right to erasure: In certain circumstances, you have the right to have the personal data we hold about you erased, such as when the personal data is no longer needed for the purposes for which it was collected or when you have withdrawn your consent and there is no other legal basis for the processing.
- Right to object and restrict: In addition, under certain circumstances, you have the right to restrict the processing of your data and object to the processing of your personal data.
- Right of portability:You also have the right to receive and transfer the personal data you have provided to Sint-Trudo to another controller.
9.2 We may ask you to prove your identity to assure us that you have a legitimate right to make a request and to verify that we are responding to the person who has the legitimate right to send us one of the above-mentioned requests and to obtain the information.
We remind you that in certain circumstances provided by law, we may deny access to your information or not comply with your request where applicable data protection laws permit us to do so.
9.3 You have the right to lodge a complaint with the Belgian Data Protection Authority, rue du press 35, B-1000 Brussels, T: +32 (0)2 274 48 00; F: +35 (35)2 274 48 35; E: contact@apd-gba.be.
10. Exercise of your rights
10.1 How can you exercise your rights?
To exercise these rights, you must send us a written, signed and dated request, together with proof of your identity (e.g. photocopy of your identity card, etc.):
- By email: dpo@stzh.be
- By post to the following address Sint-Trudo Hospital, t.a.v. DPO, Diestersteenweg 100, 3800 Sint-Truiden
We request that you clearly indicate the right that you wish to invoke, the processing that you wish to object to or limit, or the consent that you wish to withdraw.
10.2 Conditions for exercising your rights
When you exercise your rights, you will not be charged a fee, unless we deem the request to be clearly unfounded or excessive (for example, if it is a repeat request).
We may, however, ask you to pay a reasonable amount not to exceed our copying costs for any additional requests for copies.
For any request relating to your rights as set out in section 9 of this statement, we will respond to your request within one month. However, this period may be extended to two months if the request is complex and/or due to the number of requests we have to process. If this period is extended, we will notify you and the reason for this decision.
11. Amendment of this statement
We reserve the right to modify or supplement this Statement as necessary.
In the event of significant changes, the date of the change will be updated and a copy of the new Statement will be posted on our Website.
We encourage you to periodically review this Statement to be informed of how we process and protect your information.