This website uses cookies

This websites contains videos from YouTube. This company uses cookies (third party cookies). If you do not want them to use these cookies, you can indicate so here. However, this does mean that you will not be able to watch videos on this website. We also make use of our own cookies in order to improve our website. We don't share our data with other parties. Which cookies are involved?

This website uses cookies to enable video and to improve the user experience. If you do not want to accept these cookies, indicate so here. Which cookies are involved?

Ga direct naar de inhoud, het hoofdmenu, het servicemenu of het zoekveld.

Privacy statement

The Netherlands Cancer Institute (hereafter: NKI) wants to be able to offer optimal care to patients with cancer and also have a leading role when it comes to medical scientific research in the field of cancer. We believe it is important to handle the personal details of our patients with care. The protection of personal data is regulated by law, including the Medical Treatment Contracts Act (WGBO) and the General Data Protection Regulation (AVG). This privacy statement provides an explanation of the processing of patients' (medical) personal data by the NKI and is prepared in accordance with the requirements of the AVG.

1. Who is responsible (the processor) for the processing of your personal data?

NKI (Formally: The Netherlands Cancer Institute - Antoni van Leeuwenhoek Hospital) is the one responsible (the processor) for the processing of your personal data. NKI has a Data Protection Officer who supervises the processing of personal data with regards to compliance with applicable laws and regulations. You can reach the Data Protection Officer via privacy@nki.nl

2. What personal information do we process?

  • Name, first names, initials, titles, social security number (BSN), gender, date of birth, address, postcode, place of residence, telephone number and similar data required for communication (for example your e-mail address), as well as your bank account number;
  • An administration number;
  • The details of the parents, guardians or caregivers of underage patients as referred to in the first point;
  • The details of your family or family members as referred to in the first point;
  • The information referred to in the first point from others who are informed about your well-being and health;
  • Data related to your state of health;
  • Data relating to the health condition of your family and family members in the case of hereditary disorders;
  • Other so-called special data, including information about your ethnicity, religion/philosophy of life or sex life with a view to the proper treatment or care of the patient;
  • Data related to your followed and to be followed treatment (including images and body material);
  • Data relating to your provided medication or facilities;
  • Data relating to the calculation, recording and collection of the compensation;
  • Data relating to your insurance;
  • Other information necessary for the exercise of the profession as referred to in the Individual Health Care Professions Act (Wet BIG).
  • Data related to the use of the NKI's Wi-Fi network, such as IP address, device data and visited websites.
  • Camera images

3. For what purposes do we process your personal data?

  • Implementing the medical treatment agreement;
  • Data management as in an electronic patient record;
  • To promote quality and safety for optimal patient care;
  • Calculating, recording and collecting the reimbursement for the treatment, including placing claims in the hands of third parties;
  • Handling of complaints, disputes, incidents and emergencies;
  • Auditing;
  • Performing scientific and/or statistical research or education and/or improvement of care;
  • Actions needed to serve the above goals as well as possible;
  • Responsible operations, statutory duties and/or obligations;
  • Carrying out the physical check by health insurers;
  • Maintaining contacts;
  • Handling requested information;
  • Continuity and security of the network;
  • Protecting employees and visitors of NKI, preventing damage to property of NKI or those using the building and/or detecting persons who may have been guilty of a criminal offence or an unlawful act;

We process your personal and medical data in order to offer you the best possible treatment and to comply with legal obligations (such as the Quality of Health Act, complaints and disputes, Healthcare Insurance Act). We also process your (medical) data, image material and (residual) body material for medical scientific research with which we try to better predict diseases or develop new medicines or use for research that can contribute to the development of new treatments. The specific data that we process depends partly on the type of research and the objectives being pursued. We only process the data that is necessary for the research. The objectives of each individual medical scientific research are determined only when the research is started. On our website (https://www.nki.nl/) you will find an overview of the studies that have been carried out in recent years.

4. What is the basis for the processing of your personal data?

  • The processing is necessary for the execution of an agreement in which you are involved, such as the medical treatment agreement;
  • You have given unambiguous consent to the processing, such as for medical scientific research and/or improvement of care;
  • The processing is necessary to comply with a legal obligation, for example the reporting of infections based on the Infection Act;
  • The processing is necessary to protect your vital interests, such as the use of a care provider in the event of a calamity;
  • The processing is necessary in view of a legitimate interest of the NKI, such as measures in the interests of operational safety.

5. How long do we keep your personal data?

We only process your personal data insofar as this is necessary for the purposes as described in this Privacy Statement. If the personal data is no longer relevant, we will destroy or anonymize it. The information we receive for the benefit of your treatment agreement is included in your medical file. We are legally required to keep your medical record for at least 15 years after the end of the treatment agreement. We can retain this information for longer if this is legally required or necessary for proper assistance or care.  We retain the data that is specifically related to medical scientific research and/or the improvement of care for as long as this is necessary for the research. Because research questions are constantly changing and we can't predict which relevant questions will be important for medical scientific research in the future, we currently use a retention period of 115 years.

