Privacy Policy

Quality Manual Policy-D100001-02 (June 2018, version 2)

Leeuwenhoek Ltd fully respects their customers’ right to privacy and confidentiality of data.

Applicable Legislation & Standards

According to the European General Data Protection Regulations (GDPR), Leeuwenhoek with company registration number 594173 and registered address at 64 O’Connell Street, Ennis, Co. Clare is a Data Controller. The GDPR requires that all personal and health information used or disclosed to Leeuwenhoek in any form, whether electronically, on paper, or orally, are kept properly confidential.

Leeuwenhoek furthermore follows strict quality management standards and strives to fully comply with the ISO 15189 standard (Medical laboratories – Requirements for quality and competence) and the National Compliance Monitoring Authority for Good Laboratory Practices. This implies that Leeuwenhoek meets both technical competence requirements and management system requirements that are necessary for consistently delivering technically valid results whilst ensuring that the confidentiality of customer information is maintained at all times.[1]

Personal Data Collection
Leeuwenhoek offers health screening services for which personal data needs to be collected, processed and retained. When ordering a health screening package, a request form is to be completed by the customer disclosing the following personal information: name, surname, date of birth, gender, contact details (address and/or telephone number and/or e-mail), relevant clinical information (that may impact test results), GP/ physician name/ clinic. Explicit customer’s consent for the processing and retention of this data is required before screening can commence.
The data will not be subject to automated decision making.

Access to Personal Data
In compliance with the GDPR and the Freedom of Information Act, individuals have the right to access their information by making an access request (refer to section “Customer Right of Access & Amendment“ below).

Only staff members of, and registered healthcare practitioners associated with Leeuwenhoek have access to customer personal and test data. Each Leeuwenhoek staff member and associated healthcare practitioner signs a privacy and confidentiality agreement and is specifically trained in relevant procedures prior to commencing work. The agreement includes unconditional adherence to this privacy policy for the duration of employment and thereafter.
Access to the computer and electronic systems is granted to authorised personnel only.

Referral Laboratories
Leeuwenhoek offers a limited set of exclusive tests currently outside the in-house test capability. These tests are therefore outsourced to Irish based accredited reference laboratories which are carefully assessed, approved and monitored by Leeuwenhoek through the vendor control process which includes the vendor’s requirement to comply with this – or an equivalent – privacy policy and secure storage of data. The personal data collected for screening may be disclosed, transferred to and stored with the reference laboratory where the analyses are carried out. Furthermore, Leeuwenhoek may temporarily outsource specific tests due to unforeseen circumstances. The customer’s consent obtained prior to screening includes outsourcing of tests and the disclosure of data to an approved reference laboratory.

Reporting/ Sharing Test Data
The customer selects how results are reported to them. Options available are through personal collection, through post or e-mail. For e-mail reporting Leeuwenhoek provides a unique password which enables the customer to access the encrypted report (pdf-format) sent through e-mail. The customer is responsible for keeping this password confidential, and not sharing with anyone.

To ensure the customer’s privacy, Leeuwenhoek will not disclose information over the telephone or to family, friends, or spouses unless prior written consent is given. Information is never disclosed in messages with others.

Leeuwenhoek will only release test data to comply with legal requirements such as a court order, child protection cases, or infectious disease notification.

For the results of some examinations special counselling may be needed. Leeuwenhoek reserves the right to communicate results with serious implications directly to the customer’s GP or physician to allow for an opportunity to provide adequate counselling prior to reporting results to the customer.

Any other uses and disclosures will be made with the written authorization of the customer to their personal GP or physician only.

No data is transferred outside the EU.

Retention
Leeuwenhoek retains test records for traceability and legal liability purposes for a minimum of ten years from the date of test, and for minors the period until they reach the age of 18 plus a minimum of ten years (i.e. up to the age of 28). Test samples are retained for up to six months. Thereafter records and samples are destroyed under confidential conditions.

Marketing
Leeuwenhoek will seek specific customer consent to retain, use and process personal contact details for the purpose of:

  • Providing information or other health related services that may be of interest to the customer such as special offers;
  • Reminders for a new appointment for health screening;
  • Sending out surveys for quality improvement (customer focussed) and marketing purposes. Surveys may be completed anonymously at customer’s discretion.

Anonymised Samples
Leeuwenhoek will seek specific customer consent to retain, use and process anonymised[2] test samples/ data for the purpose of performing:

  • Quality control activities;
  • Process/ test validation; and
  • Training.

Website
Information collected and/or retrieved by Leeuwenhoek website is encrypted via an SSL/HTTPS connection to protect visitor’s information from unauthorised parties.

Correspondence through the website www.leeuwenhoek.ie “contact us” from, the “booking” form or by email, will be retained to enable follow-up communication and for marketing analysis purposes.

The website contains links to other websites and Leeuwenhoek is not responsible for the content or privacy practices of these external sites.

Leeuwenhoek collects information that shall not be used to identify or contact a customer. This includes IP addresses, referring website, duration of stay, time/date, browsing actions and patterns, etc. This information is used to better understand where visitors come from and to improve the website design/ usability. Leeuwenhoek may share this data with trusted third parties for marketing purposes only.

Customer Right of Access & Amendment
A customer may inform Leeuwenhoek of any changes in their personal data which will be amended or removed accordingly. 

A customer may submit a written request to Leeuwenhoek to enquire about or obtain their personal and test data, or to update or remove their personal contact data. Request to obtain data are dealt with within one month. These requests may be subject to an administration fee.

Customer Right of Complaint
A customer has the right of complaint where customers are unsatisfied with Leeuwenhoek’s implementation of any of the criteria set out in the GDPR (2018).

Policy Changes
Leeuwenhoek reserves the right to make changes to the Privacy policy at any time. However, any such changes shall not affect compliance to the GDPR (2018) and the current ISO 15189 standard.

Changes will be effective immediately upon posting to the website.

 

[1] To obtain formal acknowledgement Leeuwenhoek will seek accreditation to ISO 15189 at the earliest convenience, i.e. when sufficient historical evidence of compliance is available.

[2] Anonymising refers to the irreversible removal of all traceable links to the customer identification.

Approved by Irish Life Health

Check with your provider if our outpatient service is covered under your plan.

 

 

Follow Us:

 

 

Approved by Irish Life Health.
Check with your provider if our outpatient service is covered under your plan.