1. General
MijnMitz processes personal data. Personal data means any data that can be traced back to you as an individual. In this statement, we specify what data is involved, the purposes for which we use it, and your rights in connection with this data processing.
MijnMitz is the website that allows you to register and manage your consent settings for the electronic exchange of your medical data between care providers. We call this your ‘consent profile’. Your consent profile is made up of all your consent settings related to the exchange of medical data between care providers through an electronic exchange system. You can also use MijnMitz to check which care providers are following your consent settings or have reviewed your consent settings to determine whether they can share your medical data.
MijnMitz does not process medical data. Your medical data is only processed by your caregiver. To find out what personal data your care provider has on you, please contact them directly.
The care providers have jointly set up a foundation to make Mitz possible: Stichting GVvZ (foundation for shared healthcare communication facilities). Stichting GVvZ is the data controller for the recording and management of consent settings in MijnMitz. Stichting VZVZ Servicecentrum (association of care providers for health communication) manages MijnMitz on behalf of Stichting GVvZ.
MijnMitz is intended to be used by citizens. At a citizen's request, a caregiver can provide assistance with registering their consent settings. In that case, the care provider will update the consent settings on the citizen's behalf.
Health insurers do not have access to the portal or the data processed in MijnMitz.
If Stichting VZVZ Servicecentrum uses sub-processors, a processor agreement will be concluded with them that meets the requirements of Article 28 (3) of the General Data Protection Regulation (GDPR).
2. Data collection
MijnMitz processes the following personal data:
- Your contact information: your name (optional) and email address (required)
- Your consent profile, in which you register your consent settings.
You can perform the following actions in MijnMitz:
1. Register and update consent settings
When you select consent settings and click ‘Submit consent settings’, your consent settings are processed in Mitz's consent register.
You can update your consent settings or revoke your consent at any time.
2. Sign up to receive notifications
When you sign in to MijnMitz, you are asked to enter your email address. This is necessary to inform you of important changes. Your email address is used to send you automatic notifications of activity on MijnMitz. When you receive a notification, you can sign in to MijnMitz to see exactly what happened.
You can also opt to receive certain notifications by email. You can subscribe to the following notifications:
- A caregiver has reviewed your consent settings. A caregiver has started or stopped following your consent settings.
- A caregiver has updated your consent settings at your request (this always requires your permission).
- You have turned 16 and can now register your consent settings yourself, without approval from a parent or guardian.
- Something has changed in MijnMitz. This could be the addition of new consent options, for example.
You can unsubscribe from these notifications or change your email address at any time.
The use of MijnMitz is subject to our terms of service. To use MijnMitz, you must agree to these terms. By accepting these terms, you acknowledge that you agree to the processing of your data in MijnMitz and understand the terms of use for the platform.
You can fill out a contact form on MijnMitz to get in touch with the Mitz customer contact centre (info@mijnmitz.nl). The form requires you to fill in at least your name and email address. The information you enter in the contact form is processed by the customer contact centre to properly serve you.
The customer contact centre is also available by phone. We record all calls to ensure the quality of our service, support staff training, and assist with complaints or inquiries.
3. Retention period
The data you provide will be retained:
- As long as hou have a consent profile.
- As long as you are subscibed to receive email notifications (notification service). If you opt out of notifications, you will no longer receive emails from us, except for automatic notifications sent to ensure data security (see above) and emails required to comply with our duty of disclosure.
- As long as necessary to adequately answer your question (‘contact form’).
- Call recordings are retained for a maximum of thirty (30) days. In the event of a complaint, this period may be extended to up to ninety (90) days. Call recordings are automatically and permanently deleted after this period.
Activity on MijnMitz is logged according to the NEN 7513 standard. This logging data is retained in accordance with the prescribed period.
