1 LHM DIAGNOSTIEK
2.1 LHM Diagnostiek is more than a laboratory. We provide services that support medical practitioners in the treatment of patients (“Services”). Read more about our Services on the website of LHM Diagnostiek, currently located at www.lhmdiagnostiek.nl.
2.2 When providing Services, LHM Diagnostiek is processing information that relates to identified or identifiable natural persons (“Personal Data”). To such processing of Personal Data, various laws and legislation possibly apply, such as but not limited to the General Data Protection Regulation (“GDPR”).
- 2.4.1 Our General Terms and Conditions, which can be reviewed here:
3 PROCESSING OF PERSONAL DATA
3.1 Personal Data – When using our Services, LHM Diagnostiek collects and processes the following Personal Data of data subjects:
- 3.1.1 Name and surname;
- 3.1.2 Address;
- 3.1.3 Contact details, such as e-mail addresses and telephone numbers;
- 3.1.4 Date of birth and gender;
- 3.1.5 Physical characteristics if required and necessary for the Service, such as body length and body weight;
- 3.1.6 Bank account number;
- 3.1.7 Body material to carry out the Service, such as blood, saliva and urine;
- 3.1.8 The practitioner’s contact details; and
- 3.1.9 The results of the (diagnostic) test.
When using our Website, LHM Diagnostiek collects and processes the following Personal Data of data subjects:
- 3.1.10 IP addresses;
- 3.1.11 Browser fingerprints;
- 3.1.12 Website usage and browser information; and
3.2 Source – We collect and receive the Personal Data under 3.1 from the data subject and/or the practitioner who provide us Personal Data which we use to offer our Services. No further or public sources are used, unless explicitly stated otherwise.
3.3 Purpose – The Personal Data as mentioned in paragraph 3.1 is processed for the following purposes:
- 3.3.1 To allow LHM Diagnostiek to offer the Services that we provide and is wanted by the data subject in the context of the treatment by the practitioner; and
- 3.3.2 To allow LHM Diagnostiek to perform the agreement between us and the practitioner for which the data subject has given its explicit consent regarding the processing of the special personal data.
3.4 Legal ground – The legal grounds for the processing of Personal Data as mentioned in paragraph 3.1 are:
- 3.4.1 As necessary for the performance of a contract to which data subjects are a party or in order to take steps at data subjects’ requests prior to entering into a contract;
- 3.4.2 Explicit consent with regard to the special personal data processed; and
- 3.4.3 Legal obligations that may be applicable to us.
3.5 Retention – We maintain the following retention times, unless LHM Diagnostiek is required by law to store the Personal Data for a longer period of time:
- 3.5.1 Name and surname: 4 weeks after full payment;
- 3.5.2 Address: 4 weeks after full payment;
- 3.5.3 Contact details, such as e-mail addresses and telephone numbers: 4 weeks after full payment;
- 3.5.4 Date of birth and gender: 4 weeks after full payment;
- 3.5.5 Physical characteristics if required and necessary for the Service, such as body length and body weight: 4 weeks after full payment;
- 3.5.6 Bank account number: 4 weeks after full payment;
- 3.5.7 Body material to carry out the Service, such as blood, saliva and urine: 4 weeks after full payment;
- 3.5.8 The practitioner’s contact details: 4 weeks after full payment; and
- 3.5.9 The results of the (diagnostic) test: 4 weeks after full payment.
3.6 In certain cases, we are obliged to store specific categories of the Personal Data for at least 20 years based on the Medical Treatment Agreement Act (Wet op de geneeskundige behandelingsovereenkomst, “WGBO”).
4 THIRD PARTIES, RECIPIENTS AND TRANSFER
4.1 We may share the Personal Data with third parties (‘recipients’) if this is necessary for one or more of the purposes mentioned above. The following categories of recipients may have access to data subject’s Personal Data:
- 4.1.1 Affiliated group-companies, if this is necessary for compliance, internal reports, audit or security purposes, or for the execution of an agreement with data subjects;
- 4.1.2 Our accountant, legal advisers and other professional service providers engaged by us for compliance reasons;
- 4.1.3 Governmental bodies, courts, supervisory authorities, law enforcement or intelligence agencies, if we have a legal obligation to provide them with Personal Data;
- 4.1.4 Providers of IT services we use for our systems;
- 4.1.5 Payment partners to allow various payment options; and
- 4.1.6 Partner laboratories we work with to perform (diagnostic) tests.
4.2 LHM Diagnostiek may transfer Personal Data to these partners to perform the agreement as entered into. When we transfer Personal Data to our partners, we aim to transfer as less Personal Data as possible.
4.3 The third parties receiving or accessing your data might be located outside the European Economic Area (EEA). When transferring data for which we are responsible to countries outside of the EEA (so-called ‘third countries’), we ensure ‘appropriate safeguards’. More specifically, we contractually bind recipients of Personal Data to protect your data using the Standard Contractual Clauses (SCC’s) as approved by the European Commission. We will assess in advance (where necessary, with the help of the recipients in third countries) on a case-by-case basis if the law or practice of the third country diminishes the effectiveness of the SCC’s. In those cases, we will implement supplementary measures that fill the gaps in the protection and bring it up to the level required by EU law.
5.1 The GDPR, depending on the circumstances, provides data subjects with the following rights:
- 5.1.1 The right to access to Personal Data;
- 5.1.2 The right to rectification of Personal Data;
- 5.1.3 The right to request from LHM Diagnostiek the erasure of Personal Data;
- 5.1.4 The right to request LHM Diagnostiek whether the processing of the Personal Data may be restricted;
- 5.1.5 The right to object to processing;
- 5.1.6 The right to data portability;
- 5.1.7 Where the processing is based on consent: the right to withdraw such consent at any time, without such withdrawal having effect on the legitimacy of the processing prior to withdrawal; and
- 5.1.8 The right to lodge a complaint at a supervisory authority, for example the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/).
5.2 LHM Diagnostiek does not conduct automated decision-making, including profiling as referred to in articles 22(1) and (4) of the GDPR.
6 SAFEGUARDING YOUR PERSONAL DATA
6.1 LHM Diagnostiek highly values the secure processing of Personal Data. Therefore, we may implements security measures, such as but not limited to, as appropriate:
- 6.1.1 The pseudonymisation and encryption of Personal Data;
- 6.1.2 The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- 6.1.3 The ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
- 6.1.4 A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.