Skip to content

Privacy statement

THIS NOTICE SETS FORTH HOW (SPECIAL) PERSONAL DATA RELATING TO YOU MAY BE USED AND DISCLOSED, AS WELL AS HOW YOU MAY OBTAIN ACCESS TO SUCH INFORMATION AND WHAT YOUR RIGHTS ARE. PLEASE REVIEW THIS NOTICE CAREFULLY.

ONVZ and its affiliated entities operate jointly as a single organization to use and share your health information in a secure manner, in accordance with the purposes for which such information has been obtained, including assistance with treatment and care, as well as the processing of payment for the related services.

For purposes of this Notice, the terms “ONVZ,” “Private Health Services,” “we,” “us,” and “our” collectively refer to ONVZ Aanvullende Verzekering N.V. and its affiliated entities.

Your Data. Your Rights. Our Responsibilities.

In this Notice, we describe:

  • The information we collect about you
  • When we use and share your information
  • When we are required to disclose your information
  • When we need your consent to use or disclose your information
  • Your rights with respect to your information
  • How we safeguard your information
  • Changes to the terms of this Notice

Information we collect about you 

In order to provide you with Private Health Services, we process medical and personal data obtained directly from you. Personal health information is information about you that may be used to identify you (such as your name) and that relates to:

  • Your physical or mental health or condition in the past, present, or future,
  • The provision of health care to you, or
  • Your past, present, or future payments for the provision of health care.
Personal health information provided by you

When you make use of the Private Health Services, you are required to provide ONVZ with information about yourself, your medical history, prior treatments, and possible future treatment options. When you communicate with us, your telephone conversations, emails, and other communications between you and ONVZ and/or ONVZ’s service providers may be recorded and logged. Accordingly, we collect and retain all information discussed during such communications, including your identity, the date and time of the communication, and its content.

Personal health information collected automatically

ONVZ also uses your data to inform you about other products and services beyond the insurance policies you already hold with ONVZ. At times, ONVZ may send such information to all its insured members or business partners, and at other times, to only a subset thereof. ONVZ determines such subsets by selecting insured members or business partners to whom the information is relevant. In making such selections, ONVZ never uses information about your health or finances, but may rely on details such as your address and age. ONVZ may also use information obtained from sources outside ONVZ. However, ONVZ will never make a decision that has significant consequences for you solely on the basis of automated processing.

Private Health Services also makes use of four types of cookies on its website and within its applications.

Functional Cookies

Functional cookies are strictly necessary to make ONVZ's websites and apps work. They cannot be switched off. For example, these cookies ensure that your language preference, completed form details and cookie settings are remembered. ONVZ only uses these cookies for technical and functional purposes. We do not process personal data and other information beyond these purposes.

Limited Analytical Cookies

With limited analytical cookies, ONVZ collects information about the use of our website, such as which pages you visit, how long you spend on the website, which device or browser you use to visit us, and whether any errors occur (such as links not working). We only use this information to analyze and improve our website. This involves processing personal data, such as a (partially) masked IP address and device data. ONVZ uses Google Analytics with IP anonymization enabled for this purpose and we do not share this data with other parties. We also do not use this information for marketing purposes.

Miscellaneous cookies

ONVZ uses miscellaneous cookies to record your browsing behavior within and outside our websites. We use this data to: show targeted ads on other websites and social media, enable social media features (such as YouTube), measure campaign performance and collect user feedback through tools such as GetFeedback. To do this, ONVZ processes personal data such as IP address, unique IDs, device and browser information and click behavior. This data is shared with third parties such as Google, Meta, Microsoft, LinkedIn, Spotler and Getfeedback. These parties may combine your data with other information they have collected about you through their own platforms.

Advertising cookies

Applications of these cookies include selecting ads based on what is relevant to you, improving reporting on the performance of advertising campaigns, and preventing you from seeing ads you have already seen.

For limited analytical cookies and other cookies, your consent is required. Upon your first visit to our website (or after deleting cookies), we will request your consent through the cookie banner. You may modify these settings at any time via the cookie options link located at the bottom of each page on our website.

