Quality Manual Policy-D100001-02 (June 2018, version 2)
Leeuwenhoek Ltd fully respects their customers’ right to privacy and confidentiality of data.
Applicable Legislation & Standards
According to the European General Data Protection Regulations (GDPR), Leeuwenhoek with company registration number 594173 and registered address at 64 O’Connell Street, Ennis, Co. Clare is a Data Controller. The GDPR requires that all personal and health information used or disclosed to Leeuwenhoek in any form, whether electronically, on paper, or orally, are kept properly confidential.
Leeuwenhoek furthermore follows strict quality management standards and strives to fully comply with the ISO 15189 standard (Medical laboratories – Requirements for quality and competence) and the National Compliance Monitoring Authority for Good Laboratory Practices. This implies that Leeuwenhoek meets both technical competence requirements and management system requirements that are necessary for consistently delivering technically valid results whilst ensuring that the confidentiality of customer information is maintained at all times.
Personal Data Collection
Leeuwenhoek offers health screening services for which personal data needs to be collected, processed and retained. When ordering a health screening package, a request form is to be completed by the customer disclosing the following personal information: name, surname, date of birth, gender, contact details (address and/or telephone number and/or e-mail), relevant clinical information (that may impact test results), GP/ physician name/ clinic. Explicit customer’s consent for the processing and retention of this data is required before screening can commence.
The data will not be subject to automated decision making.
Access to Personal Data
In compliance with the GDPR and the Freedom of Information Act, individuals have the right to access their information by making an access request (refer to section “Customer Right of Access & Amendment“ below).
Access to the computer and electronic systems is granted to authorised personnel only.
Reporting/ Sharing Test Data
The customer selects how results are reported to them. Options available are through
To ensure the customer’s privacy, Leeuwenhoek will not disclose information over the telephone or to family, friends, or spouses unless prior written consent is given. Information is never disclosed in messages with others.
Leeuwenhoek will only release test data to comply with legal requirements such as a court order, child protection cases, or infectious disease notification.
For the results of some
Any other uses and disclosures will be made with the written authorization of the customer to their personal GP or physician only.
No data is transferred outside the EU.
Leeuwenhoek retains test records for traceability and legal liability purposes for a minimum of ten years from the date of test, and for minors the period until they reach the age of 18 plus a minimum of ten years (i.e. up to the age of 28). Test samples are retained for up to six months. Thereafter records and samples are destroyed under confidential conditions.
Leeuwenhoek will seek specific customer consent to retain, use and process personal contact details for the purpose of:
- Providing information or other
health relatedservices that may be of interest to the customer such as special offers;
- Reminders for a new appointment for health screening;
- Sending out surveys for quality improvement (customer
focussed) and marketing purposes. Surveys may be completed anonymously at customer’s discretion.
Leeuwenhoek will seek specific customer consent to retain, use and process anonymised test samples/ data for the purpose of performing:
- Quality control activities;
- Process/ test validation; and
Information collected and/or retrieved by Leeuwenhoek website is encrypted via an SSL/HTTPS connection to protect visitor’s information from unauthorised parties.
Correspondence through the website www.leeuwenhoek.ie “contact us”
The website contains links to other websites and Leeuwenhoek is not responsible for the content or privacy practices of these external sites.
Leeuwenhoek collects information that shall not be used to identify or contact a customer. This includes IP addresses, referring website, duration of stay, time/date, browsing actions and patterns, etc. This information is used to better understand where visitors come from and to improve the website design/ usability. Leeuwenhoek may share this data with trusted third parties for marketing purposes only.
Customer Right of Access & Amendment
A customer may inform Leeuwenhoek of any changes in their personal data which will be amended or removed accordingly.
A customer may submit a written request to Leeuwenhoek to
Customer Right of Complaint
A customer has the right of
Changes will be effective immediately upon posting to the website.
 To obtain formal acknowledgement Leeuwenhoek will seek accreditation to ISO 15189 at the earliest convenience, i.e. when sufficient historical evidence of compliance is available.
 Anonymising refers to the irreversible removal of all traceable links to the customer identification.