Website privacy policy

Our laboratory Laboratoires Réunis Luxembourg S.A. (hereinafter "Laboratoires Réunis") is committed to respecting your privacy. We attach the greatest importance to the protection and security of your data when using our website. Our policy on the protection of individuals with regard to personal data is based on the EU General Data Protection Regulation (hereinafter: GDPR).

We invite you to read this privacy statement regularly, as amendments to the law or changes to our internal processes may require us to adapt this statement. You can consult, save and print this declaration at any time under "data protection declaration".

The data controller within the meaning of the EU General Data Protection Regulation and other national data protection laws of the Member States as well as other data confidentiality rules :

Laboratoires Réunis Luxembourg S.A.
38, rue Hiehl
ZAC Laangwiss
L-6131 Junglinster

Tel: +352 780 290 1
contact@labo.lu
www.labo.lu

This data protection declaration applies to the Internet offering of the company
Laboratoires Réunis Luxembourg S.A., which is available under the domain www.labo.lu and the various sub-domains (hereinafter referred to as "our website").

The Data Protection Officer can be contacted at the following address

Laboratoires Réunis Luxembourg S.A.
38, rue Hiehl
ZAC Laangwiss
L-6131 Junglinster

dpo@labo.lu

www.labo.lu

Personal data is information relating to an identified or identifiable natural person. This may include information such as name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information that does not allow us to identify you (unless we make a disproportionate effort) does not constitute personal data. Personal data must be processed (collected, recorded, used and transmitted) in compliance with the regulations, in good faith and not without the knowledge of the person concerned. Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.

Certain personal information may be required to obtain the online services or information requested. This information is processed in accordance with the policy described in the European regulation, the main principles of which are set out below.

Laboratoires Réunis Luxembourg S.A, hereinafter "LR", attaches great value to the protection of your medical and personal data. In line with this approach, we hereby wish to inform you of the manner in which we collect and process such data.

LR has appointed a Data Protection Officer (DPO) to deal with data protection queries and requests.

Provision and use of the website

Nature and extent of data processing

When accessing and using our website, we collect personal data that your browser automatically transmits to our server. This information is temporarily saved in a log file. When you visit our website, we collect the following technical data needed to display the content of our website and to ensure stability and security:

IP address of the requesting computer

Date and time of access

Name and URL of the file accessed

Website from which access is made (referring URL)

Browser and, if applicable, the operating system of your computer and the name of your access provider.

Legal basis

Article 6, § 1 of the RGPD serves as the legal basis for the above data processing. The processing of the aforementioned data is necessary for the provision of a website and thus serves to protect the legitimate interests of our company.

Retention period

Data will be deleted as soon as it is no longer required for consultation of the site content. Data is saved in log files for a period of seven days. The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the website. Consequently, the user cannot object to this. Legal obligations may require data to be stored for longer than the period initially stipulated.

Registration/user account

Nature and scope of data processing

Users may register and create a user account on the website by entering personal data (PatLogin / MedLogin, electronic results transfer platform). By doing so, you can access certain content and services, such as the transmission of test results and traceability in the event of ambiguity, on our website. Your e-mail address is used to send you new identifiers if you lose or forget your current identifiers.
The personal data we process when you register is as follows:

Patient (PatLogin): Surname, first names, registration number, e-mail address, home address and telephone number.

Doctor (MedLogin): surname, first names, e-mail address, practice address, telephone and facsimile numbers.

Legal basis

The processing of the above-mentioned personal data (see § 4 2. a.) is based on the following voluntary declaration of consent in accordance with Article 6, § 1, lit. a of the RGPD:

Declaration of consent
I consent to the storage of data when logging into my PatLogin / MedLogin user account. By doing so, I will be able to log in with my credentials without having to enter my personal information again.
I have read and accept the current privacy policy and general terms and conditions. I may revoke this consent at any time with effect for the future by sending a message to: contact@labo.lu

Retention period

The data processed during registration will be deleted as soon as registration on our site is cancelled or modified. Legal obligations may require data to be retained beyond the period initially stipulated.

Cancellation of registration

As a user, you may cancel your registration at any time. The personal data stored about you can be changed at any time. To do so, simply send your request to delete your account details in writing to our customer service department at :
contact@labo.lu.

However, if the data processed is necessary for the performance of a contract or the implementation of pre-contractual provisions, its early deletion will not be possible unless contractual or legal obligations do not prevent it.

