Protection of patients' personal data

Laboratoires Réunis Luxembourg S.A, hereinafter "LR", attaches great value to the protection of your medical and personal data. In line with this approach, we hereby wish to inform you of the manner in which we collect and process such data.

LR has appointed a Data Protection Officer (DPO) who deals with questions and requests relating to data protection.

This privacy policy applies to LR's applications, communication tools and other online initiatives that collect personal data.

Consequently, this policy does not apply to third party websites, including those that may be mentioned on our media via a web link.

The professionals who have taken charge of you, either in a LR sampling centre or, in the case of an external sampler, such as another laboratory, have collected and formalised information concerning your identity and the data necessary for the performance of medical biology analyses and their administrative processing.

This information is collected in your patient file (the "file") and may be subject to computerised processing under the conditions laid down by Regulation (EU) 2016/679 on the protection of personal data, as well as the law of 24 July 2014 on patients' rights and obligations.

LR only processes your data for the purposes of carrying out the services requested in connection with your care and administrative processing and its other legal obligations, such as transmission to the shared care file, reporting of infectious diseases to the Director of Health, declarations to the National Health Fund....

LR also processes your data for legitimate interests in the field of public health, such as statistics or epidemiological studies.

You can request elements of the file or a complete copy of your file.

The request may come from the patient or their legal representative.

We kindly ask you to always specify your request by specifying at least :

• Your personal details
• The data concerned
• The period(s) concerned
• The exercise of the right requested: Right of access, restriction of processing, deletion, rectification of data, right to object to data processing and right to data portability.

• The justification for the request.

   

All your requests or complaints should be addressed as follows:

LABORATOIRES RÉUNIS Luxembourg S.A.

38, rue Hiehl
L-6131 JUNGLINSTER

Tel: +352 780 290 1
Contact@labo.lu
www.labo.lu

(The DPO can be contacted by e-mail at the following address: dpo@labo.lu)

LR undertakes to respond to any request to exercise your rights as soon as possible.

You have the right to make a formal complaint if you believe your rights have been adversely affected:

• to the National Data Protection Commission, in matters of data protection;
• to the Health Ombudsman, in the event of a dispute concerning the laboratory's health services.

You may object to the collection and processing of your personal data or to the processing of certain data concerning you for legitimate reasons.

Objection to the processing of your data may make it impossible for LR to provide the requested service.

The exercise of the right to object cannot, however, override LR's legal obligations.

Within the framework of the law on the reform of the healthcare system of 17 December 2010, which provides for the introduction of a platform for sharing and exchanging medical data between the healthcare professionals involved in your care, the results of your examinations will be transmitted to the E-Health Agency and recorded in your personal medical file (DSP).

You may object to the transmission of your health data to the E-Health Agency as part of the PHR. You can notify us of your objection either directly at one of our collection centres or by sending us a written message.

You may exercise this right at any subsequent request.

You have the right to obtain as soon as possible the rectification of inaccurate data and the completion of incomplete data.

Where processing is based on consent or on a contract, and is carried out using automated processes, you have the right to receive the data in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another data controller without the initial data controller having an objection.

In principle, your analyses are carried out by LR.  However, LR reserves the right to entrust all or part of the performance of your analyses to another partner laboratory. This situation may arise depending on the specific nature of the analyses. LR remains liable to the patient.

The subcontracting laboratory is bound by the same obligations as LR with regard to the quality of its services and the security and confidentiality of its data.

Any service that does not fall within the scope of services reimbursed under the third-party payment system will be subject to specific consent on your part and the services will be billed directly to you.

We only keep your data for as long as it is required by law.

In the case of a patient file, LR is legally obliged to keep your file for 10 years. This period runs from the date on which the sample is taken at one of our collection centres, or from the date on which your data is communicated to us by a third party. It concerns all the information contained in your file.

Thereafter, your data is archived and can no longer be consulted in our management system until the expiry of the statutory limitation periods, the longest being thirty years. The data is then permanently destroyed.

If it is a paper file, your file is kept at LR. Its archiving may be entrusted to an external company. In this case, LR ensures that the level of privacy protection applied to your file is guaranteed.

In the case of an electronic file, LR may either keep the file on its premises or entrust its storage to a data hosting company. In this case, data hosting is governed by a contract requiring compliance with security and confidentiality rules.

Your data, and more specifically your test results, are sent to the prescribing doctor. The prescribing doctor can access this data online on the secure "Customer Portal" platform or on Regibox, the Cloud service provided by Agence eSanté, or also by facsimile or in paper format.

Your GP is authorised to use your data with other healthcare professionals for the purposes of your medical treatment.

When your test results are sent by LR to the prescribing doctor practising mainly or secondarily in a hospital, institution or shared practice, your data may be accessible to other people depending on the internal organisation of this institution or practice. You may object to this transmission at the time of sampling by contacting the person in charge of sampling (or Customer Service beforehand), who will register your request. In this case, the results of your analyses will only be sent to the prescribing doctor on a personal basis, who will be informed of your objection.

This data is only communicated outside the European Union if the prescriber or patient is in such a country.

Your personal data will only be accessible to employees and collaborators of LR or our service providers to the extent necessary for the performance of the tasks entrusted to them.

Please note that we strictly require our service providers to use your personal data only to administer the services we ask them to provide. We also ask these service providers to always act in accordance with the applicable laws on the protection of personal data and to pay particular attention to the confidentiality of this data.

We aim to keep your personal data as safe and secure as possible, and only for as long as is necessary for the purposes for which it is to be processed. To this end, we take appropriate physical, technical and organisational measures to prevent, as far as possible, any alteration, loss or unauthorised access to your data.

We inform you that this personal data protection policy may be amended by us. In this case, these changes will be available on our website www.labo.lu.

Junglinster, 10.08.22