Data Protection Policy

Introduction

In connection with its clinical pathology activity, your Ketterthill medical biology laboratory processes your personal data in accordance with applicable laws in force.

This policy provides you with information on how your personal data is processed by the clinical pathology laboratory in charge of your file. 

This policy, accessible in the laboratory and on our website, is updated regularly to take into account legislative and regulatory changes and any changes in the organisation of the laboratory or in its processing operations.

This policy was updated on 18/03/2022.

What are our commitments ?

We undertake to comply with the applicable regulations for all processing of personal data that we carry out. Therefore, we undertake to comply with the following principles:

• We process your personal data lawfully, fairly and transparently.
• We collect your personal data for specific, explicit, and legitimate purposes and will not process it in a manner inconsistent with these purposes.
• We ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• We make every effort to ensure that the personal data is accurate and, if necessary, updated. We take all reasonable steps to ensure that inaccurate personal data, in relation to the purposes for which it is processed, is deleted or rectified without delay.
• We retain your personal data in a form that allows your identification only for the period necessary for the purposes of the processing.
• We guarantee an appropriate level of security for the personal data we process.

These commitments are demonstrated as follows:

• We respect your privacy.
• We guarantee that the protection and security of your personal data is one of our main focuses.
• We do not use your personal data for purposes that have not been brought to your attention.
• We do not consider that your personal data should be stored for an unlimited period.
• We do not sell your personal data to third parties.
• We work with trusted partners who provide sufficient guarantees as to the implementation of technical and organisational measures so that our processing meets the requirements of the applicable regulations.
• We respect your rights as a data subject and as a patient and make every effort to fulfil your requests as long as they are well founded.

How do we collect your personal data ?

We collect your data either directly from you (when you visit one of our sites) or indirectly. In the event of indirect collection, your personal data has been entrusted to us by the clinical pathology laboratory that collected your sample, your healthcare institution, or your healthcare professional who collected the sample.

What personal data do we process ?

Personal data is information relating to an identified or identifiable natural person (the “data subject”), such as your full name, postal address, health data.

We collect your personal data only in connection with our clinical pathology activity.

We undertake to collect only personal data that is strictly necessary for the purposes for which it is collected.

The personal data that we collect are mainly identification data, health data, and social security number.

The categories of personal data we process are the following:

Who can access your personal data ?

Where applicable, your data will be communicated only to the following recipients:

• The responsible or jointly responsible clinical pathologist and, within the limits of the authorisations issued by them and under their responsibility, members of the clinical pathology laboratory staff (clinical pathologists, technicians, nurses, etc.) for the aforementioned purposes.
• The laboratories or reference centres to which your samples are sent for the purpose of conducting certain clinical pathology analyses.
• Healthcare institutions, prescribing physicians (unless you object), external samplers that sent your samples to us for analysis purposes or at the request of which we took the samples and conducted the analyses.
• Administration (information system for reporting results, etc.).
• Paying agencies (social security agencies, health insurance, etc.).
• The processors, trusted service providers of the laboratory, responsible in particular for IT.

We make every effort to ensure that the number of people remains as small as possible.

We only provide our trusted providers with the information they strictly need in order to provide the service and they may not in any way use your personal data for any other purpose.

We always make every effort to ensure that all our trusted providers with which we work keep your data secure.

We also ensure that when our relationships with a trusted provider end, this provider deletes your personal data without delay.

We select our trusted providers with great care, ensuring that they provide sufficient guarantees, particularly in terms of expertise, reliability, and resources, to implement technical and organisational measures to meet the requirements of applicable legislation, particularly in terms of security. In this respect, we ensure that our trusted providers process the personal data only on our documented instructions. We also ensure that their personnel are committed to complying with confidentiality or are under an appropriate statutory obligation of confidentiality.

What are your rights as a data subject ?

You have a right of access, correction, erasure, and portability with respect to your personal data as well as a right to restrict the processing of such data.

For more information about your rights, please visit the website cnpd.lu

You may exercise your rights, either by post, to the "Data Protection Officer" of the Laboratory at the following address :

Laboratoire Ketterthill

Att. Data Protection Officer

8 Avenue du Swing

L-4367 Belvaux

Or by e-mail to this address: dataprotection@ketterthill.lu or by filling in the contact form and choosing the subject "Data protection".