4. Overview of data processing, basis for processing and data retention periods
The table below provides an overview of what personal data we process for what purpose, and for how long it is retained:
| Purpose | What personal data | Basis for processing | Retention period |
|---|---|---|---|
When you send us a message: Answering your questions/ comments |
| Consent | Maximum 90 days |
When you call us: The conversation is recorded for training and quality purposes |
| Legitimate interest | Maximum 90 days |
| Select or update consent settings via DigiD |
| Consent/ agreement Law (BSN) | As long as you have an active profile with MijnMitz |
| Subscribe to notifications | Consent | As long as you are subscribed |
5. Cookies
MijnMitz uses cookies to ensure an optimal user experience. What cookies are and what we use them for are explained in more detail below.
What is a cookie?
A cookie is a small, temporary file sent with pages of this website and stored by your browser on your computer or mobile device. The information stored in a cookie may be sent back to our server the next time you visit the website. This eliminates the need to enter the same information again, and helps us improve the user-friendliness of our website. Cookies have been standard practice on websites all over the world for many years.
We distinguish between functional and non-functional cookies:
- We always set functional cookies. These are functional cookies that are necessary for the website to work properly. For example, they ensure that when you fill out a form, you do not have to fill in all the information again on your next visit.
- In addition to functional cookies, we also set analytical cookies by default. Analytical cookies are an example of a non-essential cookies, as they are not necessary for the proper operation of the website. We only use analytical cookies with minimal impact on the privacy of website visitors. Data processing is based on the legitimate interest of the controller (Article 6.1(f) of the GDPR).
Tracking cookies are another type of cookie. MijnMitz does not set tracking cookies, which is why we don't show you a cookie banner.
What does MijnMitz do with functional cookies?
Mitz uses functional cookies to store session status information. This is necessary to process forms. Without functional cookies, these parts of the website may not work properly.
What does MijnMitz do with analytical cookies?
We use Matomo Analytics to track how visitors use our website. The data is processed through Matomo Cloud, which is hosted in the European Union. We have a processing agreement with InnoCraft, the company behind Matomo, and IP addresses are anonymised. We only use Matomo for our own analysis and do not share data with third parties.
Cookie information
For more information about cookies, visit Consuwijzer and Veiliginternetten. These websites also explain how to disable all cookies for all websites through your browser settings.
6. Right of access, rectification and erasure
Stichting VZVZ Servicecentrum complies with the GDPR and the NEN 7510, NEN 7512 and NEN 7513 standards. You have the right to access, rectify or erase your personal data that is processed and retained by MijnMitz.
You can delete your personal profile and any consent settings you have registered in MijnMitz. To do so, sign in to MijnMitz and click Profile. On the My Data page, click “I want to delete my data”.
If you need assistance with this, please submit a request via the contact form on the website or send an email to info@mijnmitz.nl.
7. Hyperlinks to other websites
MijnMitz may contain hyperlinks to other websites, such as DigiD. When you click on these links, you will leave the MijnMitz website.
VZVZ has no control over other websites and is not liable for the operation, content or services of third-party websites.
8. Security
MijnMitz is a secure website. You can identify this in your browser by the "https" protocol and the closed lock icon.
9. Email only
To minimise the amount of personal data we collect, Mitz only communicates with you by email. These emails will be sent from info@mijnmitz.nl. This helps you verify that the message is from Mitz. There are various options to communicate with our customer contact centre, as described above.
10. Complaints, questions and suggestions
If you have any complaints, questions or suggestions regarding data processing by Mitz on MijnMitz, let us know via the contact form.
Stichting VZVZ Servicecentrum has a Data Protection Officer (DPO). Complaints about Mitz can be directly addressed to the DPO: fg@vzvz.nl. You also have the right to file your complaint directly with the Dutch Data Protection Authority (DPA).
11. Changes to this privacy statement
This privacy statement may be updated from time to time as necessary to reflect new developments. We encourage you to review our privacy statement regularly to stay informed about any changes. When the version number changes, it means the privacy statement has been updated.
Version 1.2 - November 2025