Data privacy notice for patients
We are pleased that you have opted for one of our services. This data privacy notice is intended to inform you which data we collect and for which purpose we use these data. Here you can also learn how we use your personal data and what rights you have in this regard.
How we process your personal data
Once you have decided, together with your responsible physician, to place an order for genetic testing with us, we require various personal data from you which we request using the order form (e.g. name, address, age, week of pregnancy). We require these data among other things to verify whether the selected genetic testing is fundamentally feasible for you. We process your personal data only for the purpose listed in this data privacy notice and to fulfill our legal obligations. You may contact our data privacy officer (firstname.lastname@example.org) at any time to obtain further general information about the processing of your personal data. To bill for our services, we store your payment information and forward this via secured connections to Eurofins NSC Finance Germany GmbH in Hamburg, Germany. When processing your personal data to create mailings, we forward your information to qualified service providers. We select these providers carefully and ensure that they meet the requirements for this sector of the European General Data Protection Regulation and the conditions for reliable handling of data. If you use services from Eurofins LifeCodexx, we could use your personal data to monitor and guarantee the proper function and safety of our medical devices. For statistical purposes, Eurofins LifeCodexx may process your data in an anonymized fashion, as a result of which you cannot be personally identified.
No system is completely protected against attempted manipulation or intentional acts. There is always a residual risk when processing personal data. To prevent unauthorized access to your personal data, we take appropriate precautions and utilize security measures according to the applicable industry standard. We use firewall technologies and adhere to current password guidelines. As a result, access to personal data is possible only with individual access rights via a password-protected internal network or via VPN. We use encoding such as SSL to ensure that when personal data are transmitted, they are appropriately protected from access by third parties. In general, the archiving of personal data takes place only in certified archiving companies and on servers in the Konstanz area. In the case of larger quantities of data which may arise during the analyses, these are archived exclusively on servers in data centers in Europe.
Handling sensitive personal data
The genetic data which are obtained during analysis within the framework of the services we offer are personal data of a particular category. These call for a particularly high level of protection. Beyond European data privacy, your personal data are further secured through additional legal regulations, such as the Genetic Diagnostics Act. We are therefore not permitted to give you any information about your personal data directly. Please always contact your responsible physician. He/she can informally request information from us in writing at any time.
Transmission of personal data to third parties and in countries outside of the EU
In accordance with the above-mentioned principles, subcontractors of Eurofins LifeCodexx may be permitted to access your personal data within the scope of maintenance and support services, for example, to draw up the invoice for your records. These subcontractors are authorized to use clearly defined personal data for a particular purpose. They are obligated to maintain confidentiality. When transmitting personal data to subcontractors, only those data which are needed for the service or transaction are forwarded. Your personal data will not be forwarded without your express permission if this is not a part of the processing in accordance with this data privacy notice. However, due to a law, court order, regulation or order by an authority, the forwarding of data without further consent may be necessary. In general, your personal data will not be transmitted to and processed in countries outside of the European Economic Area or outside of the jurisdiction of European data privacy.
How we process your personal data within the scope of research and development
With your written agreement, we may store and process surplus examination material which is not identified by name for purposes of quality assurance, scientific research, as well as the development of new diagnostic options, for example, in order to continuously further develop and improve our medical devices. In doing so, data and material in anonymized or pseudonymized form may also be transmitted outside of the EU to selected international partners (e.g. scientific cooperation partners).
Storage of personal data
We store data for only as long as it is needed to fulfill the purpose or for as long as statutory requirements obligate us to do so. The order form and the final report are considered to be accounting records and must be stored for ten years after completed posting. We are additionally obligated to store the results of genetic testing and analyses for ten years. The sample material is destroyed immediately after the purpose has been fulfilled, provided you have not given us any consent for use for research and development.
You have the right at all times to learn which data about you we have collected, what these data were used for, and which third parties these data were disclosed to. If you would like to exercise your rights in this regard, the legal provisions stipulate that you contact your physician. He/she will contact us. You will then receive a copy of your personal data. We reserve the right to charge a processing fee for each additional copy. You have the right to have your data corrected or deleted by sending us a corresponding request via your responsible physician. If you would like to have your data deleted, we will review this and we reserve the right, if applicable, to block your personal data in order to comply with other legal obligations (e.g. requirement to retain your billing data for ten years). After deletion or blocking, we will no longer process your data and may not handle any further requests regarding your order. While you are using our services, you may at any time revoke your consent for the processing of your data. To do this, please inform your responsible physician promptly so that he/she can send us the revocation in writing and indicating your order data. Please be aware that if consent is revoked, we do not issue any test result and may charge any costs which have already been incurred. For more information on this, please read our General Terms and Conditions (https://lifecodexx.com/service/agb/). You have the right to receive your data from us in a machine-readable format and can also request that your data be forwarded to a third party. If you suspect misuse of the data, you can lodge a complaint with the data privacy officer responsible for you or a similar authority.
This data privacy notice was updated on March 15, 2019. We may occasionally make changes to this data privacy notice; the current version is available on our website under Data privacy – Data privacy notice for patients. If you have questions about our data privacy, please contact us at email@example.com.
Our data privacy officer
If you have any questions about data privacy, please contact our data privacy officer at:
Eurofins LifeCodexx AG