Mindler’s Privacy Policy

Key updates

  • We’ve clarified the information regarding research activities.

Each week Mindler conducts thousands of meetings with patients from across the world. This entrusts Mindler with a great deal of responsibility - in protecting your data, but also towards the field of psychology and the world at large. We need to be able to understand this wealth of data and ensure that we use it to provide all of our patients with an ever-improving standard of care.

By sharing your data with Mindler, you play a vital role in our mission to make mental health treatment more effective. We will utilize your data to better understand what kind of treatment works the best. You will be part of the development of the most effective mental health treatment in the world.

We aim to share our anonymized and aggregated insights with governmental bodies, academic partners and the general public, making sure that Mindler - together with you - can help improve mental healthcare for all.

Introduction to our policy

At Mindler, your privacy and safety are of utmost importance to us. We strive to make our policies clear and understandable. We want you to feel secure about how we process your personal data.

All treatment is strictly confidential and never under any circumstances are your communications with a psychologist shared with an unauthorized party.

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. All information collected by us through the website or the application will be governed by our most recent Privacy Policy, posted on the website and the application. If you have any queries, please contact us at privacy@mindler.nl

Mindler has appointed Bird & Bird DPO Services SRL as our Data Protection Officer (DPO). If you have any questions or complaints about our compliance with this Privacy Policy or how we process your personal data, please contact our DPO via email at: dpo@mindler.nl.

Our DPO may also be contacted at the following address: Bird & Bird DPO Services SRL, Avenue Louise 235 b 1, 1050 Brussels, Belgium. 

The policy

This Privacy Policy outlines how Mindler collects and processes personal data when you access and use Mindler’s platform (the "Service") via Android or iOS applications (the “Application”) or by visiting our website https://mindlercare.com/nl/ (the “Website”). 

This document also outlines your rights and how they can be asserted. The terms and conditions for use of the Service are set out in the current Terms and Conditions (the "Terms and Conditions") and can be accessed here:  

https://mindlercare.com/nl/en/terms-and-conditions/  

When using the Service, Mindler is the data controller for the processing of your personal data. Mindler is processing personal data according to the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection regulation.

Data controller details: 

Mindler BV (KVK-nummer: 75643650) 

Van Heuven Goedhartlaan 13D

1181 LE Amstelveen 

Nederland

What information do we collect about you and how do we process it?

Mindler needs to have a legal basis to process your data, we provide our legal bases below. We only collect and process data which is relevant and necessary to properly fulfill our purposes with such processing. In this section we describe our different purposes for processing your personal data. For each purpose we state the following information:

  •  What personal data is collected (and processed);

  •  The purpose(s) for processing the data;

  • The legal basis Mindler relies on to process this data.

1. Processing necessary for providing healthcare

1.1 Personal data

The following personal data is processed for the purpose of providing our Service.

Contact information

  • First name, last name and country collected upon registration

  • Phone number and email address collected upon registration

Health data

  • Information regarding your physical and mental health. This could include, for example, information relating to an illness, your medical history or mental state. Health data will be collected by your Psychologist through meetings, self-assessment forms, completion of Internet-based cognitive behavioral therapy (iCBT) programs in the Application and notes from Psychologists in your medical records (Mindler is using electronic health record (EHR)). The images, videos and sounds shared during the use of the Service are neither recorded nor stored.

Referral data

  • Referral from general practitioner collected either by you or the general practitioner sending it to us 

1.2 Purpose of processing

Your contact information is processed for the following purposes:

  • To be able to identify you and verify that you are of the required age to receive care

  • To send help in case of an emergency

  • To be able to contact you after referrals are submitted

Your health data is processed for the following purposes:

  • To provide mental healthcare treatment

  • To evaluate the effectiveness of ongoing treatment

Your referral data is processed for the following purposes:

