Personal data protection policy and patients ‘rights
Laboratoires Réunis Luxembourg S.A., hereafter referred to as « LR » attaches a high value to the protection of your personal and medical data. In this respect, we would like to explain how we collect and process your data.
LR appointed a Data protection officer (DPO) in charge of dealing with all inquiries and requests concerning data protection.
WHAT DOES THIS PERSONAL DATA PROTECTION POLICY APPLY TO?
This policy of personal data protection applies to all programs, communication tools or to any other online operation collecting personal data and belonging to LR.
Therefore, this policy does not apply to third-party web sites, including those to which our web sites may link.
HOW WILL BE YOUR DATA PROCESSED?
The professionals, who first take care of you, in one of LR blood collection centers or in another competent laboratory, may have collected and formalized some information concerning your identity together with the data required for the performance of biomedical analyses and for administrative treatment.
The information is compiled in the patient record (the “record”) and it can be subject to data processing under the conditions laid down by the (EU) 2016/679 Regulation on the protection of personal data, and by the law of the 24 July 2014 on patients’ rights and responsibilities.
LR will only process your personal data for the provision of the services required in relation with your health care and the administrative treatment or in relation with further legal obligations, like for the transmission of the Shared Health Record (DSP), for the notification of legally reportable infectious diseases to the local public health department, for reporting to the National Health Insurance (CNS) ...
LR will also process your data for legitimate interests of public health, such as statistics and epidemiological studies.
ACCESS TO THE PERSONAL DATA AND COMPLAINTS
You may request to gain access to some elements of your record or to get a copy of your full record. The patient or the legal representative may address the request.
By submitting a request, please specify at least:
All requests or complaints shall be addressed to:
LABORATOIRES RÉUNIS Luxembourg S.A.
38, rue Hiehl
Tel.: +352 780 290 1
(You can send an e-mail to the DPO to the following e-mail address: firstname.lastname@example.org)
LR undertakes to reply to all requests to exercise your rights within the reasonable time limits.
If you feel that your rights have been prejudiced, you can lodge a formal complaint with:
OTHER RIGHTS RELATED TO DATA PROTECTION
You can also, for legitimate reasons, object to the processing of nominative data or of certain personal data.
Objecting to data processing may prevent LR from delivering correctly the service required.
Yet, LR’s legal obligations shall prevail over the right to object.
If your personal data is inaccurate or incomplete, you have the right to have the data rectified or completed, without undue delay.
When treatment is carried out based on a consent or a contract, by automated means, you may be entitled to obtain your personal data in a in structured, commonly used and machine-readable form that makes it easier to reuse your information in another context and to transmit this data to another health professional.
PERFORMANCE OF YOUR ANALYSES
In principle, LR will carry out your analyses.
Yet, we reserve the right to outsource all or part of the analyses to a partner laboratory.
This case may arise due to the specificity of the analyses required.
LR shall remain responsible towards the patient.
The contract laboratory must comply with the same service quality standards as well as with the obligations of data privacy and security laid down by LR.
For each service, which is not eligible for reimbursement under the third-party payment system, your express consent will be required, and the analyses performed will be directly invoiced to you.
HOW LONG WILL LR STORE YOUR PERSONAL DATA?
In accordance with legal requirements, we only store your personal data as long as it is necessary. In the case of a patient record, LR is legally required to retain the record for a period of 10 years. That period shall run from the date of sample collection in one of our blood collection centers or upon receipt of the patient’s data by a third party.
This period covers all information included in your record.
At a later stage, your data will be archived and become inaccessible in our information management system until expiration of the legal limitation period; the maximum period under common law being 30 years.
After that, all data will be permanently deleted.
WHERE IS YOUR RECORD STORED?
Paper records are stored at LR’s premises but we may also outsource the archival storage to a third party. In such cases, we always make sure that an adequate level of confidentiality protection is granted to your record.
Electronic records may be stored either at LR’s or under an authorized system hosting personal health data. In such cases, data hosting is governed by a contract that sets out mandatory security and confidentiality rules.
DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data or more precisely, your lab tests results with your prescribing physician.
The prescribing physician can get access to your data via MEDLogin, a secure online platform. Your referring physician is entitled to share your data with other health professionals for providing medical treatment.
By transferring your lab tests results to the prescribing physician, practicing mainly or incidentally in a hospital, in a health center or in a shared medical practice, your data may be accessible to other medical staff depending on their respective internal organizational structures.
If you want to object to the transfer of your data, please report it to the employee in charge of collecting the sample (or to our Customer Service) so that your request may be duly recorded.
In such a case, we will transfer the results of your analyses only and exclusively to your prescribing physician mentioning your objection to data sharing.
These data will be sent outside the EU only if the prescriber is in a non-EU country.
Your personal data may be accessible to LR’s employees or to its subcontractors to the extent necessary for the fulfillment of their assignments.
Please note that we strictly urge our subcontractors to process your data only for carrying out the services that we ask them to provide. We also require from our service providers to handle in accordance with the relevant rules on the protection of personal data and to pay particular attention to preserve the confidentiality of the data submitted.
IS YOUR PERSONAL DATA SAFELY STORED?
We aim to store your personal data in the safest and securest possible way, and only for the time required to fulfil the purpose for which it was collected.
In this respect, we apply all necessary security safeguards, including physical, organizational, technical measures, to prevent modification, loss, or unauthorized access of your personal information.
We may amend this policy of personal data protection at any time. In that case, changes will be available on our website: www.labo.lu.