Stichting Synergos Privacy Statement

Stichting Synergos and its trade names (Diagnostiek voor U, Diagnostisch Centrum Eindhoven) process personal data of its clients, requesters, clients of requesters, employees, suppliers, and visitors and users of its websites and portals in the context of medical diagnostics services.

Stichting Synergos, hereinafter Diagnostiek voor U, handles personal data with care and processes them in accordance with applicable laws and regulations, such as the General Data Protection Regulation (GDPR) and the Medical Treatment Contracts Act (WGBO).

This privacy notice is intended to inform you of your rights and our obligations in relation to the processing of your data. We try to describe as clearly as possible what data we process, for what purposes we process it and how you can exercise your rights. Diagnostiek voor U takes the protection of personal data seriously and has taken a wide variety of appropriate measures to prevent misuse, loss, unauthorised access, unwanted disclosure and unauthorised modification.

When does this privacy notice apply?

This privacy statement applies to all personal data processed by Diagnostiek voor U in connection with the services Diagnostiek voor U offers, with the exception of our app, which is subject to a different privacy policy.

Who processes the personal data?

Diagnostiek voor U, Boschdijk 1119 5626 AG in Eindhoven, as well as other trade names of its parent organisation, Stichting Synergos.

What personal data does Diagnostiek voor U process?

Diagnostiek voor U may process the following data:

Data you provide to us as a client or your medical diagnostics requester, such as:

  • BSN number
  • name
  • address
  • postcode and town/city
  • telephone number(s)
  • email address
  • gender
  • date of birth
  • requesting general practitioner with address details
  • date of contact
  • requested examination
  • reason for request
  • patient history
  • relevant medication
  • research results
  • advice to the attending physician
  • type of insurance, insurer (if applicable) and registration number
  • bank account number
  • invoice amount
  • outstanding amount

Data from requesters and insurers, such as:

  • requester’s name
  • adress
  • postcode and town/city
  • telephone number(s)
  • email adress
  • names of employees involved
  • type of insurance, insurer (if applicable) and registration number
  • bank account number

Data of own employees, hired staff and job applicants, such as:

  • BSN number
  • gender
  • marital status
  • name
  • address
  • postcode and town/city
  • telephone number(s)
  • email address
  • bank account number
  • date of birth
  • place of birth
  • country of birth
  • partner details
  • child(ren)’s details
  • educational details/degrees
  • curriculum vitae
  • salary details
  • certificate of good conduct
  • absenteeism data
  • performance reviews

For what purpose does Diagnostiek voor U use personal data?

Medical Diagnostics
Diagnostiek voor U processes personal data to provide medical diagnostics services. We use these personal data to perform examinations, send invoices and for communication purposes. We also use the data to comply with information requests from other treating physicians with your express consent.

Third Parties
Diagnostiek voor U may engage third parties as subcontractors in the performance of its services. Insofar as these third parties have access to personal data in the performance of the relevant services, Diagnostiek voor U has taken the required contractual and organisational measures to ensure that your data are processed only in accordance with applicable laws and regulations and for the purposes stated in this privacy statement.

Processing of Data on Diagnostiek voor U Websites and Portals
We collect and use data on our websites and portals primarily to provide our services and for communication purposes, but we also use data to improve the quality of our services and websites.

Filling vacancies, worker inflow, throughflow and outflow, implementing HRM policy.

Disclosure to Third Parties

We do not disclose personal data to third parties outside Diagnostiek voor U unless:

  • we have to provide examination results to requesters as part of our services;
  • we have your explicit consent to do so. You can withdraw or change this consent at any time.
  • for processing by third-party subcontractors. We may provide personal data to third parties for processing, subject to our strict instructions and confidentiality and in accordance with this privacy statement as well as specific security measures.
  • we have to comply with legal obligations. We may provide your personal data to third parties outside Diagnostiek voor U if we reasonably believe that access to and use of said personal data is necessary to comply with laws and regulations and to protect our interests, the safety of Diagnostiek voor U employees, our clients or the general public in accordance with the law.

How long does Diagnostiek voor U retain your data?

Diagnostiek voor U will not retain your data for longer than is legally permissible and necessary for the purposes for which the data are processed. Data retention periods may vary and depend on the nature of the data and the purposes for which they are processed.

Inspection, objection, correction, transfer and deletion of your personal data

You have the right to access, correct, delete and transfer a digital copy of your personal data. You can also object to the use of your data or withdraw or change your consent. Diagnostiek voor U has a processing register and uses opt-in registration for this purpose.

You can submit a request for inspection, objection, correction, deletion or transfer of a copy of your data by sending a letter or email to Diagnostiek voor U’s Data Protection Officer, stating your name, address, telephone number and attaching a copy of a valid ID.

You will receive a written response to your request within four weeks. We will comply with your request for deletion unless we have a legitimate interest not to delete the data or because we have to comply with a legal obligation that bars us from deleting certain data.

Information security

We take all reasonable and appropriate technical and organisational security measures to protect Diagnostiek voor U, our clients and client data from unauthorised access or modification, disclosure or destruction. Diagnostiek voor U is NEN7510-certified, a standards framework for information security in healthcare. Diagnostiek voor U also regularly has its technical and organisational information security policy tested by an independent party. In the unlikely event that, despite all security measures, a security incident occurs that is likely to adversely affect your privacy, we will inform you and the relevant authorities about the incident as soon as possible.

Applicability and amendments

This privacy statement of Diagnostiek voor U applies to all services, websites and portals of Diagnostics for U, Stichting Synergos and its other trade names. The most up-to-date version of this privacy statement can always be found on our website In case of significant changes, we will inform you personally about the changes.

Further use of human bodily material

Blood, urine or other bodily materials remaining after the requested examination may be used for quality assurance. This is done in an anonymous or encrypted manner, so that it is no longer possible to directly identify the source of the material. If you have any objections to the further use of your bodily material, please let us know during your blood test. In this case, we will attach a grey label to your bodily material to make your preferences known.