  • To be able to identify you

  • To be able to invoice you

  • To be able to give you the correct treatment

1.3 Legal basis

The legal basis for this processing is that it is necessary for the performance of the medical treatment contract (geneeskundige behandelingsovereenkomst), Art. 6.1.b GDPR and for health data in conjunction with the exemption under Art. 9.2.h. GDPR and Art. 30.3.a of the Dutch GDPR Implementation Act (Uitvoeringswet AVG, “UAVG”). Mindler simultaneously adheres to the legal conditions for processing your data under a medical treatment contract can be found in the Dutch Medical Treatment Contracts Act (Wet op de geneeskundige behandelingsovereenkomst or “Wgbo”). Note that the Wgbo requires healthcare practitioners to obtain consent from patients to enter into this medical treatment contract (Art. 7:450 Wgbo), but that this is a different consent than under Art. 6.1.a. of the GDPR. Health data collected through self-assessment forms is processed with support of your explicit consent (GDPR Art. 9.2.a). 

2. Processing necessary for providing the Service

2.1 Personal data

The following personal data is processed for the purpose of providing the Service.

Contact information

  • First name and last name upon registration

  • Email address collected upon registration

  • Phone number collected upon registration

  • Social security number (BSN)

  • Country of residence collected upon registration

  • Spoken language collected upon registration

Demographic information

  • Age collected upon registration

Payment information

  • Any promotional codes redeemed in the Application

Technical data

  • Time of booking and meeting status (canceled, unpaid, completed) collected through the Application or via customer service agents

  • Which device, IP address, language, operating system and screen resolution you are using 

  • The date and time of your sessions

  • Which Psychologists you have identified as favorites in the Application

  • Your iCBT program progression in the Application

2.2 Purpose of processing

Your contact information is processed for the following purposes:

  • To be able to identify you in the Application 

Your demographic information is processed for the following purposes:

  • To ensure that you are old enough to use our Service

Your payment information is processed for the following purposes:

  • To make it possible for you to pay for your treatments 

  • To issue a refund in case of cancellation

Your technical data is processed for the following purposes:

  • To plan and conduct meetings with you

  • To optimize your experience depending on the device you are using

  • To keep track of your preferred Psychologist(s)

  • To track your iCBT program progression

2.3 Legal basis

The legal basis for this processing is performance of a contract (GDPR Art. 6.1.b) to fulfill our obligations of providing you with the agreed Service. 

The legal basis for this processing is that it is necessary for the performance of the medical treatment contract (geneeskundige behandelingsovereenkomst), Art. 6.1.b GDPR and for health data in conjunction with the exemption under Art. 9.2.h. GDPR and Art. 30.3.a of the UAVG. Mindler simultaneously adheres to the legal conditions for processing your data under a medical treatment contract can be found in the Wgbo. Note that the Wgbo requires healthcare practitioners to obtain consent from patients to enter into this medical treatment contract (Art. 7:450 Wgbo), but that this is a different consent than under Art. 6.1.a. of the GDPR. 

The legal basis for processing your social security number (BSN) is our legal obligation to identify you. This is based on Art. 6.1.c GDPR and Art. 5 of the Dutch Processing of Personal Data in Healthcare (Additional Provisions) Act (Wet aanvullende bepalingen verwerking persoonsgegevens in de zorg, “Wabvpz”).

3. Processing necessary for communication 

3.1 Personal data 

The following personal data is processed for the purpose of communicating with you in connection with the provision of the agreed services.

Contact information

  • First name and last name collected upon registration

  • Email address collected upon registration

  • Phone number collected upon registration

Technical data

  • Device identification

3.2 Purpose of processing

Your contact information is processed for the following purposes:

  • To contact your telephone number in the event your Psychologist is unable to reach you through the Application for a booked meeting.

  • To contact you with important information such as changes to our Privacy Policy or user agreement, for example.

Your technical data is processed for the following purpose:

  • To send notifications to the last phone you used to log in to the Service

3.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b).

4. Processing necessary for marketing services and products to you

4.1 Personal data 

The following personal data is processed for the purpose of marketing services and products to you.

