GDPR

Charter regarding the protection of personal data

As healthcare professionals, we are already obliged to keep your personal data confidential. The purpose of this charter is to reaffirm BioneXt Lab’s commitment to these principles and to remind our stakeholders of their rights in relation to personal data protection.

1. We always prioritise the security of the personal data you provide.

We reaffirm our commitment to ensuring the security of our stakeholders’ data, which is at the heart of everything we do.
The solutions that we use to store or process our stakeholders’ data are subject to stringent validation and certification procedures.
We are committed to promoting good practice among stakeholders with regard to account safety and preventive measures.

2. We use the data you provide for your benefit.

We use data in order to provide stakeholders with good quality, high value-added personalised services, offering them everything they need to help them make the best decisions.
We can explain to stakeholders how their data is used in a fully transparent manner. Please contact us using the following methods:

Email: dpo@bionext.lu
Telephone: +352 285 777 778
Post: Laboratoire BioneXt Lab
To the attention of the Data Protection Officer
2-4, rue du Château d’eau / L-3364 Leudelange

3. We are fully transparent with regard to our use of your personal data.

We shall provide our stakeholders with a clear, concise and accessible explanation of how we process personal data, in addition to information regarding their rights in this area and how to exercise them.
We shall engage in dialogue with our stakeholders, to allow us to develop with them and respond to their needs in the best possible way.

4. We give you full control over the content of your personal data and how it is used

We will never collect nor process any of our stakeholders’ personal data without their knowledge and will respect their rights in accordance with the regulations governing our laboratory. We will act in the vital interests of patients in order to ensure continuity of care.

YOUR RIGHTS in accordance with articles 13 and 14 of the General Data Protection Regulation:

  • Right of access: The right to obtain, from the Data Protection Officer (DPO), confirmation as to whether or not personal data is being processed, and, where this is the case, access to information regarding the purposes of the processing, the categories of personal data used, the recipients of the data, the period for which the data will be stored or the criteria used to determine that period, the existence of the right to request the rectification or erasure of data or restriction of processing and the right to object to this, the right to lodge a complaint with the relevant national data protection authority, or information regarding any transfer of personal data to a third country.
  • Right to rectification: The right to request, from the DPO, the updating or rectification of inaccurate personal data.
  • Right to erasure: The right to obtain from the DPO the erasure of personal data when this data is no longer necessary in relation to the purposes for which it was processed, when the data subject withdraws their consent, when the data subject objects in accordance with their right to object to processing or when there is no legal ground for the processing.
  • Right to restriction: The right to obtain from the DPO the restriction of processing when the processing is unlawful, when the data is no longer necessary for the purposes of processing but is required for the establishment, exercise or defence of legal claims, or when the data subject objects to processing in accordance with their right to object.
  • Right to data portability: The right to receive the data provided to the DPO in a structured, commonly used and machine-readable format and the right to transmit this data to another organisation without hindrance.
  • Right to object: The right to object, at any time, on grounds relating to the data subject’s particular situation, to the processing of personal data, including when this data is processed for direct marketing, profiling, scientific or historical research, or statistical purposes. The DPO may continue such processing if they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.

5. We do not sell our stakeholders’ personal data.

Potential transmission of this data beyond partners of BioneXt Lab shall only occur, with clear information for stakeholders, in order to satisfy regulatory obligations or for third-party benefits that have previously been subject to stringent validation and certification procedures.

Dr Jean-Luc Dourson

Glossary

Personal data
Any information related to a natural person that can be used to directly or indirectly identify them. This may include first name, last name, date of birth, home address, e-mail address, photograph, telephone number or bank details (this list is not exhaustive).

Processing
Any operation performed on personal data, whether or not by automated means. This may include collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Stakeholders
BioneXt Lab representatives, patients, issuers, employees, and any partners used within the context of the laboratory’s activity.