Home › Privacy Policy
Privacy Policy
This page explains how ViaNova Praktijk processes personal data. The aim is to show transparently which data is collected during the appointment request and contact process, why it is used, how long it is kept and which rights you have.
1. Data controller
ViaNova Praktijk is responsible for the processing of personal data.
- Name: ViaNova Praktijk
- KVK number: 99383438
- Website: https://vianovapraktijk.nl
- Email: info@vianovapraktijk.nl
- Location: Eindhoven, Netherlands
2. Which data may be processed?
The following categories of data may be processed via the website, the blog and the contact channels:
| Type of data | Example | Purpose |
|---|---|---|
| Identity and contact details | First name, surname, email, telephone | Responding to an appointment request |
| Appointment details | Preferred form of contact, suitable time, brief reason for the request | Initial contact and appropriate referral |
| Technical data | IP address, browser information, device information, cookie data | Security, operation of the site and statistics |
| Message content | Brief explanation sent via the form or email | Responding appropriately to the request |
| Health-related information | Limited information about the request for help that the person shares themselves | Only when necessary for an initial assessment and referral |
3. Health data and sensitive information
Some information shared in the context of psychological support or therapy may be health-related special-category personal data. Data minimisation is therefore applied: only the necessary information is requested and no unnecessary details are asked for.
The contact form is not used to make a diagnosis, to conduct therapy or for crisis intervention. Detailed clinical information is only handled within the context of an appropriate professional assessment and secure communication.
4. Purposes of processing
- Responding to an appointment request
- Making initial contact and sharing appropriate service information
- Ensuring the secure and proper operation of the website
- Meeting legal, administrative and accounting obligations
- Analysing the quality of the service and website use in a limited, measured way
5. Legal bases
Depending on the situation, personal data may be processed on the following GDPR legal bases:
- Consent: when you send the contact form, you give explicit consent for the processing of certain data.
- Performance of a contract: the preparation and delivery of the service or appointment process.
- Legal obligation: legal, accounting or professional retention obligations.
- Legitimate interest: website security, spam prevention and basic management of communication.
- Health data: health-related information is processed only in a necessary, appropriate and secure professional context.
6. Retention periods
Data is not kept longer than necessary for the purpose. The retention period may vary depending on the type of data, legal obligations and professional record-keeping requirements.
| Data | Default approach |
|---|---|
| Appointment form and initial contact | As long as necessary for the request process; if no service begins, it is deleted or anonymised within a reasonable period. |
| Email correspondence | A limited period, depending on the purpose of communication, legal requirements and the need for professional record-keeping. |
| Accounting data | According to the statutory tax and accounting retention periods. |
| Technical logs | A short, necessary period for security and error analysis. |
| Clinical file information | According to the applicable health law and professional record-keeping rules. |
7. Sharing of data
Personal data is not sold. Data may only be shared when necessary and under appropriate security conditions, with the following parties:
- Providers of hosting and web infrastructure
- Providers of email and communication services
- Providers of appointment, form or security infrastructure
- Providers of accounting or administrative support
- Competent authorities, where there is a legal obligation
Where necessary, a data processing agreement or appropriate contractual security measure is used.
8. International transfer
Web, email, analytics or security services may technically use infrastructure outside the European Economic Area. In such cases, appropriate GDPR protection mechanisms, contractual measures and data minimisation are taken as the starting point.
9. Security
ViaNova Praktijk takes reasonable technical and organisational measures to protect personal data. These may include a secure connection, access restriction, data minimisation, up-to-date software and the prevention of spam and misuse.
10. Your rights
Under the GDPR you may have the following rights:
- Request access to your data
- Have incorrect data corrected
- Request deletion of data
- Request restriction of processing
- Request data portability
- Object to processing
- Withdraw your consent, if you have given it
- Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
To exercise these rights, you can write to info@vianovapraktijk.nl. You may be asked to verify your identity so that your request can be handled securely.
11. Cookies
The website may use technically necessary cookies and limited analytics tools. Details about cookies are explained on the Cookie Policy page.
12. Blog and external links
The blog content is intended for information. Blog articles do not replace a personal diagnosis, crisis support or individual treatment advice. The website or the blog may contain links to third-party sites. ViaNova Praktijk is not responsible for the privacy practices of third-party sites.
13. Changes
This privacy policy may be updated when necessary. The most recent version is published on this page.
Last updated: 10 May 2026