Contact information

  • First name and last name collected upon registration or completion of forms on our Website

  • Company name collected upon completion of forms on our Website

  • Email address collected upon registration or completion of forms on our Website

  • Phone number collected upon registration or completion of forms on our Website 

  • User information collected through social media when you interact with Mindler’s content

Cookie data

  • Information regarding how you have been using our Website and what other websites you have visited

Health data

  • Information regarding your physical and mental health collected upon completion of forms on our Website

4.2 Purpose of processing

Your contact information is processed for the following purposes:

  • To inform you of our products or services via notification or email

  • To send you promotional marketing emails and marketing newsletters (you can unsubscribe from any mailing lists at any point)

Your cookie data is processed for the following purposes:

  • To show you targeted advertising

  • To measure the reach of our marketing campaigns

Your health data is processed for the following purposes:

  • To send you promotional marketing emails

You can read more about how we place cookies and how you can withdraw your cookie consent in our Cookie Policy.

4.3 Legal basis

The legal basis for processing your contact information is the performance of the contract (GDPR Art. 6.1.b) or your given consent (GDPR Art. 6.1.a) to provide you with customized products and services and to inform you about and market our offered Service. We only process your health information for targeted marketing if you have given your explicit consent (GDPR Art. 9.2.a). The legal basis for processing your cookie data for this purpose is your given consent (GDPR Art. 6.1.a). 

You have the right to withdraw your consent (to “opt out”) of any marketing communications at any time. You can opt-out (e.g. email) by using the unsubscribe link available in every newsletter or in every commercial message you receive from us or in case of electronic direct marketing by following the instructions in the communication.

5. Processing necessary for evaluating and improving our Service

5.1 Personal data 

The following personal data is processed for the purpose of evaluating and improving the Services that we provide.

Please notice that this processing activity differs from the quality assurance Mindler is obligated to perform in certain jurisdictions. For Mindler’s processing for the purpose of quality assurance, please see section 10.

Demographic information

  • Age collected upon registration

Technical data

  • Data collected through the Application or by customer service agents regarding time of booking and meeting status (canceled, unpaid, completed)

  • Data collected through the Application regarding which device you are using

  • Data collected through the Application regarding how and when you use different parts of the Application

  • Data collected through the Application regarding how you rate your meeting, the video meeting quality and any further feedback provided

  • The Psychologist(s) you have identified as favorites in the Application

  • The Psychologist(s) you have been meeting through the Application

  • Feedback such as answered polls or comments you have posted on social media in posts published by Mindler in Mindler’s official social media accounts

  • iCBT programs you have completed in the Application

Health data

  • Self-assessment questionnaires you have submitted through the Application 

Customer service inquiry data

  • Text data collected upon filing an inquiry through our Website or application

In the case that a customer service inquiry holds medical information together with identifiable information, Mindler takes technical measures to ensure that the support ticket is rendered completely unidentifiable and therefore not linked to an individual.

5.2 Purpose of processing

Your demographic information, technical data, health data and customer inquiry data is processed for the following purposes:

  • To improve time-slot and Psychologist availability

  • To improve user flows by making it easier to navigate and find certain features in the Application

  • To detect bugs depending on device type

  • To improve our video service

  • To improve the general user experience in the Service

  • To analyze how your wellbeing may change during your treatment

  • To investigate how wellbeing differs between different demographics

  • To investigate how treatment outcomes differ for different demographics

  • To better understand how to treat you in an effective way

Any personal data processed for the purpose of evaluating and improving our Service is always handled and stored unidentifiable through pseudonymization. We will use the personal data to create statistics on a sufficiently aggregated level so that individual patients cannot be identified from the results. Aggregated statistics will be used for internal and external communication and for research.

5.3 Legal basis

The legal basis for this processing is our legitimate interest (GDPR Art. 6.1.f). We process your health data supported by your explicit consent (GDPR Art. 9.2.a).

6. Processing necessary for providing customer service

6.1 Personal data

The following personal data is processed for the purpose of providing customer service.

