Privacy statement LUMC
Last updated: 16-06-2026
Your personal data at LUMC
If you are a patient of LUMC, we will process your personal data. By processing, we mean that LUMC uses and stores your personal data, adds to it, sends it and uses it for your treatment. Your medical information is stored in your patient file.
When processing your personal data, LUMC is obliged to comply with European and Dutch privacy legislation, such as the General Data Protection Regulation (GDPR). In accordance with this legislation, LUMC is the so-called data controller for the processing of your personal data. . This means that LUMC is responsible for ensuring that your personal data is processed carefully and in accordance with the GDPR.
…If you are a patient of LUMC, we will process your personal data. By processing, we mean that LUMC uses and stores your personal data, adds to it, sends it and uses it for your treatment. Your medical information is stored in your patient file.
When processing your personal data, LUMC is obliged to comply with European and Dutch privacy legislation, such as the General Data Protection Regulation (GDPR). In accordance with this legislation, LUMC is the so-called data controller for the processing of your personal data. . This means that LUMC is responsible for ensuring that your personal data is processed carefully and in accordance with the GDPR.
LUMC takes great care to protect and secure your data and your medical file properly. LUMC is ISO 27001 and NEN7510 certified. ISO 27001 and NEN7510 are international standards for good information security and data protection. All employees with access to your data, like nurses, doctors and administrative staff, may only access your data if this is necessary for their work and are obligated to maintain confidentiality. If LUMC uses (IT) service providers to handle personal data, we enter into agreements with these providers that clearly specify which data are shared and under what (security) conditions.
Frequently asked questions
Your privacy rights
Subject to conditions, you have the right to access, correct or delete your personal data. And to withdraw your priorly given consent to the processing of your personal data. You can also request to restrict the processing of your personal data and to transfer data to another organisation. You can object to the processing of your personal data.
You are also entitled to know which employees have had access to your medical file. In some cases however, LUMC can (partly) decline your request because it is in conflict with other laws by which LUMC must abide and because LUMC also has to take into account the privacy of other people involved. Finally, you can file a complaint with the Dutch Data Protection Authority. Read more about your privacy rights (Dutch only).
Contact about your data
If you have questions about your data at LUMC and the protection of your privacy, please discuss these with your treating physician. You may also contact LUMC's Data Protection Officer (DPO). Send an e-mail to privacy@lumc.nl.
If you’re not content about the way LUMC processes your data you can file a complaint with LUMC’s DPO. You can also file a complaint with the Dutch Data Protection Authority. You can find more information on the website of the Data Protection Authority.
LUMC Foundation
Below you can find the privacy statement of the LUMC Foundation (Dutch only).
Cookie policy
When you visit our website, LUMC processes your personal data through cookies. More information can be found in the LUMC cookie policy (NL).