Online payment

Nature and scope of data processing

Users have access to an online payment service on our website, the operation of which requires the provision of certain personal data. The necessary data is indicated in an input form that we save. The IP address is immediately anonymised. The following data is collected as part of the order process:

Date, time

Payment advice (e.g. reference number)

Price

e-mail address

Means of payment (credit card, credit card number)

IP address

In order to process payments, we pass on your payment details to the payment service provider appointed by us. These companies may only use your data to process orders and not for any other purpose.

Legal basis

Article 6, § 1 lit. a) of the GDPR serves as the legal basis for the processing of your personal data (see § 4 3. a.), which is necessary for the performance of a commercial contract to which you are a party. This also applies to processing operations necessary for the implementation of pre-contractual measures.

Declaration of consent :
By entering my data and clicking "Check", I consent to the use of my data for payment processing. I have been informed that my data will be passed on to the payment service provider exclusively for the purpose of processing the payment.
I may revoke my consent to the collection of personal data collected during registration at any time.

Retention period

Once the contract and payment have been fully executed, your data will be locked and deleted on expiry of the periods prescribed by tax and commercial legislation, unless you have given your express consent for your data to be used at a later date. Legal obligations may require data to be retained beyond the period initially stipulated.

Contact form

Nature and scope of data processing

An online contact form is available on our website, allowing you to send us your questions, suggestions and other requests. When sending your request using the contact form, we refer to this privacy policy in order to obtain your consent. When using the contact form, the following personal data will be processed:

Name

e-mail address

Subject

Content of the message

Date and time of e-mail message

Providing your e-mail address enables us to correctly allocate the request to the right person and to respond to it. When using the contact form, your personal data will not be passed on to third parties.

Legal basis

The above processing (see § 4 5. a.) of the data required to contact the data subject is based on article 6, § 1, lit. F of the RGPD.
The personal data indicated in the input form is collected for the sole purpose of contacting you. This also applies to contacting you by e-mail.
Other personal data processed when submitting the online form is used to prevent misuse of the contact form and to ensure the security of our IT systems.

Declaration of consent :
By entering my data and clicking "Send", I consent to the use of my given e-mail address to respond to my contact request. I may revoke my consent to the collection of personal data collected during the registration process at any time.

Retention period

Once your request has been processed and the facts in question examined, your personal data collected via the contact form will be deleted. Legal obligations may require data to be retained beyond the period initially stipulated.

Your personal information will only be passed on to third parties:

• if you have given your express consent in accordance with Article 6, § 1, p. 1 lit. a of the RGPD,
• if there is a legal obligation to transmit in accordance with article 6, § 1, p 1, lit. c of the RGPD,
• if, in accordance with Article 6, § 1, p 1, lit. b of the RGPD, the transmission of the data is legally required for the performance of a contract to which you are a party, given that the order and consent to the taking of the sample may constitute a basis for the contractual relationship,
• if the transmission of the data is necessary for the establishment, exercise or defence of a right in accordance with Article 6, § 1, p 1, lit. f of the RGPD, and if there is no reason to assume that you have a legitimately protected interest in the non-disclosure of your personal data.

Nature and extent of data processing

We use cookies on our website. When you visit our website, information may be stored on or retrieved from your browser, mainly in the form of "cookies". These cookies are essential for the proper functioning of our website. We use them for online forms because they enable us to remember your contact details. We use cookies and similar technologies to identify your repeat visits and usage preferences, as well as to measure the effectiveness of campaigns and analyse traffic. If third parties use cookies to process information, they will collect the information directly from your browser. Cookies do not cause any damage to your hardware and they cannot run programs or contain viruses.
Our site uses different types of cookies, the nature and function of which are explained in more detail below.
Our website uses temporary cookies, which are automatically deleted when you close your browser. This type of cookie allows you to save your session ID. This makes it possible to assign different requests from your browser to a single session, allowing us to recognise your device the next time you visit our site.
The PatLogin /MedLogin programme uses persistent cookies. Persistent cookies are cookies that are stored in your browser for a longer period of time and provide us with information. The respective retention period varies depending on the cookie. You can delete persistent cookies in your browser settings.
 

Legal basis

The legal basis for processing personal data using cookies is defined in Article 6, § 1, lit. F of the RGPD.

Retention period

Information is deleted as soon as the data transmitted by cookies is no longer required for the purposes described above. Legal obligations may require data to be retained beyond the initial retention period.

Configuring browser settings

Most browsers are configured by default to accept cookies. However, you can configure your browser to accept only certain cookies or none at all. However, if you disable cookies in your browser settings, you will no longer be able to use all the functions of our website. You can also use your browser settings to delete cookies already stored in your browser. You can also configure your browser to notify you before cookies are saved. Please refer to your browser menu to define the configuration functions.
To obtain an overview of all third-party access on your web browser, we recommend that you install plug-ins specially designed for this purpose.