The retention period and destruction of camera images is in principle four weeks.

6. Who will receive your personal data?

In the context of your treatment agreement, it may be necessary to involve various care providers from the NKI or from other healthcare institutions. In that case, your attending physician may provide these healthcare providers with the information that is necessary for your treatment. Your GP who referred you to the NKI will also receive information about your treatment and health status. If you have agreed to be referred to another practitioner, your consent to provide your personal data to that practitioner is presumed. If you object to this, you can make this known to your practitioner.

For medical research conducted by NKI in collaboration with other researchers, these researchers only receive the data that is necessary for the execution of the study, see also the explanation in the Consent Statement for medical scientific research. An overview of studies carried out by NKI in collaboration with other researchers can be found on (https://www.nki.nl/).

We have made agreements with other researchers about the processing of your personal data, including agreements on use, access and security. In addition, organizations that carry out registrations receive pseudonymized research data. This concerns the Dutch registrations (such as NKR, DICA, PALGA, etc.) and regulated international registrations (like European Genome-phenome Archive (EGA). Only if we are legally required to do so, do we provide your personal data to supervisors or other competent authorities.

Third parties will also receive your personal data if it needs to be provided for the implementation of a law or court order or if it is necessary to protect your vital interests.

7. Is your personal data processed outside the EEA?

There is a possibility that NKI will share your research data with parties from countries outside the European Union. Because these countries do not always offer the same protection of personal data as the legislation in the Netherlands, an agreement will always be concluded with these parties specifying the research purpose for which the data may be used, how to handle the data and how it must be protected.

8. How do we protect your personal data?

We have taken and/or commissioned appropriate technical and organizational security measures to protect your personal data against loss or unlawful use. We secure our systems according to the applicable standards for information security, and we also make agreements about this with our service providers. Your personal data for medical scientific research and/or improvement of care will be pseudonymized or even anonymized as much as possible. After anonymization, it is no longer possible to find out whose personal data has been processed.

Within the NKI, personal data is only accessible to those who may process this data. In the context of the treatment agreement, these are for example your practitioners and nurses but also employees of the financial administration.

Employees of NKI who are involved in the processing of patient data on behalf of NKI are required to maintain the confidentiality of the personal data of which they are aware, except insofar as any statutory regulation obliges them to give notice or if the need for communication arises from their duties.

For other situations, third parties do not have access to your personal data if you have not given them permission for this.

9. Automated decision making and profiling (NB: not applicable within NKI)

At this moment, automated decision-making and profiling of your treatment agreement, medical research and/or improvement of care is not applicable.

10. Your rights regarding your personal data

  • Right to data portability: you can request NKI to hand over the data supplied by you digitally so that you can make it available to other organizations (for example, data that you have entered via 'My NKI');
  • Right to forgetfulness: this concerns the right to be 'forgotten';
  • Right of inspection: this concerns the right to view your personal data or request a copy;
  • Right to rectification and supplementation: this concerns the right to change your personal data if it is factually incorrect;
  • Right to restriction of processing: this concerns the right to have less data processed;
  • Right to object to data processing;
  • The right not to be subject to a decision based solely on automated processing (NB: this is currently not the case within the NKI);

For a more detailed explanation of these rights, you can consult 'My NKI'.

In processing personal data in medical scientific research, the above rights do not apply, except for the right to 'forgetfulness' and 'data portability'. For this, the following applies. For medical scientific research, use is made of data from other sources like your medical file or the NKI administration. This means there is no question of an 'original' dataset in medical scientific research, as a result of which these rights also relate only to your data processing in the medical file or administration of the NKI.

With regard to your right of access, we would like to point out the possibility of already viewing part of your data via 'My NKI'. To further exercise your rights, you can contact us by e-mail: rechtenvanbetrokkenen@nki.nl. We may ask you to prove your identity as a result of your request.

Anyone whose personal data is processed has the right to file a complaint with the competent authority in case of (possible) violations of the applicable law with regard to the protection of personal data. You can find more information on the website of the Dutch Data Protection Authority.

11. Changes

This Privacy Statement can change from time to time. We encourage you to consult this Privacy Statement from time to time. If the changes so require, we will ask you to agree again on the data processing as described in the Privacy Statement.

12. Contact

If you have a question about the way in which we process your personal data, please contact the Data Protection Officer. You can reach the FG via privacy@nki.nl. You can also contact the Patient Information Center in the central hall of the NKI (Plesmanlan 121, Amsterdam) or call 020-5129111. If you have questions about your rights, you can contact us by e-mail: rechtenvanbetrokkenen@nki.nl.


May 24, 2018

Share this page