Contact information

  • First name and last name collected upon registration or filing an inquiry through our Website

  • Email address collected upon registration or filing an inquiry through our Website

  • Phone number collected upon registration

Payment information

  • Credit card information collected through our payment service

  • Any promotional codes redeemed in the Application

Technical data

  • Time of booking and meeting status (canceled, unpaid, completed) which is collected through the Application or customer service agents

  • Which device you are using, IP address, language, operating system and screen resolution as well as the date and time of your sessions, which is collected through the Application

  • What Psychologists you have identified as favorites in the Application

  • Your iCBT program progression in the Application

Health data

  • Information regarding your physical and mental health. This could include, for example, information relating to an illness, your medical history, or mental state.

6.2 Purpose of processing

Your contact information is processed for the purpose of providing customer support by:

  • Identifying and contacting you for the sake of customer service updates (e.g. changes to booked meetings, cancellations)

  • To be able to offer customer service necessary to providing you healthcare

Your payment information, technical data, and health data is processed for the following purposes:

  • To be able to investigate, respond to and resolve complaints and problems with the Service (e.g. bugs)

6.3 Legal basis

The legal basis for this processing is that it is necessary for the performance of the medical treatment contract (geneeskundige behandelingsovereenkomst), Art. 6.1.b GDPR. To the extent that processing of health data is necessary for these customer services, the processing takes place with the support of our right to process personal data in connection with the administration of care activities; Art. 9.2.h GDPR and Art. 30.3.a UAVGs.

7. Processing necessary for providing our business to business service

7.1 Personal data 

The following personal data is processed for the purpose of providing our business to business service.

Contact information

  • Date of birth collected upon registration

  • Home address collected upon registration 

  • Social security number (BSN)

Payment information

  • Any promotional codes redeemed in the Application 

Technical data

  • Data collected through the Application or by customer service agents regarding time of booking and meeting status (canceled, unpaid, completed) 

  • iCBT programs you have completed in the Application

Health data

  • Self assessment questionnaires you have submitted through the Application 

7.2 Purpose of processing

Your contact information is processed for the following purposes:

  • To be able to identify you and verify that you are of the required age to receive (preventative) consults 

  • To be able to contact you after referrals are submitted

Your payment information, technical data, and health data is processed for following purposes:

  • To provide our business to business customers with aggregated insights regarding their employees’ well-being, meeting statistics of employees, most common problem areas and more. None of your personal data will be communicated or transferred to your employer. We only share aggregated statistics in which no special categories of personal or identifiable data are included. We will not provide our business to business customers with statistics and insights if they do not have a large enough user pool to protect individual anonymity (at least 15 users).

7.3 Legal basis

The legal basis for processing contact information, payment information, technical data and iCBT program completion data for the purpose of providing our business to business service is the performance of a contract (GDPR Art. 6.1.b) where you as an employee of a business to business customer have agreed on sharing your personal data on an aggregated level to your employer. We process your submitted self-assessment questionnaires with the support of our right to process such data based on your explicit consent  (GDPR Art. 9.2.a).

8. Processing necessary for in-app tracking and optimizing ad campaigns

8.1 Personal data

Technical data

  • Data on events such as installation of the Application, registration in the Application and, booked, paid and/or completed meetings or iCBT programs in the Application

  • Mobile identifier like IDFA or Google Play Services ID, and your pseudonymized (hashed) IP - and MAC address

8.2 Purpose of processing

Your technical data is processed for the following purposes:

  • To help us understand how our users are interacting with our Applications

  • To measure the performance of and optimize our ad campaigns

8.3 Legal basis

The legal basis for processing is our legitimate interest (GDPR Art. 6.1.f) or your given consent (GDPR Art. 6.1.a). You are free to withdraw your consent at any time. Such withdrawal will not affect the lawfulness of our processing based on your consent before your withdrawal. iOS users can opt out of sharing this data with us through the settings menu and navigate to integrity and tracking in the iOS device to toggle off the tracking. Android users can opt out of sharing their Google advertising ID by toggling the "Opt out of Ads Personalization" setting on their device. Please contact us by using the contact details below should you like more information on how we have conducted our legitimate interest assessment.

9. Processing for research purposes 

9.1 Personal data

The following personal data is processed for the purpose of doing research based on the data collected by Mindler.

Demographic information

  • Age and sex collected from social security number upon registration.

  • City, postal code and county code collected through third party.

