Privacy Statement
Privacy Statement Wachtlijstsysteem
Privacy Statement Wachtlijstsysteem
Last updated: 29-3-2025
- Save time by handling new registrations efficiently
- Data securely stored on Dutch servers
- Access control, logging, and encryption included as standard
- Save time by handling new registrations efficiently
- Data securely stored on Dutch servers
- Access control, logging, and encryption included as standard
1. Introduction
Wachtlijstsysteem places great importance on your privacy and the protection of personal data. In this privacy statement, we explain which data we process, why we process it, and what rights you have.
This statement applies to all users of our Wachtlijstsysteem software and our website.
2. What personal data do we process?
We process the following personal data:
- Identification details: Name, email address, phone number.
- User account details: Username, password (encrypted), role, and preferences.
- Information about software usage: Log data, IP address, device information.
- Data entered in the waiting list functionality: Personal data that users enter into the software.
- Billing details: Payment information and address details, if applicable.
- Cookies and tracking data, if applicable, see section 8.
If our software is used in a medical context, this may result in the processing of special categories of personal data, such as health data. See section 6 for details on additional security measures and the legal grounds for such processing.
3. Purposes and legal bases for processing
We process personal data solely for the following purposes and on the basis of the legal grounds set out below:
| Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Provision of our software and services | Performance of a contract (art. 6(1)(b)) |
| Management of user accounts | Performance of a contract (art. 6(1)(b)) |
| Improvement of our software and security | Legitimate interest (art. 6(1)(f)) |
| Customer service and support | Performance of a contract (art. 6(1)(b)) |
| Invoicing and administration | Legal obligation (art. 6(1)(c)) |
| Use of cookies and analytics | Consent (art. 6(1)(a)) |
If we process special categories of personal data, such as health data, this will only take place on the basis of a specific legal ground, such as explicit consent or a specific legal obligation (art. 9 GDPR).
4. How do we protect personal data?
We take the protection of your data seriously and have implemented appropriate measures, including:
- Encryption of data: All sensitive data is end-to-end encrypted (AES 256-bit).
- Access control: Only authorized personnel have access based on the “need-to-know” principle.
- Secure storage and backups: Data is securely stored and regularly backed up.
- Secure login processes: Including strong password requirements.
5. Sharing data with third parties
We only share personal data in the following cases:
- IT and hosting providers: For hosting and securing our software, encrypted.
- External service providers: For example for invoicing and support, encrypted.
- Legal obligations: If we are legally required to provide data, for example to supervisory authorities.
We conclude a data processing agreement with all external parties to ensure they comply with the GDPR.
If data is shared with parties outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), or we work with companies located in countries that have an EU adequacy decision.
6. Processing of special categories of personal data
If health data or other sensitive personal data are processed within our software, we take additional measures:
- We process such data only on the basis of explicit consent or a specific legal ground (art. 9 GDPR).
- All data is stored in encrypted form and is accessible only to authorized users.
- We advise users to handle the entry of personal data within the software with care.
7. Retention period
We do not retain personal data longer than necessary for the purpose for which it was collected, unless we are legally required to retain it for a longer period.
Specific retention periods:
- User account data: Up to 3 months after termination of the contract.
- Billing data: 7 years, in accordance with tax retention obligations.
- Log data and usage data: Maximum of 24 months.
8. Use of cookies and tracking
We use cookies and similar technologies to improve our software and website. We do not collect non-essential cookies.
Types of cookies:
- Functional cookies, which are necessary for the operation of the software.
9. Your rights
You have the following rights regarding your personal data:
- Right of access – You can request which personal data we process about you.
- Right to rectification – You can have incorrect data corrected.
- Right to erasure – You can request that your data be deleted.
- Right to restriction of processing – Under certain circumstances, you can request restriction of processing.
- Right to data portability – You can receive your data in a structured format.
- Right to object – You can object to processing based on legitimate interest.
You can submit a request to the customer of the product, the healthcare provider with whom you register, or via info@wachtlijstsysteem.nl. We will respond to your request within one month.
10. Complaints and supervisory authority
If you are not satisfied with how we process your data, you may file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
11. Changes to this privacy statement
We reserve the right to amend this privacy statement. Changes will be published on our website and, where applicable, communicated through the software.
12. Contact details
For questions about this privacy statement, please contact:
Wachtlijstsysteem
E-mail: info@wachtlijstsysteem.nl
Chamber of Commerce number: 88637735