We use tracking and analysis tools to ensure the continuous optimisation and personalised design of our website. Tracking measures also enable us to record visitors' use of our website statistically and to develop our online offering on the basis of the knowledge gained. On the basis of these interests, the use of the tracking and analysis tools described below complies with Article 6, § 1, p. 1, lit. F of the RGPD. The following description of the tracking and analysis tools may also be used to designate the respective processing purposes and the data processed.

Matomo (formerly Piwik)

This website uses Matomo (ex Piwik), a real-time analysis and statistics software to measure the audience of our website. Matomo uses cookies. The information generated by the cookie about your use of our website is stored on the web server. You can prevent the installation of cookies by modifying the corresponding properties of your browser software.
The IP address is anonymised after processing and before being stored. Even if the anonymisation function is activated, only pseudonymisation is ensured, effectively limiting the risk of direct re-identification.
Matomo calculates an internal hash algorithm based on various factors such as IP address, resolution, browser, plugins used and operating system. Even if the anonymisation function is activated, this heuristic uses the full IP address for internal purposes, so it can be fairly easy to trace back to the IP address by means of retroactive calculations.
If you do not want this data to be stored and evaluated, you can object at any time (by ticking the appropriate box). An opt-out cookie will be saved on your browser so that your session data is not collected by Matomo.

Our website contains hyperlinks to the websites of other providers. By activating the hyperlinks, you will be taken directly to third-party websites with a different URL address. We accept no responsibility for the confidential treatment of your data on these third-party websites, as we have no influence over these third-party suppliers with regard to compliance with data protection regulations. We invite you to contact the administrators of these websites directly to obtain more information about the management of your personal data.

Data subject's right of access

Pursuant to Article 15 of the GDPR, you have the right to obtain confirmation as to whether or not personal data relating to you are being processed and, where they are, access to such personal data as well as the following information:

• the purposes of the processing; the categories of personal data concerned
• the recipients or categories of recipient to whom your personal data has been or will be disclosed, in particular recipients established in third countries or international organisations; the length of time the data will be kept
• the existence of the right to ask the controller to rectify or erase personal data, or to restrict the processing of your data, or the right to object to such processing; the right to lodge a complaint with a supervisory authority
• where the data is not collected from the data subject, any available information as to its source
• the existence of automated decision-making, including profiling, and, at least in such cases, useful information concerning the underlying logic.

Right of rectification - Under Article 16 of the GDPR, you have the right to obtain rectification of your data as soon as possible, as well as the right to have incomplete data completed.

Right to erasure - Pursuant to art. 17 of the GDPR, you may request the erasure of your personal data where the data is no longer necessary for the purposes for which it was collected, or the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or in the exercise of official authority.

Right to restriction of processing - Under art. 18 of the RGPD, you may obtain restriction of the processing of your personal data if you contest the accuracy of the data concerning you or if the processing is unlawful and you object to their erasure but instead require restriction of their use. In accordance with Article 18 of the GDPR, you also have the right to object to processing in accordance with Article 21 of the GDPR.

Right of portability - Pursuant to art. 20 of the GDPR, you may receive the personal data you have provided to us in a structured, commonly used and machine-readable format or you have the right to transmit such data to another controller without the controller to whom the personal data has been communicated objecting.

Right of revocation - Pursuant to Article 7 § 3 of the GDPR, you may revoke your consent at any time with effect for the future. Consequently, we will no longer be authorised to continue processing your data.

Right to lodge a complaint - Pursuant to Article 77 of the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State in which your habitual residence or, place of work is located or with our company, if you consider that the processing of your personal data constitutes a breach of the GDPR.

Under Art. 21(1) of the GDPR you have the right to object, on grounds relating to your particular situation, to the processing of your personal data at any time.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which would override your interests, rights and freedoms (e.g. to defend ourselves or you against claims. In addition, in accordance with Art. 21(2) DS-GVO, you may also object to the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.

We are committed to protecting your privacy and keeping your personal information confidential. We take all appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction, using the same safeguards that we use for our own confidential information. This includes, among other things, the use of recognised encryption methods (SSL or TLS). However, please note that due to the structure of the Internet, it is possible that the aforementioned data protection rules and security measures may not be respected by other persons or institutions who are not under our responsibility. In particular, data disclosed unencrypted - for example, if this is done by e-mail - may be read by third parties. We have no technical influence over this. It is the user's responsibility to protect transmitted data against misuse by means of data encryption or any other means.

Version updated 22.04.21