Technical data

  • Time of booking and meeting status (canceled, unpaid, completed) collected through the Application or via customer service agents

  • The date and time of your sessions

  • iCBT program progression in the Application

Health data

  • Information regarding physical and mental health. This could include, for example, information relating to an illness, medical history or mental state. Health data will be collected by the Psychologist through meetings, self-assessment forms, completion of Internet-based cognitive behavioural therapy (iCBT) programs in the Application and notes from Psychologists in the medical records (Mindler is using electronic health record (EHR)).

  • Self-assessment questionnaire answers submitted through the Application. 

9.2 Purpose of processing

Your personal data is processed for the following purpose:

  • To conduct research alone and/or in collaboration with a research institute, government agency, healthcare provider or other legal entity in order to advance knowledge relating to the healthcare provided by Mindler and take measures to improve the healthcare provided by Mindler as a result of such research.

  • To provide data to a research institute, government agency, healthcare provider or other legal entity in order for such research institute, government agency, healthcare provider or other legal entity to advance knowledge relating to the healthcare provided by Mindler and take measures to improve the healthcare provided by Mindler as a result of such research.

9.3 Legal basis

The legal basis for this processing is for the performance of a task carried out in the public interest (GDPR Art. 6.1.e) and we are processing your health data supported by GDPR Art. 9.2 h and Art. 30.3.a of the UAVG. 

10. Processing necessary for quality assurance

10.1 Personal data

The following personal data is processed for the purpose of doing quality assurance of the healthcare provided by Mindler.

Health data

  • Clinical questionnaires

10.2 Purpose of processing

Your  personal data is processed for the following purpose:

  • To follow up on the quality of the healthcare provided by Mindler and take measures to improve the quality of our healthcare and prevent medical injuries

  • To draft patient safety reports annually

10.3 Legal basis

The legal basis for this processing is that it is necessary for the performance of the medical treatment contract (geneeskundige behandelingsovereenkomst), Art. 6.1.b GDPR and for health data in conjunction with the exemption under Art. 9.2.h. GDPR and Art. 30.3.a of the UAVG. Mindler simultaneously adheres to the legal conditions for processing your data under a medical treatment contract can be found in the Wgbo. Note that the Wgbo requires healthcare practitioners to obtain consent from patients to enter into this medical treatment contract (Art. 7:450 Wgbo), but that this is a different consent than under Art. 6.1.a. of the GDPR.

The time for which your data is stored

Your personal data and contact details are saved in the Service for as long as you still have your account. If your account is inactive i.e. you have not logged in for two (2) years, consecutively, your account will automatically be erased from the Service along with some of your personal data (see below). Some personal data may however need to be retained to meet legal obligation. How long your personal data is stored for depends on the type of data. Below we have listed how long different forms of personal data are stored.

Demographic data

Your demographic data is stored for as long as you have an account. It will be deleted or anonymized upon deletion of your account - either by you requesting deletion of the account or if the account has been inactive for two (2) years.

Payment information

Your payment information is saved for as long as you have an account or at least seven (7) years from completed purchases to meet legal obligations such as keeping business records (NEN 7510). 

Technical data

Your technical data is stored for as long as you have an account. It will be deleted or anonymized upon deletion of your account - either by you requesting deletion of the account or if the account has been inactive for two (2) years.

In order to detect and fix errors, we save error logs in our systems. Since these logs may contain personal data, they are deleted after a maximum of 60 days. We always strive to minimize the storing of unnecessary data, therefore this storing period is often much shorter than 60 days.

Cookie data

If you have consented to third-party cookies being stored on your computer or mobile devices, the cookies will be removed when you remove them or when the cookie expires.

Customer service requests 

If you have contacted our customer service team, the inquiry will be stored for 180 days before it is deleted. Some conversations may be relevant and recored to your medical file, in which case the following ‘Health data’ terms apply.

Health data

All health data collected for the purpose of providing you with healthcare and the Service and evaluating and improving our Service, will be stored for as long as you have an account. It will be deleted or anonymized upon deletion of your account - either by you requesting deletion of the account or if the account has been inactive for two (2) years. 

