By “Personal Data” we mean any information relating to an identified or identifiable natural person, as further defined in the General Data Protection Regulation (EU) 2016/679.
By “Data Controller” we mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, as further defined in the General Data Protection Regulation (EU) 2016/679.
- Services and Website
By using The Services or accessing our website via a web browser at https://coronalab.eu/ (“Site”), including all related documentation and related services, Personal Data is processed by Coronalab.eu.
- What Personal Data is processed by using Site and/or Services?
There is a variety of Personal Data that is processed when you use our Services and/or the Site. This Personal Data may be provided by you directly or it may be information that results from your use of the Site. Depending on the service you use, Coronalab.eu may collect the following personal data:
- Email address;
- Telephone number;
- Information about your appointment;
- IP address;
- Medical information: result of the test.
- Purposes of data processing
Coronalab.eu will only process your Personal Data for specific purposes. The personal data collected by us under Section 3 is used for the following purposes:
- Scheduling an appointment;
- Providing a test result via secure e-mail;
- To call or e-mail (if necessary) to provide our Service such as relaying a positive PCR test result.
- Sending your order(s) from our webshop;
- Keep track of your preferences;
- Improving our service to you;
- Performing other services that you have requested;
- Follow up correspondence (phone inquiries, e-mail or live chat);
- Sending newsletters;
- Use and Sharing of Personal Data
5.1 Through the Site and/or Services, Personal Data that you provide will be used to enable you to use all the functionalities, features and benefits of our Services.
5.2 We may anonymize your Personal Data by processing it so that it is impossible to identify any particular individuals (e.g., by removing all pieces of information which might allow an individual to be identified such as IP address and carrying out a process to make it impossible to re-identify that individual) and use that anonymized information for any purpose.
5.3 Except as provided for in the next section, we will only share your Personal Data with our affiliated companies and external service providers, including service providers established in the United States, we trust. This means that your Personal Data may be transferred outside of the European Economic Area (EEA) to countries that may provide a lower standard of protection for your information. When we transfer your Personal Data outside the EEA, we do so in compliance with applicable data protection laws and will ensure that your information is kept secure and the recipient has an adequate level of security. We will rely on appropriate contracts or suitable safeguards with recipients in countries outside the EEA to ensure your Personal Data is properly protected. Please contact us using the details below should you wish to find out more information on the contracts and suitable safeguards..
5.4 We will not share your Personal Data with other persons or organizations, unless we believe in good faith that this is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, respond to a government request or otherwise exercise our legal rights or defend against legal claims; and when we believe it is necessary to share information in order to assist in an investigation regarding, or to prevent, illegal activities, suspected fraud, or situations involving potential threats to the safety of any person.
5.5 Personal data will be deleted after 14 days after the client have taken the test.
- Third Party Analytics / Cookies
6.1 When the Site is used, we may automatically collect information on the usage of the Site by its users. For instance, what kind of functionalities are used and how long users spend on each page in the Site. We use this information to analyze the usage of the Site and identify opportunities for further development and optimization of our services. The (third party) analytical tool (e.g. Google Analytics) that we use collect and analyze this kind of information for us.
- Your Rights and Choices
In accordance with the General Data Protection Regulation (GDPR), you have the:
Right of access. You may contact us to get confirmation as to whether or not we are processing Personal Data concerning you. Where that is the case, we will inform you about the categories of Personal Data we process, the processing purposes, the categories of recipients to whom Personal Data have been or will be disclosed and the envisaged storage period or criteria to determine that period.
Right to rectification. You have the right to have inaccurate or incomplete Personal Data, we store about you, rectified or completed.
Right to object. In case our processing operations are based on a legitimate interest of us, you have the right to object at any time against these processing operations. We will then no longer process your Personal Data, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to restriction of processing. You have the right to obtain from us restriction of processing your Personal Data in specific situations as foreseen by applicable data protection law (e.g. when the accuracy of your Personal Data is contested by you, for a period enabling us to verify the accuracy of your Personal Data).
Right to erasure. You have the right to ask us to erase your Personal Data from our systems if your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. Furthermore, you have the right to erasure if you exercise your right to object as meant above, unless we have an overriding legitimate ground to not erase the relevant data. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible.
Right to data portability. You have the right to receive your Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided to us.
We process your Personal data on the basis of your given consent, you always have the right to withdraw your consent.
You also have the right to file a complaint before your local data protection authority if you believe that we processed your Personal Data unlawfully. For the Netherlands, see: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap
- Data Retention
The Personal Data listed under Section 3 will be not be kept in an identifiable form for longer than necessary. We determine the retention period of your Personal Data on the basis of the following criteria: (a) the purpose for which we use your Personal Data: we keep the data as long as necessary for that purpose; and (b) legal obligations: various laws and regulations impose minimum retention periods we are obliged to comply with.
We are concerned about safeguarding your Personal Data against unauthorized access, use and loss. We have appropriate administrative, technical, and physical measures in place to safeguard the Personal Data specified under Section 3. To protect your Personal Data, we have taken appropriate security measures. In particular, we have taken the following security measures:
- Secured website;
- Coronalab.eu ensures that your Personal Data is safe by using only encrypted network connections;
- SSL certificate;
- Encrypted database;
- Coronalab.eu uses encrypted passwords;
- Monitoring the platform on errors and traffic;
- Coronalab.eu has taken physical and digital measures for access protection of the systems in which personal data is stored.
- Third Party Sites and Services
The Site may contain links to websites, other apps and other online services operated by third parties that are not under our control. We are not responsible for the collection, use, and disclosure of your Personal Data on those websites and other online services by those third parties. We encourage you to review the privacy policies of each website and other online services you visit.
11. Participation in anonymous research
If, after obtaining your test result, you have given permission for the anonymous use of your material to promote knowledge about the corona virus and its distribution, you have the right to withdraw this permission at any time.
There is no automated decision-making on our Site or through our Services.
- Updates to this Data Protection Policy
- Contact and Questions
In order to exercise the above-mentioned rights, or if you have any questions about our privacy practices or our use or disclosure of your Personal Data while using the Site or Services, please contact us via firstname.lastname@example.org.
To ensure that the request for access has been made by you, we ask you to send a copy of your ID with the request. Please ensure that your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) is made black or unreadable in this copy. This is to protect your privacy. We will respond to your request as soon as possible, but within four weeks.
Contact details of Coronalab.eu / data protection officer:
Telephone number: 020 723 1760