— Privacy statement

How we
handle
your data.

At Lunaris Clinics you're in the care of a medical practice. That means we handle your personal data carefully and confidentially — in line with the GDPR, the Dutch Medical Treatment Agreement Act (WGBO), and medical confidentiality. On this page you'll read what data we collect, why, and what rights you have.

Last updated: 2 May 2026

Who is responsible?

Lunaris Clinics is the data controller for the processing described in this statement.

What data do we process?

Depending on your contact with us, we process the following categories:

  • Identification data: first and last name, gender, date of birth, BSN (mandatory in Dutch healthcare).
  • Contact details: email address, phone number, postal address.
  • Medical data: intake information, BMI, weight history, prescribed medication, lab results, treatment plan, progress notes.
  • Insurance and payment data: for the financial handling of your treatment.
  • Communication data: messages and correspondence between you and our practice.
  • Website data: limited technical data (see Cookie policy).

What do we use your data for?

  • To carry out your medical treatment and maintain your medical record.
  • For appointment scheduling and sending appointment confirmations or reminders.
  • For the financial handling of consultations, treatments and medication.
  • For communication with you, your pharmacy or other care providers (only with your consent).
  • To send you relevant information, such as the outcome of your eligibility check (only if you've signed up for it).
  • To meet our legal obligations.

On what legal basis?

We process your data on one of the following bases under article 6 GDPR:

  • Performance of a contract — to deliver care you've signed up for.
  • Legal obligation — including the WGBO, fiscal retention periods and rules around medical confidentiality.
  • Your explicit consent — for things like our newsletter, or sharing data with other care providers.
  • Legitimate interest — for example to secure our systems or to improve our website.

How long do we keep data?

  • Medical record: at least 20 years after the last contact, as required by the WGBO. For minors this period starts on the 18th birthday.
  • Financial records: 7 years (fiscal retention period).
  • Contact-form messages: up to 12 months, unless they form part of your medical record.
  • Newsletter subscription: until you unsubscribe.

Who do we share data with?

We only share what is strictly necessary, and always with proper data-processing agreements or a legal basis. Our main processors:

  • SimplyBook.me — for managing your appointments.
  • Mailchimp (Intuit, EU server) — for our newsletter and eligibility-check results.
  • Web3Forms — for handling the contact form.
  • Vevida — our hosting provider for this website.
  • Pharmacy and other care providers — only with your consent.

We never sell your data to third parties and don't use it for commercial profiling.

Security

We've implemented appropriate technical and organisational measures to protect your data — among others encrypted connections (HTTPS), access control for medical staff, regular backups and audit logs of record access. Some residual risk always remains; in case of a data breach we will contact you and — when required — report to the Dutch Data Protection Authority.

Your rights

Under GDPR you have the right to:

  • Access — receive a copy of your data.
  • Rectification — have inaccurate data corrected.
  • Erasure — where legally possible; medical records are subject to the WGBO retention requirement.
  • Restriction — limit processing pending rectification.
  • Objection — object to processing based on legitimate interest.
  • Data portability — receive your data in a structured format.
  • Withdraw consent — for processing you've previously consented to.

You can exercise these rights via contact@lunaris-clinics.nl. For verification we'll ask for valid ID (you may redact your BSN and photo). We will respond in principle within four weeks.

Complaints

Have a complaint about how we handle your data? Please contact us first — we'd like to resolve it together. If we can't reach a resolution, you may file a complaint with the Dutch Data Protection Authority.

Changes

This privacy statement may be updated when our services change or when legally required. The date of the most recent update is shown at the top of this page.

Questions?

Have questions about your privacy or this statement? Send us a message via contact@lunaris-clinics.nl or via our contact form.