Privacy statement Sanquin Diagnostics BV

Lastly revised in May 2018

This privacy statement was last updated in May 2018 and overrides previous versions. Diagnostics may amend this privacy statement from time to time. Diagnostics will keep you up to date with any changes by placing a revised version of the statement on our website.

Diagnostics - specialized diagnostic testing and advice

Diagnostics BV is part of the Foundation Sanquin Blood Supply. Diagnostics conducts specialised diagnostic testing and provides  on blood transfusions and immunology. It conducts genetic research on, amongst others, blood groups and diseases. Since we process your personal data, you have (as a data subject) a number of data subject rights.

Which personal data does Diagnostics collect, how and for which purposes? 

Diagnostics holds the personal data of patients, practioners and associates such as customers and suppliers. In any case, all of the data is personal. Examples of this data are:
•    Requests of tests containing data for identification of and description of medical conditions of you as a patient; 
•    Blood products and attached personal data to conduct the requested diagnostic tests;
•    Name, address, email and telephone number to be able to contact you as a practioner of associate;
•    Civil society number (“BSN”) to uniquely identify a patient;
•    Pseudonymised personal data for conducting scientific research.
Diagnostics collects personal data in the following ways: (1) we receive personal data from third parties such as a practioner or hospital to conduct diagnostic testing; (2) we receive personal data from third parties such as medical institutions or a company to conduct scientific research.
We also collect data that you have supplied to us yourself as a supplier or customer when we have contact with you or one of you colleagues.
Diagnostics uses this personal data for the following purposes:
•    Receiving and administering blood products and related personal data for diagnostic testing;
•    Conducting diagnostic testing and administering all procedures and results;
•    Sending on blood products and related personal data to another laboratory for diagnostic testing, including reporting of the results;
•    Reporting results of the conducted tests to the practioner and storing these results;
•    storing and delivering of unique/ rare types of blood products, for scientific research;
•    validating, calibrating and testing diagnostic equipment for Diagnostics and on behalf of third parties;
•    test blood products, plasma (semi-)products and samples for third parties and administering all procedures and results;
•    handling of and dealing with complaints and incidents;
•    maintaining contact with associates such as suppliers and customers for topics such as invoicing and conducting customer satisfaction surveys.

Additional information about the processing of personal data

How does Diagnostics ensure that your data is safe and how long does it store personal data?   

Diagnostics takes the necessary technical and organisational measures to guarantee that your personal data is well protected, for example against unauthorised or unlawful use, modification, unauthorised access or disclosure, accidental or unlawful destruction and loss. 

Additional information about who can access your personal data.

The general rule is that Diagnostics stores personal data for as long as it is needed. For diagnostic testing data are stored in principle for 15 years for longer to meet statutory obligations. Personal data collected as part of a medical treatment agreement is legally required to be stored for minimal 15 years. If the data is no longer needed, we destroy or anonymise the data. 

Does Diagnostics disclose data to third parties? 

The nature of its activities means that Diagnostics may share data of patients with the practioner as the requester of the diagnostic testing. Diagnostics also cooperates with the OLVG hospital in Amsterdam, which includes the exchange of blood products and attached personal data in certain cases.
We also may share your data with third parties to maintain contact with customers and suppliers.
In certain cases, Diagnostics may share your personal data with trusted third parties for the performance of certain technical and other services, e.g. hosting providers and telephone support services. All such third parties are obliged to adequately protect your data and only to process it in accordance with our instructions. Diagnostics has a written contract with each of these processors, in which these matters are settled (processor agreement).
Diagnostics may also share aggregate data, which is not traceable to the person, with third parties. Diagnostics makes sure that this non-personal information cannot be traced back to specific individuals. In addition, Diagnostics may share your personal data with supervisory bodies (such as the Health and Youth Care Inspectorate (Inspectie voor de Gezondheidszorg en Jeugd, IGJ)) and investigatory bodies if Diagnostics is legally required to do so. 

What are your rights as a data subject?

As a data subject you have the right to access your personal data registered by Diagnostics, to have rectified inaccurate data and, in certain cases, to have your data removed. 
You also have the right, in certain cases, to request a restriction of or to lodge an objection to the processing of the data and to request data portability.
To make sure that it is you requesting your data, Diagnostics asks you to provide proof of identity with a valid identity document.

Additional information about accessing your own personal data.

Contacting Diagnostics

If you have a question, you can contact us via: 
Sanquin Diagnostics BV 
PO box 9190
1006 AD Amsterdam
[email protected]

If you believe that Diagnostics does not comply with the above rules or does not do so adequately, or if you want to submit a complaint for another reason, please contact us via above PO box or mail.

Alternatively, you can submit a complaint to the Autoriteit Persoonsgegevens (AP). This is the independent Dutch supervisory body that monitors compliance with the statutory rules for the protection of personal data. You can contact the AP at: 

Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ Den Haag 
Tel.: +31 (0)88 – 1805 250

On behalf of the Stichting Sanquin Bloedvoorziening, the Data Protection Officer (DPO) advises and informs Diagnostics on data protection, and monitors data protection compliance by Diagnostics. You can contact the Data Protection Officer at Sanquin by this form