Privacy Policy E-Clinical 2.0

Revised 11/11/2022

Eurofins Biologie Médicale attaches the greatest importance and care to the protection of privacy and personal data, as well as to the respect of the provisions of the applicable Legislation.

The General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR") states that Personal Data must be processed lawfully, fairly, and transparently. Thus, this privacy policy (hereinafter the "Policy") aims to provide you with simple, clear information on the Processing of Personal Data concerning you, in the context of your browsing and the operations carried out on our app and website.

The purpose of this Privacy Policy is to provide you with information on how your personal data is collected and processed and how we ensure its security on the https://www.eurofins-eclinical.com/ website, a Privacy Policy dedicated to cookies completes this document.

If you would like to ask us a question or, more specifically, make use of your rights regarding your personal data (see paragraph 6 below), you can contact the Data Protection Officer at the following address: rgpd@eurofins-biologie.com

 

  1. Who are we?

When you use the E-Clinical tools and in order to provide you with the best possible service, you may be asked to provide personal data about yourself. 

For all the Processing activities, Eurofins Biologie Médicale, SAS a simplified joint-stock company, registered under French law number 510 019 037, with capital of 20.556.745,40 euros, having its registered office located at 58 avenue Debourg 69007 Lyon, determines the means and purposes of the Processing. Thus, we act as a Processor, within the meaning of the Regulation on Personal Data, and in particular Regulation (EU) 2016/679 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data.

 

  1. How do we ensure the security and privacy of your data?

With Privacy by design, we have attached particular importance to the security of the personal data you entrust to us.

We can thus assure you that we have taken all the appropriate organizational and technical measures, as well as all the useful precautions to preserve the security of the information described above and particularly to prevent data loss, unauthorized data disclosure and data corruption.

Especially, the hosting of information related to the use of our E-Clinical tools is carried out by a certified health data hosting provider (HDS).

In accordance with the Privacy by design Principle, the processes implemented were studied in order to protect us against any breach of confidentiality of the data processed and to secure the exchanges during the transmission of the data, by implementation of effective encryption solutions.

 

  1. What Personal Data do we collect and how?

Eurofins Biologie Médicale may obtain information about you when you use the E-Clinical tools. The notion of personal data refers to information that identifies you personally, such as your name, first name, file number, invoice number, e-mail address, data related to your connection to our website (IP address, date and time of connection) and navigation data.

When collecting your personal data on the E-Clinical tools, we will tell you which data are mandatory and which are purely optional. We will also inform you of the possible consequences of a lack of response.

 

Categories of personal data processed:

  •  Identification and contact data: identity (last name, first name and birth name), date of birth, gender, nationality, passport or national identity card number, postal and e-mail address, telephone number;
  • Data concerning health : your NIR or social security number (if requested, necessary for coverage by social security organizations), results of biological tests performed;
  • Login and browsing data : such as your IP address, device event information such as browser type, browser language, date and time of your request and referring URL, your location, what content you are viewing or what pages you are viewing.

Purpose

Legal base

Storage periods

Creation of a patient account (with the dedicated form)

Performance of a contract

5 years, after the last intervention related to the patient account (then 15 years in intermediate storage)

Association of the test with the patient account

Performance of a contract

5 years, after the last intervention related to the patient account

Viewing results

Performance of a contract

5 years, after the last intervention related to the patient account

Retention of patient records

Compliance with a legal obligation

5 years after the last intervention then intermediate archiving 15 years on a separate medium.

Account login (required cookie)

Legitimate interests pursued by Eurofins Biologie Médicale

12 months

Audience measurement and targeted advertising (cookies)

Your consent

12 months

 

 

  1. Do we share your personal data?

The information provided is intended for the medical laboratories involved in screening campaign. Within the framework of a screening analysis, the identification and results information will be kept by EUROFINS BIOLOGIE MEDICALE.

The personal information that you may provide may be consulted by the authorized personnel of our company and of the subsidiaries of our group (found on https ://www.eurofins.com/) as well as our hosting processors within the strict framework of the purposes that we have presented to you.

We also have signed strict security clauses with our processors, in accordance with Article 28 of the GDPR, specifying in particular the security objectives that must be achieved.

We have rigorously selected our processors according to the security of the hosting they provide (at the level of the strictest standards) and have hardened both the infrastructures and the contracts concluded with them to allow you to entrust us with your data in complete peace of mind.

Thus, we do not sell or disclose personal information about users of our E-Clinical tools and visitors to our website to third parties, except as described below:

  • to companies, organizations or individuals outside of Eurofins if we have good reason to believe that access, use, preservation or disclosure of the information is reasonably necessary to :
    • Perform and enforce contractual terms;
    • Comply with any applicable legal, regulatory, judicial or governmental requirement;
    • Detect, prevent or combat fraud, security breaches or technical problems
    • To protect against harm to the rights, property or safety of Eurofins, our users or the public as required or permitted by law
  • to law enforcement or regulatory agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of a crime, the collection of taxes, in order to comply with any applicable law or court order of competent jurisdiction, or in connection with legal proceedings;
  • to third parties in connection with a merger, acquisition or bankruptcy, in the event we sell or transfer all or a portion of our business or assets (including as a result of bankruptcy).
  1. Where is your data processed?

We have chosen for our tools a hosting company (Microsoft Azure Blob Storage) which benefits from an approval as a health data hosting company, allowing us to provide very high guarantees in terms of confidentiality and security of the health data that you entrust to us.

We have ensured that the personal data you entrust to us is processed as close as possible to European territory (Netherlands).

However, your personal data may be transferred outside the EU in case one of the recipients mentioned above in paragraph 4 is located outside the EU and only in countries :

  • To which the European Commission would have issued an adequacy decision (which guarantees that an appropriate level of protection of personal data is offered in that country);
  • Where appropriate safeguards have been provided (such as standard contractual clauses established by the European Commission).

In addition, if you decide to use your accounts on social networks to share content, this connection may result in the communication of certain data on servers used by these services located outside the European Union and in particular in the United States (see paragraph 4 above).

 

  1. What are your rights?

The GDPR provides Data Subjects with rights that they can exercise. Thus, are provided:

  • Right to information: the right to have clear, precise, and complete information on the use of Personal Data.
  • Right of access: the right to obtain a copy of the Personal Data that the Data Controller holds on the applicant.
  • Right to rectification: the right to have Personal Data rectified if they are inaccurate or obsolete and/or to complete them if they are incomplete.
  • Right to erasure / right to be forgotten: the right, under certain conditions, to have the Data erased or deleted, unless if we have a legitimate interest in keeping it.
  • Right of opposition: the right to object to the Processing of Personal Data by us for reasons related to the particular situation of the applicant (under conditions).
  • Right to Withdraw Consent: the right at any time to withdraw Consent where Processing is based on Consent.
  • Right to restriction of processing: the right, under certain conditions, to request that the Processing of Personal Data be temporarily suspended. 
  • Right to Data Portability: the right to request that Personal Data be transmitted in a reusable format that allows it to be used in another database.
  • Right to Avoid Automated Decision-Making: the right of the applicant to refuse fully authorized decision-making and/or to exercise the additional safeguards offered in this regard.
  • Right to define post-mortem directives: the right for the applicant to define directives concerning the fate of Personal Data after his/her death.

 

To exercise your rights, you may contact the following address : rgpd@eurofins-biologie.com

If unfortunately you are still not satisfied with our answer, you also have the right to complain to the CNIL (Commission Nationale de l'Informatique et des Libertés) for example on its website: cnil.fr