{"id":3,"date":"2023-12-19T16:42:09","date_gmt":"2023-12-19T16:42:09","guid":{"rendered":"https:\/\/rainbowcentrum.nl\/?page_id=3"},"modified":"2025-05-20T11:05:18","modified_gmt":"2025-05-20T11:05:18","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/rainbowcentrum.nl\/nl\/privacy-policy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

1. WHO IS COVERED BY THIS POLICY?<\/h4>

This privacy policy applies to:
\u2013 Children receiving care and support services.
\u2013 Parents or legal guardians of enrolled children.
\u2013 Employees, contractors, and partners of Rainbow Care&Coaching.<\/p>

2. PURPOSES OF DATA PROCESSING<\/h4>

Rainbow Care&Coaching processes personal and sensitive data for the following purposes:
\u2013 Delivery of therapeutic, behavioral, and developmental services.
\u2013 Compliance with Dutch and EU laws (e.g., UAVG, GDPR).
\u2013 Internal recordkeeping and billing.
\u2013 Communication with parents or guardians.
\u2013 Safeguarding vulnerable children via supervised care and video monitoring (see Section 13).<\/p>

3. LEGAL BASES FOR PROCESSING<\/h4>

Data is processed under the following GDPR legal bases:
\u2013 Consent (Art. 6(1)(a)): For social media use, collaboration with third parties.
\u2013 Contractual necessity (Art. 6(1)(b)): For providing agreed-upon care services.
\u2013 Legal obligation (Art. 6(1)(c)): Reporting to authorities or complying with audits.
\u2013 Legitimate interest (Art. 6(1)(f)): For safeguarding children, ensuring high-quality service delivery, and securing the care environment, including video surveillance where necessary.<\/p>

4. SPECIAL CATEGORIES OF DATA<\/h4>

Rainbow may process medical or behavioral information where:
\u2013 Explicit consent has been obtained.
\u2013 It is necessary for the delivery of care by professionals bound to confidentiality.
\u2013 It supports therapeutic decision-making in a safe, evidence-based manner.<\/p>

5. DATA RETENTION PERIODS<\/h4>

\u2013 General personal data: Retained for the duration of care + legal requirements.
\u2013 Medical records: Retained for up to 15 years or until the child reaches adulthood, whichever is later (in accordance with Dutch law).
\u2013 Surveillance footage: Retained for a maximum of 30 days unless explicitly preserved for an ongoing safeguarding review or legal obligation, in which case separate retention controls and access restrictions apply.
\u2013 Anonymized data: May be retained for research, planning, or statistical purposes.<\/p>

6. DATA SHARING WITH THIRD PARTIES<\/h4>

We may share data with:
\u2013 Care professionals, therapists, and behavior specialists.
\u2013 Educational institutions or governmental bodies (as necessary).
\u2013 IT providers under signed Data Processing Agreements (DPAs).
All third parties are bound by confidentiality and GDPR-compliant contracts.<\/p>

7. DATA SECURITY MEASURES<\/h4>

\u2013 AES-encrypted local data storage only (no cloud storage used).
\u2013 Role-based access control and secure login procedures.
\u2013 Access logs are maintained and reviewed regularly, and in response to safeguarding or security events.
\u2013 Physical safeguards on devices storing sensitive data.<\/p>

8. RIGHTS OF DATA SUBJECTS<\/h4>

As a parent or guardian (or data subject), you may:
\u2013 Request access to or correction of your data.
\u2013 Request deletion of non-essential data.
\u2013 Restrict certain processing activities.
\u2013 Object to processing where applicable.
\u2013 Lodge a complaint with the Dutch Data Protection Authority.
Please contact info@rainbowcentrum.nl to exercise your rights.<\/p>

9. BREACH RESPONSE<\/h4>

In the event of a data breach, we will:
\u2013 Notify the Dutch DPA within 72 hours.
\u2013 Notify affected individuals if high risk is determined.
\u2013 Document the incident internally and retain breach logs.<\/p>

10. CHILDREN\u2019S DATA PROTECTION<\/h4>

Data about children under 16 is only collected and processed with parent\/guardian consent.
Additional safeguards are applied to all children\u2019s records, including limited access, encryption, and restricted usage.<\/p>

11. CHANGES TO THIS POLICY<\/h4>

We reserve the right to update this policy to reflect operational, legal, or technical changes.
Changes will be posted and shared with enrolled families.<\/p>

12. CONTACT<\/h4>

For questions, requests, or complaints:
Rainbow Care&Coaching
info@rainbowcentrum.nl<\/p>

13. VIDEO SURVEILLANCE IN CARE SETTINGS<\/h4>

Rainbow Care&Coaching utilizes video surveillance in specific care-related environments:
\u2013 Therapy rooms
\u2013 Group rooms
\u2013 Hallways
\u2013 Child-accessible kitchen areas<\/p>

Purpose: To uphold the safeguarding of vulnerable children (many of whom are non-verbal), allow for incident review, reinforce the four-eyes principle, and promote professional accountability.<\/div>
\u00a0<\/div>
Surveillance Policy Includes:<\/div>
\u2013 No cameras are placed in private areas (bathrooms, changing areas).<\/div>
\u2013 Video surveillance is operated with transparency and visible signage.<\/div>
\u2013 Recordings are retained for a maximum of 30 days unless otherwise required for safeguarding or legal investigation.<\/div>
\u2013 Review access is limited to the Director, Head of Clinical Treatment, and the Coordinator (if necessary and documented).<\/div>
\u2013 All access to surveillance footage is logged and reviewed regularly or following incidents.<\/div>
\u2013 Surveillance is not used for employee performance evaluation.<\/div>
\u2013 A Data Protection Impact Assessment (DPIA) has been completed to assess and mitigate risks.<\/div>
\u2013 Processing is justified under GDPR Article 6(1)(f) as a legitimate interest.<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Contact Info<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t