Privacy Statement

At iPractice, openness and transparency are part of our core values. That is why we also want to be open and transparent about how we handle your personal data. Your privacy is always our top priority. Your data is safe with us and we will use it wisely.

In case you visit our website, chat with us, call with us or have a conversation with one of our psychologists, you are sharing your personal data with us. In this way we can be of service in the best possible way. We consider it important that you know what happens to your data in these occasions.

In this privacy policy, we explain how we use and protect your personal data. If you still have questions after reading this policy, please let us know at privacy@ipractice.nl.

On this page you will find the latest version of our privacy policy. This policy may change from time to time as a result of new developments and activities within iPractice or changes in privacy legislation. Not sure about the latest version of the privacy policy? Please check this page to make sure you are on the right track.

The last changes were made on the 5th of February 2025.

Who is responsible for processing your personal data?

iPractice Zorg B.V. (“iPractice”), having its registered office at Nieuwe Herengracht 47 in Amsterdam and registered with the Chamber of Commerce under number 71629610, is responsible for processing your personal data.

What is the scope of this privacy policy?

This privacy policy applies to all products and services offered by iPractice and concerns the processing of personal data of anyone who has contact with us, in any way.

For Example: (potential) clients, visitors to the practice, visitors to the website, participants in meetings of the practice, job applicants and all other persons who contact us or whose personal data we process. iPractice employees are excluded.

What is personal data?

Personal data refers to any data that can be traced back to you as a person. The most basic personal data are your name, phone number, address or e-mail address. In addition, all other data you that can be traced back to you and which are relevant to your contact with iPractice are considered as personal data. Examples are your request for help, information about your personal situation, or the results of your health check.

What personal data do we process?

At iPractice, we process your data for different purposes

We may process the following data:

Your first and your last name
Email address
Telephone number
Address
Information about your personal/medical situation, including your request for help
The results of your health check
Your BSN (only if the use of iPractice’s services is covered by the additional insurance of your health insurance company instead of by your employer)
Any other personal data you share with us

For what purpose and on what basis do we process your personal data?

We process the above data in order to execute the treatment agreement between you and iPractice and to handle any invoices for our work.

The treatment agreement comes into effect when you ask one of our psychologists for help. This agreement does not have to be in writing. The treatment agreement is therefore implicitly established when you ask for medical or other assistance or make an appointment by chat, telephone or video call.

The basis for processing these personal data is layed down in article 6 paragraph 1 sub b of the AVG: the processing is necessary for the performance of the agreement between you and iPractice.

Insofar as the above data are medical data, your data will only be processed based on the treatment agreement we have concluded with you, in accordance with Article 9(2)(h) of the AVG.

We also process your above contact details to keep in touch with you, provide you with information or to invite you to meetings. The basis for processing this personal data is Article 6 (1) (f) of the AVG: we have a legitimate interest in processing this personal data. Without these data we cannot offer any of our services to you.

We prompt filtered personal data with artificial intelligence to improve the treatment quality (e.g. relevant suggestions for exercises).

How do we obtain your personal data?

We process personal data that comes to us through various means. This may be when:

You personally – during a conversation, meeting or by telephone – share your personal details with us, think of your contact details, information about your medical condition or other personal data.
You share digital data with us – during an online consultation or via e-mail, chat or web forms on the website – such as your contact details, information about your medical condition or other personal data.
With your permission, we request information from or share it with other care providers or referrers.
We obtain information during your visit to the iPractice For example, your surfing behavior, including data about your first, last and current visit, which pages you view, how you navigate through the site and which parts you click on.

How do we protect your personal data?

iPractice takes measures to protect your personal data, both technically and organizationally. We are constantly alert to this, so that your data are processed carefully. We do this by:

Taking appropriate measures so that your personal data are safe, given the possible risks.
Ensuring that all iPractice staff who have access to your personal data comply with confidentiality requirements. All of our practitioners are subject to strict professional secrecy. They and the other iPractice staff members are also contractually bound to secrecy.
Usernames and passwords are set on all our systems. We regularly test these systems for their functionality and robustness.
Where possible, to anonymize or pseudonymize your personal data, in order to guarantee your privacy in the event of an emergency.

What are our rights and obligations when processing your personal data?

