Privacy statement LUMC

Your privacy is important to LUMC. As a patient or research participant, you must be confident that LUMC handles your personal data confidentially. Read more about how LUMC handles your personal data. For instance, how long your data are stored and how you can access them.

Last updated: 16-06-2026

Your personal data at LUMC

If you are a patient of LUMC, we will process your personal data. By processing, we mean that LUMC uses and stores your personal data, adds to it, sends it and uses it for your treatment. Your medical information is stored in your patient file.

When processing your personal data, LUMC is obliged to comply with European and Dutch privacy legislation, such as the General Data Protection Regulation (GDPR). In accordance with this legislation, LUMC is the so-called data controller for the processing of your personal data. . This means that LUMC is responsible for ensuring that your personal data is processed carefully and in accordance with the GDPR.

If you are a patient of LUMC, we will process your personal data. By processing, we mean that LUMC uses and stores your personal data, adds to it, sends it and uses it for your treatment. Your medical information is stored in your patient file.

When processing your personal data, LUMC is obliged to comply with European and Dutch privacy legislation, such as the General Data Protection Regulation (GDPR). In accordance with this legislation, LUMC is the so-called data controller for the processing of your personal data. . This means that LUMC is responsible for ensuring that your personal data is processed carefully and in accordance with the GDPR.

LUMC takes great care to protect and secure your data and your medical file properly. LUMC is ISO 27001 and NEN7510 certified. ISO 27001 and NEN7510 are international standards for good information security and data protection. All employees  with access to your data, like nurses, doctors and administrative staff, may only access your data if this is necessary for their work and are obligated to maintain confidentiality. If LUMC uses (IT) service providers to handle personal data, we enter into agreements with these providers that clearly specify which data are shared and under what (security) conditions.

Your privacy rights

Subject to conditions, you have the right to access, correct or delete your personal data. And to withdraw your priorly given consent to the processing of your personal data. You can also request to restrict the processing of your personal data and to transfer data to another organisation. You can object to the processing of your personal data.

You are also entitled to know which employees have had access to your medical file. In some cases however, LUMC can (partly) decline your request because it is in conflict with other laws by which LUMC must abide and because LUMC also has to take into account the privacy of other people involved. Finally, you can file a complaint with the Dutch Data Protection Authority. Read more about your privacy rights (Dutch only).

Contact about your data

If you have questions about your data at LUMC and the protection of your privacy, please discuss these with your treating physician. You may also contact LUMC's Data Protection Officer (DPO). Send an e-mail to privacy@lumc.nl.

If you’re not content about the way LUMC processes your data you can file a complaint with LUMC’s DPO. You can also file a complaint with the Dutch Data Protection Authority. You can find more information on the website of the Data Protection Authority.  

LUMC Foundation

Below you can find the privacy statement of the LUMC Foundation (Dutch only).

When you visit our website, LUMC processes your personal data through cookies. More information can be found in the LUMC cookie policy (NL).