1 Public Statement
At Unilabs, we CARE BIG. This means that it is part of our culture to protect what our customers care the most about, of course this includes their personal data. We have always treated personal data with the highest level of security within our organisation and by complying with applicable data protection laws. The implementation of the EU data protection framework – or General Data Protection Regulation (GDPR) – imposes a new set of rules that Unilabs will be compliant with.
Where does Unilabs stand with GDPR?
Wherever personal data is entrusted to any of our companies, we are dedicated to meet with GDPR requirements. This not only applies to the processing of patient data, but also that of our employees, customers, suppliers, business partners and other individuals whom we have work relations within the framework of our activity.
We have screened GDPR requirements, with the support of a top-ranked firm in data protection, and have set up a data protection team, led by a Group Data Protection Officer.
Data processing: GDPR requires that personal data be collected and processed fairly, and for specified, explicit and legitimate purposes. Our processing operations are inventoried in a register, and each of them rely on a clear legal basis. For example, a processing operation can be necessary for the performance of a contract, or for the purpose of legitimate interests pursued by Unilabs. We take particular care when we resort to third parties to process the personal data they are entrusted with and ensure that our data processors are subject to appropriate due diligence and contractual agreements.
Transparency: GDPR requires that personal data should always be controlled during its lifecycle, and appropriate steps taken to ensure it is adequate, relevant, limited, accurate and up-to-date. We are fully transparent on how personal data is processed by our companies. Personal data is mapped to allow collection, storage, usage, modification or deletion of such data according to GDPR requirements and data subjects’ requests.
Data security: At Unilabs, data security is of the utmost importance to us. We implement all appropriate technical and organisational measures to provide the highest level of security and ensure personal data is accessible and protected.
You can also read our dedicated GDPR FAQ document to find out more on how we stand with regards to the new legislation.
At Unilabs, we do our best to provide an incredible customer experience. We will continue to make additional required operational changes following on from the new legislation, and will keep our clients, patients, providers and all regulatory authorities informed throughout this development.
GDPR is a great opportunity to work hand in hand with every healthcare organisation in order to provide better care to individuals, whom entrust us with the protection of their personal data.
If you would like to know more about GDPR’s requirements, read more about the new regulation on the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en
For more information about our compliance journey mail us at firstname.lastname@example.org.
This document is provided as of April 2018, for informational purposes only and not to be relied on for any reason. It is subject to change or removal without notice.
2 Information notices
The GDPR requires data controllers to provide to data subjects information about their processing and related matters and the rights of the data subjects in a succinct, transparent, clear and easily accessible form, using plain language.
- Unilabs Global Information notice to Healthcare professionals
- Unilabs Global Information notice to Job applicants
- Unilabs Global Information notice to Journalists
- Unilabs Global Information notice to Suppliers
- Unilabs Global Information notice to Website Visitors
3 Information of your rights
3.1 Access. You have the right to request information on whether we process personal data about you as well as to request access to this personal data. You have the right to know why we collect the personal data and how we process it, what kind of personal data we process, which organisations receive the personal data and how the personal data is stored.
3.2 Objection to the processing. You have the right to object to personal data processing which is based on our legitimate interests. However, if we have compelling legitimate grounds which override your interests, rights and freedoms, we may have a right to continue the processing. Where processing is based on consent, you have the right to withdraw your given consent for Unilabs’ use of your personal data. This will not affect the use of the information about you prior to you withdrawing the consent.
3.3 Objection to processing for direct marketing purposes. You always have the right to object to our processing of your personal data for direct marketing purposes.
3.4 Rectification. You are entitled to request rectification of inaccurate or incomplete personal data, limitation of our processing and completion of incomplete personal data.
3.5 Erasure. You also have the right to request that your personal data is deleted under certain circumstances, for example if the information is no longer necessary.
3.6 Restriction of processing. You have the right to request that the processing of your personal data is restricted. There is a risk that we will be unable to provide you with our services during the time the processing is restricted.
3.7 Data portability. Under some circumstances you have the right to gain access to your personal data in a structured, commonly used and machine-readable format (data portability) and have the right to transmit those data to another controller. This right is limited to personal data that you have provided us with, if it is being processed for the purpose of fulfilling a contract with you or based on your consent.
3.8 If you have any questions relating to our processing of personal data, you are welcome to contact us. The contact information can be found in paragraph 1 above. If you want to make a complaint about the way we process your personal data you have the right to do so to the Data Protection Authority.
4.2 In general terms, cookies are small scripts which are sent to your web browser on your computer, to your mobile phone or other technical devices that you use. The cookies are used to store information on the technical device and they act as a memory which means that your technical device is remembered when you revisit the website.
There exist two kinds of cookies, session cookies and persistent cookies. Session cookies only exist until you shut down the web browser on the technical devise. Persistent cookies exist for a longer, specified period.
4.3 The information collected by cookies may include the following:
- Time of visit, pages visited, and time spent on each page of the webpages
- Referring site details (such as the URI a user came through to arrive at this site)
- Domain, browser type and language
- Country and time zone
- Click behaviour
- Type of operating system (OS)
- Network location and IP address.
- Document downloads
- Clicks on links leading to external websites
- Errors when users fill out forms
- Clicks on videos
- Scroll depth
- Interactions with site-specific widgets
4.5 To modify the cookies, use the browser settings. Every web browser is different but you can always use the Help menu on your browser to learn how to change your cookies. The changing of cookies needs to be done on every browser that you use if you want the cookie settings to be the same. If you turn off your cookies you need to be aware of the fact that some of the services on the website may not function properly.
4.6 Information that can be used to identify users of the website will be disclosed to third parties (Google analytics). Information that cannot be linked to the identity of the user may be disclosed. The amount of the time that the information received from the cookies is stored depends on how often you visit the website.
5 Further questions
Please, contact us if you have any further questions concerning this policy. The contact information can be found in paragraph 1 above.