Health data that is stored in the journal will be saved for twenty (20) years to comply with legal obligations. The journal system follows Wgbo which regulates the rights and obligations of the patient. The Wgbo states that patients must give consent to receiving treatment (note however that this consent is different from consent under Art. 6.1.a GDPR). The WGBO also regulates patient privacy, the right to a second opinion, patients’ right to inspect their own medical file and the representation of patients if they cannot decide for themselves. In addition, the WGBO obliges healthcare providers to keep a medical file. A patient can request that Mindler deletes their health data. In these cases, an official request needs to be submitted. After receiving this request, several Psychologists will evaluate whether the request is honored, and if there is any reason not to, Mindler is legally obliged to decline the request.

Your rights

Your personal data belongs to you. Therefore, you have a right to obtain information on and determine how your personal data is processed by Mindler. 

These rights may be limited, for example if fulfilling your request would reveal personal data about another person or otherwise would be harmful to disclose, or if you ask us to erase information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority, please see more information below.

Where we collect personal data to perform our contract with you or to comply with our legal obligations, this is necessary, and we will not be able to manage the customer and patient relationship without this information. In all other cases, provision of the requested personal data is optional, but this may affect your ability to participate in certain programs and limit your possibilities to use our Websites and other services, where the information is necessary for those purposes. There may be additional requirements or provisions that restrict or extend your rights. There can also be legal obligations that prevent us from issuing or moving parts of your data or from blocking or erasing your data. These obligations are derived from legislation in the areas of health and medical assistance, confidentiality, archiving and accounting and tax. If your data must be saved due to legal obligations, the data will only be used to fulfill those obligations and for no other purpose.

A brief summary of your rights is set out below:

The right to object to processing

You can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or legal requirement). 

You have a right to object to your personal data being processed for our legitimate interests including profiling and for direct marketing. In that case, Mindler will either show that there are compelling legitimate reasons for the processing that outweigh your interests, or else stop processing your data. 

Where we have asked for your consent, you may withdraw consent at any time, e.g. by emailing us at the contact details below. If you ask to withdraw your consent to Mindler processing your data, this will not affect any processing which has already taken place at that time.

The right to access and data portability

At any time, you can request a copy of your personal data, as well as information on how it has been obtained and how it is being used or distributed. This also applies to information kept in your medical records. You also have a right to transfer your personal data to another personal data controller.

The right to receive extracts from logs

When someone accesses your electronic medical records, it is registered in a log. As a patient, you can receive an extract from the log to see who has looked at your medical records.

The right to erase data

You have a right to ask for your personal data to be erased if it is no longer necessary for the purpose for which it was collected or if there is no legal basis for processing the data. Health data that is stored in the medical journal will be saved for twenty (210) years in order to comply with legal retention obligations. However, following Art. 7:455(1) Wgbo the patient has the right to request for their health data to be erased which must be treated as an erasure request under Art. 17 GDPR. There may be exceptions to such deletion requests, as included in Art. 7:455(2) Wgbo.

The right to correct information

You have a right to correct inaccurate or incomplete data. If you consider that a detail in your medical records is inaccurate or misleading, you have a right to ask for a note to that effect to be entered in the records. You have a right to request a restriction on the processing of your personal data until inaccurate data has been corrected or an objection from you has been investigated. 

The right to restriction

You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our websites and other services.

Automated decision-making 

We may in some cases use automated decision-making, if it is authorized by legislation, if you have provided an explicit consent or if it is necessary for the performance of a contract. 

You can always express your opinion or contest a decision based solely on automated processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect you. You have the right to obtain human intervention to express your opinion or contest a decision.

When using automated decision-making we will provide you with further information about the logic involved, as well as the significance and the envisaged consequences to you.

How do I exercise my rights?

You may request to use these rights by sending a letter or email, including your name, address, phone number to the contact details set out below. When you exercise any of your rights, we may need to identify you in order to ensure that we are in contact with the correct person. Hence, we may request the provision of additional information necessary to confirm your identity. 