When we use and disclose your information

In order to provide you with the Services, we must use your personal health information for the following purposes:

Treatment activities

We use your personal health information within Private Health Services to assist you in the process of selecting the appropriate care provider or service provider. We may disclose your personal health information to physicians or care providers so that they can treat you and provide medical services.

Payment activities

We may use and disclose your personal health information to receive payments and for other payment-related activities.

Health care operations

Private Health Services may use your personal health information for purposes of business operations. This includes, for example, improving service delivery, providing customer service, conducting quality assessments, contacting you regarding available services, verifying the qualifications of care providers, and carrying out other operational activities in health care.

We may also use personal health information to
  • Engage third parties in connection with our services. Where it is necessary for such a third party to access health information, we will disclose only the minimum personal health information required to achieve the intended purpose of such use and exchange (subsidiarity and proportionality).
  • Communicate with family members or caregivers involved in your care and the payment for care. In such cases, we will only share the information necessary (unless you have authorized these persons to receive all information).
  • Generate anonymized and aggregated information.
Sharing with others

ONVZ may receive your personal data from third parties, but only where necessary, for example:

  • From care providers you visit, with whom ONVZ has an agreement, or from those who submit claims directly. Such care providers may send invoices directly to ONVZ/Private Health Services.
  • For our IT and data exchange systems, we rely on various software providers. These providers may be granted limited access to personal data for purposes of system management.
  • For customer contact and/or marketing purposes, we may engage external parties, such as physical mail delivery services, external mailing partners/call centers, data marketing platforms, or (social media) websites. Other examples include outsourcing recovery activities under health care recourse claims or engaging external parties for debt collection management. Personal data may also be disclosed to courts in connection with the pursuit or defense of legal claims.
When we must share your information

There are limited circumstances in which ONVZ is permitted or required by law to use or disclose your personal health information without your consent.

These include, among other things:

  • For judicial and administrative proceedings, such as responding to subpoenas;
  • To prevent or reduce a serious and imminent threat of harm to an individual or to the public;
  • Where required by law or for law-enforcement purposes;
  • For supervisory and regulatory activities in the field of health care

Transfers of personal data to third countries

If ONVZ wishes to use the services of an organization established in a country outside the EEA and this involves the transfer of personal data, ONVZ proceeds as follows:

  • If the country is subject to an “adequacy decision” of the European Commission, the EU considers that country to provide an adequate level of protection and personal data may be transferred;
  • If no adequacy decision applies, personal data will be transferred only where appropriate safeguards are in place to protect personal data;
  • Where appropriate safeguards are not possible—for example, where the EU-prescribed Standard Contractual Clauses cannot be used—transfer to a third country is permitted only in exceptional cases, such as where you have given consent or where it is necessary for the establishment, exercise, or defense of legal claims.
  • ONVZ imposes the foregoing obligations on any organizations to which activities are outsourced. If such an organization in turn wishes to outsource activities, that party must also comply with these conditions.

ONVZ’s information about marketing and cookies

ONVZ also uses your data to inform you about products and services other than the insurance policies you already hold with ONVZ. Sometimes ONVZ sends this information to all insured persons or business partners, and sometimes to a subset thereof. In making such a selection, ONVZ never uses information about your health or finances, but may use information such as your address and age. ONVZ may also use information obtained from sources outside ONVZ. However, ONVZ will never take a decision that has significant consequences for you based solely on automated processing.

How long does ONVZ retain your data?

Sometimes laws and regulations prescribe a clear retention period; sometimes they do not. In that case, ONVZ retains your data for as long as necessary. The duration depends on the purpose for which ONVZ obtained and must retain your data. The applicable rules are explained below.

General rule: 7 years

As a general rule, ONVZ retains your data for 7 years after your relationship with ONVZ ends.

Your rights regarding your personal health information

You have the following rights with respect to your personal health information held by ONVZ. In addition, your medical proxy or legal guardian may exercise these rights on your behalf and make choices regarding your medical data.

Access

Most of the personal information managed by Private Health Services is directly available to you in the digital portal. You can find it by following the instructions below.. You may also wish to receive specific information in addition. You may submit a request for this. Please specify in your request which data you wish to access.

