Data protection

Data protection policy

Introduction

Ketterthill processes your personal data as part of the management of the website, in compliance with current legislation.

This policy provides you with information on how Ketterthill processes your personal data.

This policy, which is accessible on our website, is updated regularly to take account of legislative and regulatory developments, and any changes in the processing operations carried out by Ketterthill.

This policy was last updated on November 21, 2023.

What are our commitments ?

We undertake to comply with the applicable regulations for all processing of personal data that we carry out. Therefore, we undertake to comply with the following principles:

  • We process your personal data lawfully, fairly and transparently.
  • We collect your personal data for specific, explicit, and legitimate purposes and will not process it in a manner inconsistent with these purposes.
  • We ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • We make every effort to ensure that the personal data is accurate and, if necessary, updated. We take all reasonable steps to ensure that inaccurate personal data, in relation to the purposes for which it is processed, is deleted or rectified without delay.
  • We retain your personal data in a form that allows your identification only for the period necessary for the purposes of the processing.
  • We guarantee an appropriate level of security for the personal data we process.

These commitments are demonstrated as follows:

  • We respect your privacy.
  • We guarantee that the protection and security of your personal data is one of our main focuses.
  • We do not use your personal data for purposes that have not been brought to your attention.
  • We do not consider that your personal data should be stored for an unlimited period.
  • We do not sell your personal data to third parties.
  • We work with trusted partners who provide sufficient guarantees as to the implementation of technical and organisational measures so that our processing meets the requirements of the applicable regulations.
  • We respect your rights as a data subject and as a patient and make every effort to fulfil your requests as long as they are well founded.

How do we collect your personal data ?

We collect your data directly from you via our website.

What personal data do we process ?

We remind you that personal data is information relating to an identified or identifiable natural person (the “data subject”), such as your first and last name, postal address or health data.

We undertake to process only personal data that is strictly necessary for the purposes for which it is collected, and to keep it only for as long as is necessary for those purposes.

The categories of personal data we process are as follows:

treatment activity

Legal basis

personal data category

shelf life (active base)

website management (management of contacts, logins, account creation, passwords, appointment scheduling, newsletter management)

legitimate interest

identification data, connection data and logs, data relating to the management of contracts, appointments and newsletters

3 years from last contact

 

6 months for connection logs

Website management (management of online payments)

contract performance

Identification data, bank details

3 years from the end of the commercial relationship

 

10 years for invoices from the date of issue

 

recruitment

execution of pre-contractual measures

identification data and data relating to the candidate’s professional situation

2 years from date of application (unless opposed)

As part of the French law on healthcare reform of December 17, 2010, which provides for the introduction of a platform for sharing and exchanging medical data between healthcare professionals involved in your care, the results of your examinations will be transmitted to the Agence E-Santé and recorded in your personal medical record (DSP).

You may object to the transmission of your health data to Agence E-Santé as part of the PHR. You can notify us of your objection either directly at one of our collection centers or by sending us a written message.

You can exercise this right at any subsequent request.

As part of our services, we systematically send short messages (SMS) as soon as the results of analyses concerning your file are available. The purpose of this communication is to keep you informed as quickly as possible of the availability of this important information, and to offer you the option of subscribing to our patient results server if no account is associated with the mobile phone number in question.

By accepting this SMS notification service, you expressly consent to receive these communications for the receipt of test results.

If you wish to change or object to this method of communication, please click on the unsubscribe link in the SMS or contact us to update your notification preferences.

Who can access your personal data?

Your data will be communicated, if necessary, only to the following recipients:

  • Authorized Ketterthill personnel;
  • Subcontractors and trusted service providers, particularly in charge of IT.

We make every effort to ensure that the number of such persons remains as small as possible.

We only provide our trusted service providers with the information they strictly need to provide the service and they may not use your personal data for any other purpose.

We always make our best efforts to ensure that all our trusted service providers with whom we work maintain the security of your data.

We also ensure that when our relationship with a trusted service provider comes to an end, the service provider deletes your personal data without delay.

We select our trusted service providers with great care, ensuring that they offer sufficient guarantees, particularly in terms of expertise, reliability and resources, to implement technical and organizational measures capable of meeting the requirements of applicable legislation, particularly in terms of security. In this respect, we ensure that our trusted service providers process personal data only on our documented instructions. We also ensure that their staff have undertaken to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

What are your rights as a data subject?

You have the right to access, rectify, delete and port your personal data, as well as the right to limit the processing of such data.

For more information about your rights, visit www.cnpd.lu

You may exercise your rights either by post or by contacting Laboratoire Ketterthill’s Data Protection Officer at the following address:

Laboratoire Ketterthill

Att. Data Protection Officer

8 Avenue du Swing

L-4367 Belvaux

You can also contact us by e-mail at dataprotection@ketterthill.lu or by filling in the contact form and selecting “Data protection”.

For more information on other data processing operations concerning you, please consult our data protection notice.

Skip to content