We will respond to your request without undue delay, but at the latest within one (1) month of the request. If the requests are numerous or complex, we may extend the deadline to two (2) months, but we will still respond to the request within the first month and explain why the extension is necessary.

Disclosure of your personal data

Your personal data may need to be transferred to or shared with others whenever necessary or justified. Your personal data is shared with:

Authorized employees at Mindler

Your personal data may be shared under secrecy with Mindler employees who are involved in your treatment and/or providing the Service. Your personal data may also be shared with analysts and software developers at Mindler working with statistics or evaluating and improving the Service. Analysts only have access to pseudonymized data.

Suppliers and subcontractors

Your personal data may be transferred to or shared with certain companies that supply various types of services to Mindler. These services could be medical journal systems, video and operator service providers, payment providers, marketing tracking providers, advertising and analytics service providers, chat or email automation providers and infrastructure platforms necessary for our services to run.

We use your data to send your insurer or yourself an invoice for the treatment. The invoice contains your name and address details and a specification of the treatment. We keep these invoices for our financial administration. If an invoice is not paid after several reminders, your data can be shared with third parties for the collection. 

Subcontractors are covered by the same confidentiality agreement as those which apply to Mindler, and may only process personal data in accordance with our instructions or in accordance with laws and regulations.

The list of subcontractors is available at Mindler’s website (https://mindlercare.com/legal-information/sub-processors/).

Medical referrals

If you and your Psychologist decide that you need a medical referral, they will write and send a referral to the appropriate medical provider.

Authorities

Mindler may also be required to provide necessary information to local healthcare authorities, the police or other authorities if required by law or if you have granted your approval.

Scientific Research

We may process information about your use of Services for research purposes which aim at e.g. increasing scientific knowledge in the field of medicine, health and nursing science. Such analysis is only made on a group level, and therefore results cannot be linked to you as an individual. When possible, we will do this using only aggregated, non-personally identifiable data (anonymized data). Anonymized data can be shared to third parties for research purposes. Regulations on data privacy don’t apply to the anonymized data because registered persons are not identifiable.

Where your personal data is processed

We will only process your journal data in the Netherlands. Your medical record data will not be transferred to, or processed in, any country outside the EU/EEA. Other personal data may be processed in a country outside the EU/EEA . When transferring personal data to a country outside the EU/EEA or to a country which is not subject to an adequacy decision by the European Commission or considered adequate as determined by applicable data protection laws, we take appropriate legal, technical and organizational security measures to ensure that the personal data is adequately protected according to the same level of protection as within the EU/EEA. If your personal data is transferred outside the EU/EEA, then this is done on the basis of appropriate and adequate safeguards for data transfers to comply with the requirements set out in GDPR Chapter V. 

A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.

Information Security

We will take all reasonable, appropriate technical, security and organizational means and measures considering the nature and purposes of processing and the nature of personal data processed, to protect Mindler and our customers from unauthorized access to or unauthorized alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems.

Should, despite the security measures, a security breach occur that is likely to result in a high risk to your rights and freedoms, we will inform you about the breach without undue delay.

Third-party websites and services 

Our Website or other parts of our services may contain links to third-party websites and services. If you decide to visit third-party websites and services, this Privacy Policy will no longer apply and you should consult the privacy policy of that third-party instead. 

Changes to the Privacy Policy

This policy may occasionally need to be changed or updated, for example if functions are changed or added to the Service. Minor changes to our Privacy Policy will be communicated through our Website. Major changes regarding how your data is processed will be communicated through the Application, Website and email (if you have provided it to us). We will not make substantial changes to this Privacy Policy or reduce your rights under this Privacy Policy without providing you with a notice.

This policy was last updated at 2024-01-10.

You can contact us at any time

Mindler BV is registered with Kamer van Koophandel (KVK) under organization number 75643650. Our head office is at Stadhouderskade, 1072 AB Amsterdam. 

You can contact us at any time if you have questions about your personal data by sending an email to privacy@mindler.nl.

Complaints

In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.

You have a right to contact and file a complaint with Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/) if you believe we have processed your personal data incorrectly.