Rectification

Naturally, ONVZ wishes to ensure that the correct personal data about you are recorded in our administration. If something is incorrect, you may always ask us to correct the error or to supplement the data. Please specify in your request which data we should amend and why.

Erasure

In some cases, you may ask ONVZ to delete data about you, for example:

  • if ONVZ no longer needs your data
  • if your data are used on the basis of your consent and you withdraw that consent
  • if you legitimately object to the use of your personal data
  • if ONVZ was not permitted to use your personal data
  • if laws or regulations require ONVZ to delete your data
  • if ONVZ uses your data for social media and you withdraw your consent

Please specify in your request which data you wish to have erased and why you believe ONVZ should do so. If your request concerns data needed to perform your insurance contract, deletion is often not possible because ONVZ needs your data to administer your insurance.

Restriction of processing

Do any of the following situations apply to you?

  • You have requested correction of your data and that request is pending with ONVZ
  • ONVZ is not allowed to use your data, but you do not want the data to be deleted
  • You have objected to ONVZ’s processing of your data and that objection is pending

You may then ask ONVZ to restrict the use of your data. This means that ONVZ may use your data only in the following cases

  • where you consent
  • to perform ongoing services
  • to establish, exercise, or defend legal claims
  • to protect the rights of another person or organization
  • for reasons of important public interest of the European Union or of a Member State, such as public health

Please explain in your request why you believe ONVZ should not use your personal data. You may of course add this request to your correction request or your objection.

If your request is justified, ONVZ will restrict use for as long as the situation giving rise to your restriction request persists. Your insurance coverage will continue as normal. You must continue to pay premiums during the restriction.

Data portability

You may ask ONVZ to transmit the personal data ONVZ holds about you to another party. This may be another organization or person, or yourself. Such a request is possible only if ONVZ has processed your personal data by automated means. ONVZ will transmit your data in a form that is as structured and commonly used as possible and that can be sent and opened on a computer, smartphone, or tablet.

Objection

You may object to the use of your personal data if you have special, personal reasons for doing so and the processing is not necessary for the performance of your insurance contract. Please indicate in your objection which data it concerns and the reason for your objection.

Change or withdraw consent

Have you given ONVZ consent to use your personal data? You may change or withdraw that consent at any time. This has no retroactive effect; actions already performed remain valid.

Please clearly state in your request what you wish to change or which consent you wish to withdraw.

Human review

Some of our processes involve automated decision-making. You may always ask us to have such an automated decision reviewed by a staff member.

Rights of children under 12

Are you the financial holder of an account? Then you may exercise the above rights for the child as well. If a child is 12 years of age or older, the financial account holder is only entitled to the data necessary for registration with Private Health Services and to obtain sufficient insight into invoices payable. For example, if as the financial account holder you request access to the personal data of a child aged 12 or older, we can provide you only with the data just mentioned.

How is your personal data secured?

ONVZ implements measures across the organization to secure personal data. These measures concern the organization, personnel, processes, technology, and the physical security of, for example, our premises in Houten. All such measures are set out in ONVZ’s security policy. This policy has been audited by our IT auditors. In addition, De Nederlandsche Bank supervises implementation of the security policy.

Our measures are based on ISO standard 27002, an internationally recognized standard for information security.

ONVZ also engages other organizations for activities involving the processing of your personal data—for example, the company that digitizes incoming mail so that we can record mail in our administrative systems. With all such organizations we have agreed that they will secure your personal data as adequately as necessary and demonstrate compliance with these agreements.

How to contact ONVZ? 

If you have questions about this Privacy Statement, you may contact ONVZ’s Data Protection Officer (Functionaris Gegevensbescherming). Send an email to fg@onvz.nl or a letter to ONVZ, Attn. Data Protection Office, Postbus 392, 3990 GD Houten

If you have privacy-related complaints, you can contact us via the contact form on our website. You may also lodge a complaint at any time with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via (www.autoriteitpersoonsgegevens.nl, or by phone at 088 180 52 50).

This Privacy Statement is subject to change. This version is dated 20 August 2025.