Privacy Policy

Mental Profit, established in St. Joost and registered with the Chamber of Commerce under number 76676927, highly values the protection of personal data. This privacy statement explains how Mental Profit deals with information about identified or identifiable natural persons, as referred to in the General Data Protection Regulation (GDPR).

1. Application

This privacy statement applies to the following categories of natural persons of whom Mental Profit processes personal data:

  1. (potential) patients;
  2. visitors to the (online) practice of Mental Profit;
  3. visitors to Mental Profit website:;
  4. participants in meetings of Mental Profit;
  5. applicants;
  6. all other persons who contact Mental Profit or of whom Mental Profit processes personal data, with the exception of its employees.

2. Processing of personal data

Mental Profit processes personal data:

  1. personally provided by the person concerned (during a meeting or discussion), by telephone, or digitally (via e-mail or web forms on the website), such as contact details or other personal data;
  2. that was obtained from other care providers or referrers with the permission of the person concerned;
  3. that was generated during a visit by a person concerned to the website of Mental Profit, such as IP address, the surfing behavior on the website (such as data of the first visit, previous visit and current visit, pages accessed and the way in which the website was navigated) and items clicked by the person concerned; audio/video- recordings during sessions

3. Purposes processing

Mental Profit will process personal data for the following purposes:

  1. the execution of medical treatment contracts and invoicing of services performed;
  2. maintaining contact, invitations for meetings and information requested by the person concerned;
  3. improving the practice website;
  4. tracking user statistics. User statistics of the website provide information about the number of visitors, the duration of their visits, which parts of the website are accessed and the click behavior. It concerns generic reports that are non-personally identifiable;
  5. monitoring access to practice and protecting confidential data.

4. Legal basis

Mental Profit processes personal data on the basis of one of the following legal grounds:

  1. consent of the person concerned. This permission can always be withdrawn, but withdrawal will not affect the lawfulness of the processing on the basis of the permission before the withdrawal;
  2. execution of or with a view to the conclusion of medical treatment agreements, including invoicing to third parties, such as the health insurance company and the like;
  3. legal obligations, such as the obligation to keep medical records or to register BSNs;
  4. a legitimate interest, such as the use of contact information for sending invitations for a meeting.

5. Processors

Mental Profit may use service providers (processors) for the processing of personal data who will only process personal data according to instructions from Mental Profit. Mental Profit will conclude a processor agreement with processors that meets the requirements of the General Data Protection Regulation (GDPR/AVG).

6. Share personal data with third parties

Mental Profit will share personal information with third parties, if this is indicated in the context of the treatment (for example a referral) or if necessary to comply with legal obligations. Mental Profit will not share personal data with third parties for commercial purposes, unless meetings are organized together with another organization. In that case, only the required contact information will be shared.

7. Transfer outside the EEA

Mental Profit does not, in principle, transfer personal data to countries outside the European Economic Area (EEA). If this should nevertheless be necessary, Mental Profit ensures that the transfer will only take place if the European Commission has indicated that the relevant country provides an adequate level of protection or if there are appropriate safeguards within the meaning of the General Data Protection Regulation (GDPR/AVG).

8 Storage of data

Mental Profit will not store any personal data longer than necessary. In principle Mental Profit will use the following retention periods:

  1. medical data: at least 20 years after the end of the treatment agreement;
  2. (financial) administrative data: 7 years after recording the data;
  3. data of employees and freelancers, other than (financial) administrative data: 5 years after termination of employment or after the end of the assignment agreement;
  4. details of applicants: 6 months after completion of the application procedure;
  5. visitors to the website: 5 years after the last visit to the website, unless an objection is made in which case the data will be deleted.

9. Changes to privacy statement

Mental Profit may change this privacy statement at any time. An up-to-date version of the privacy statement will be published on the website of Mental Profit. It is advisable to consult this privacy statement regularly so that you are aware of any changes.

10. Rights, questions and complaints

You have the right to request Mental Profit to view, rectify, delete, transfer, limit processing and to object to processing. You can contact Mental Profit by sending an e-mail message to

For questions or complaints about the way in which Mental Profit processes personal data, you can also contact Mental Profit by sending an e-mail message to We will try to resolve complaints satisfactorily. If no satisfactory solution is reached, you can contact the Dutch Data Protection Authority (AP).

Privacy Policy Website

Who we are

Our website address is:


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.