The law is strict, so we strictly adhere to it. iPractice always processes your personal data on one of the following legal grounds:

We have received your permission. You always have the right to withdraw this permission. This does not affect the lawfulness of the processing of your data, based on the consent you gave before withdrawing it.
We have agreed on a treatment contract. To execute this contract, the processing of your personal data is necessary, as well as for the possible declaration of incurred costs – for example, to the health insurance.
We have a legal obligation, such as the obligation to maintain a medical file or to register your BSN, if the use of the services of iPractice is reimbursed by your health insurance company.
We have a legitimate interest, such as using your contact information so you can be invited to a meeting or webinar.

iPractice may share personal data with the following parties:

With you as a client or your legal representative, in case we have concluded a treatment agreement.
Employees of iPractice directly involved in the treatment of you as a client. But only to the extent that the data are necessary for the performance of their work.
Employees of iPractice who are involved in administration and conducting research to improve our treatment approach. Our researchers only have access to personal data that is anonymous or pseudonymous.
Subsidiary companies of iPractice. These are iPractice Holding B.V., OpenUp B.V., iPractice Software B.V. and OpenUp GmbH.
Health insurance companies, to the extent necessary. This concerns any obligations from current or future insurance agreements. Health insurance companies will never have access to the content of your treatment.

In addition, we may engage other service providers (“processors”) to process your personal data. In these cases, they will work exclusively in accordance with the instructions and guidelines of iPractice. We have concluded a processing agreement with these processors that meets the requirements of the General Data Protection Regulation (GDPR). An overview of our processors can be found below:

Telasoft (for processing data of medical files)
Microsoft Azure (hosting data of medical records)
LiveChat (if chatting without an appointment)
Google (for analysis of website visits and e-mail contact)
Talkdesk (for direct telephone contact via the website)
Zorgdomein (for receiving and processing refferals from your doctor)
Zorgmail (for secure emailing with psychologists)

Your personal data will only be shared with other parties if there is a basis for doing so. We never share your personal data with your employer. We also never share your information with third parties for commercial purposes without first asking your permission. In that case, only necessary contact details will be shared.

We recommend that you also read the privacy policies of the above parties.

Where do we store your data?

We store your data on servers located within the European Union. In principle, we never transfer personal data to countries outside the EU. Should this nevertheless be necessary, for example because an external service provider is located elsewhere, we will take all appropriate measures to ensure the protection of your data as best as possible, in accordance with the provisions drawn up by the European Commission in this regard and in line with the General Data Protection Regulation (GDPR).

How long will your data be kept?

We like to get to know you, but never keep your personal data longer than necessary. In doing so, we take the following retention periods into account:

Medical data We keep these for twenty years after the end of our treatment agreement. This is laid down in the Medical Treatment Agreement Act (WGBO).

Medical information shared during an online consultation, which we link to your medical file This information will be kept for twenty years after the end of our treatment agreement. This is so laid down in the Medical Treatment Agreement Act (WGBO).

Personal & chat data that are shared during online consultations We only keep these data for the duration of the treatment.

Financial and administrative data We keep these for seven years after the data was recorded.

Data of employees and freelancers, other than (financial) administrative data These data will be retained for seven years after leaving employment or after the end of the contract for the assignment. A copy of your passport will be kept for five years and other data from your personnel file will be kept for two years.

Applicant data We keep these data for four weeks after completion of the application process, unless we have asked your permission to keep them longer. In that case it will be for the maximum period of one year.

Visitors to the website We keep these data for two years after the last visit to the website. It is possible to object to that. In that case we will destroy these data.

Data from AI Filtered data prompted shall not be stored longer than the 30 days as set out by Microsoft Azure.

What about cookies and other technologies on the website?

We mainly use our website to share information and reach you as a (future) client. We use cookies on our website, more about this in our cookie policy.

How can you see, change or delete your personal data?

If you have any questions or would like to know what personal data we hold about you, you can always contact us at privacy@ipractice.nl.

Amongst other things you can:

Get an explanation about what personal data we have and what we do with it;
get access to the exact personal data we hold;
exercise your right to receive data from us so that you can transfer it (data portability);
have errors corrected;
have outdated personal data removed:
withdraw consent given by you: and/or
object to a certain use of personal data.

More specifically, your psychologist can always show you the data contained in your file, if you ask for it. Your therapist may also share a copy of your file with you. If you would like to see your file or receive a copy from us, please send us your request by email to privacy@ipractice.nl. If you believe that the personal data in your file is factually incorrect, you can ask your therapist to correct it.

If you wish to have your personal data removed before the expiration of the retention period we have indicated, you may also send us a request to that effect by e-mail (privacy@ipractice.nl). In most cases, we will comply with your request and remove your personal data as soon as possible. There are exceptional situations in which we cannot comply with your request to delete your file. An example is when so-called ‘good care’ prevents this. Think of information that is so crucial to the treatment, that we can no longer provide you with good care after its destruction.

The right to lodge a complaint

If you have a complaint about the way we process your personal data, please send us an email to privacy@ipractice.nl, or discuss it directly with your therapist. We will be happy to help you and will of course try to resolve any complaints to your satisfaction. It is also possible to submit a complaint to the Dutch Data Protection Authority.

Still have questions?

You can ask your question to us by mail at team@ipractice.nl, or directly to your therapist. We are happy to help you, whatever your question is!