Privacy Policy & Data Protection
Your privacy is our priority
Nielsen Hair Clinic attaches great importance to the protection of your personal data. As a medical clinic, we process sensitive (health) data and take our responsibilities seriously. This privacy policy is drawn up in accordance with the General Data Protection Regulation (GDPR) and the Medical Treatment Agreement Act (WGBO) .
Last updated: August 1, 2025
Applicable to: All processing of personal data via our website, clinic locations in Enschede and The Hague, and telephone/digital communication.
Applicable to: All processing of personal data via our website, clinic locations in Enschede and The Hague, and telephone/digital communication.
What Data Do We Collect?
Nielsen Hair Clinic only processes the minimum necessary personal data for:
Identification data:
- Name, date of birth, gender
- Address, postal code, city
- Phone number and email address
- BSN (Citizen Service Number) – only for medical records
Medical health data:
- Hair loss pattern and medical history
- Photos of head/donor area (for treatment plan)
- Medication use and allergies
- Previous treatments and operations
- Medical records and treatment reports
Financial data:
- Invoice and payment details
- Insurance information (if applicable)
Website data:
- IP address and browser information (via cookies)
- Contact form data
- Chat conversations and email correspondence
Purposes of Data Processing
Your data will be processed for the following purposes:
- Medical Treatment – Performing Hair Transplants and Aftercare
- Communication – Contact about appointments, treatment and aftercare
- Administration – Invoicing and accounting
- Quality assurance – Internal assessment and improvement of care
- Legal obligation – Compliance with medical legislation
- Marketing – Only with explicit consent (newsletters, testimonials)
We never process:
- Information about religion, race, political opinions or sexual life (unless medically necessary for treatment)
- More data than strictly necessary for the above purposes
Sharing Data with Third Parties
Nielsen Hair Clinic will only provide your data to third parties if necessary:
Internal processors:
- Medically personally involved in your treatment
- Administrative staff for billing
- IT administrators (under confidentiality obligation)
External parties:
- Health insurers – Only for reimbursement requests (with your permission)
- Laboratories – For any medical examinations
- Government – By legal obligation (eg Health Care Inspectorate)
- Website management – Hosting provider and email service (processor agreement)
We never sell your data to third parties for commercial purposes.
Security of Your Data
Nielsen Hair Clinic implements appropriate technical and organizational measures:
Technical measures:
- Medical record encryption (AES-256)
- Secure SSL connection for website and email
- Two-factor authentication for system access
- Regular backups on secured servers
- Firewall and antivirus protection
Organizational measures:
- Need-to-know principle – Only authorized personnel have access
- Confidentiality obligation for all employees (in employment contract)
- Annual privacy training for staff
- Role and function based access control
- Procedures upon termination of employment (immediate withdrawal of access rights)
Data breach protocol:
- Obligation to report data leaks to the Dutch Data Protection Authority within 24 hours
- Direct notification to you in case of serious data leaks
- Registration and investigation of all incidents
Your Rights as a Patient
Under the GDPR you have the following rights:
1. Right of access (Article 15 GDPR) You have the right to know what data we process about you. A copy of your medical records will be provided within four weeks for a legally established fee.
2. Right to rectification (Article 16 GDPR) If your data is incorrect or incomplete, you can request a supplement or rectification. We will confirm this in writing within four weeks.
3. Right to be forgotten (Art. 17 GDPR) You can request the deletion of your data, unless we are legally obliged to retain it (medical records).
4. Right to restriction (Art. 18 GDPR) You can request a temporary restriction of processing, for example in the event of a dispute about accuracy.
5. Right to data portability (Art. 20 GDPR) You have the right to transfer your data in a structured format to another healthcare provider.
6. Right to object (Art. 21 GDPR) You can object to processing based on legitimate interest or to direct marketing.
7. Right to human intervention You have the right to human intervention in automated decision-making.
Cookies and Website Tracking
Our website uses cookies for:
Essential cookies (always active):
- Session management and security
- Shopping cart functionality (if applicable)
Analytical cookies (with consent):
- Google Analytics – anonymous statistics about website usage
- Hotjar – User experience analysis (no personal data)
Marketing cookies (only with consent):
- Facebook Pixel
- Google Ads conversion tracking
On your first visit, we ask for your consent for non-essential cookies. You can always adjust your preferences via the cookie banner or browser settings.
Contact & Complaints
Data Protection Officer (DPO): Nielsen Haarkliniek has appointed an internal DPO.
Contact details: 📧 Email: info@nielsenhaarkliniek.nl
📮 Mail: Nielsen Haarkliniek, Attn: Data Protection Officer, Laan van Waalhaven 472
2497 GR The Hague
📞 Telephone: 070-2212829
📮 Mail: Nielsen Haarkliniek, Attn: Data Protection Officer, Laan van Waalhaven 472
2497 GR The Hague
📞 Telephone: 070-2212829
Filing a complaint: If you believe that we are not complying with privacy legislation, you can:
- Submit a complaint to our FG (response within 4 weeks)
Changes to Privacy Policy
Nielsen Hair Clinic reserves the right to amend this privacy policy. Changes will be:
- Published on this page
- Provided with a new “last update” date
- Active after 1 month of publication (unless otherwise required by law)
In case of significant changes, we inform active patients by email.
