Effective Date: August 16, 2018
THIS EU PRIVACY / TRANSPARENCY NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This version of our Privacy / Transparency Notice reflects changes in recent data protection laws including the recent General Data Protection Regulations (GDPR). When we refer to “Agendia” we mean the Agendia entity including Agendia NV and Agendia Inc. that acts as the processor of your information, as explained in detail in the sections below.
We have locations in the United States and in the Netherlands. If you are a US citizen, please see our Notice of Privacy Practices under HIPAA.
We have worked hard to achieve compliance with the General Data Protection Regulations (GDPR) and US Privacy Shield to demonstrate that we protect data to EU standards. If you have any questions or wish to make a request in relation to your information, please contact us at:
Science Park 406
1098XH Amsterdam, The Netherlands
+31 (0)20 462 1510
Agendia takes your privacy very seriously. We collect, use, store and share information about you and the outcome of the tests we have performed for you. The countries to which we transfer and store information are the United Sates. The EU Commission has confirmed that EU personal data may flow to the United States where there are additional safeguards in place. Agendia has adopted the EU Model Clauses for third country transfers. A copy of these can be provided upon request.
‘Data Controller’ means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data.
‘Data Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Health Care Provider’ means health professionals who provide health care services. Sometimes, the term refers only to physicians. Often, however, the term also refers to other health care professionals such as hospitals, nurse practitioners, chiropractors, physical therapists, and others offering specialized health care services.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available alignment or combination, restriction, erasure or destruction.
‘Personal data’ means any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.
‘Customer data’ means any information created by an authorized user of services or software under contract, for which the Customer is the controller and Agendia is the processor.
‘Other information’ means information provided by individuals when interacting with agendia.com website and information maintained by Agendia for marketing and communication purposes (e.g., contact databases, email lists).
How We Collect Information?
We collect information about you indirectly – when your health care provider sends your information and asks us to perform testing.
The information we collect will be sent to us by email, fax or web portal and stored on computer and electronic systems.
The information includes Personal Data:
- Basic details about you, such as address, date of birth and insurance number.
As well as Sensitive Personal Data:
- Reports about your health care
- Results of laboratory tests
Health care providers are usually permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to health care information (GDPR Article 6 (1) Processing in the public interest and Article 9 (h) Delivery of Healthcare).
Agendia is acting as a Data Processor on behalf of your health care provider who is the Data Controller. We will only process personal and sensitive personal data as instructed by your health care provider.
How We Use Your Information?
Agendia will use your information for your care in the following ways:
- Receive a request for testing from your health care provider.
- Make a record within our systems of the request and any communications we have with you or your health care provider.
- Test your samples within our laboratory.
- Make an assessment of the test results.
To undertake these activities, your information will be shared internally across our teams. We will work to ensure that only the right people have your information and that they are only given the information they need.
For more information about what the tests are visit http://www.agendia.com/patients/
How Else Do We Use Your Information?
Along with activities related directly to your care, we also use your information in ways which allow us to check that care is safe and provide data for the improvement and planning of services.
This involves using your information to improve Agendia’s laboratory operations for administrative and quality assurance purposes through:
- Conducting quality assessment and improvement activities – checking that the results of the test you received were accurate and of good quality.
- Training and obtaining accreditation, certification or licensing activities.
Where it is necessary to arrange and collect payment for Agendia services or to check whether you are eligible under your health plan, we will share your information with the relevant organization. This will usually be the health care provider that ordered the test or an insurance company / health plan.
Who Do We Share and Disclose Information With?
Agendia works hard to ensure that only the right people have your information and that they are only given the information they need:
- Your information will be shared internally across our teams such as our laboratory directors, laboratory staff and administrative teams so that we can deliver the services described above.
- When you are referred to another health care provider, we will share your information with them so that they can follow your treatment plan.
Once we have shared information with another health care provider, they take on full responsibility for the lawful and secure processing of your information. You have a right to object to us sharing your information with sharing partners. Our Customer Service department will be happy to discuss this with you.
Agendia may engage third party companies or individuals as service providers or business partners to process information and support our business. These third parties may, for example, provide clinical systems and equipment (e.g., billing, connectivity and computer servers, etc.).
Personal data will never be made available to organizations not involved in your care delivery without letting you know and giving you a chance to object.
We have contracts in place with these organizations that prevent them from using it in any other way than how we tell them to. These contracts also require them to maintain good standards of security to ensure your confidentiality. In these terms, they serve solely as Processors, and not Controllers.
Will We Share Information Without Asking?
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly.
Examples might be:
- Sharing with the police or tax authorities for the detection or prevention of crime.
- Where it is in the wider public interest – to keep the public safe for example.
- To safeguard children or vulnerable adults.
- To report infectious diseases.
- Because the court has told us we must share.
What Are My Information Rights?
Data protection law provides you with several rights that Agendia is committed to supporting you with. We will do this by cooperating with your health care provider fully and promptly when you make a request or raise a query.
- Right to Access
- Right to Object or Withdraw Consent
- Right to Correction
- Right to have your information sent to another provider
- Right to restriction (ask us to stop processing your information while you make inquiries or complaints)
For more detailed information on your rights, please contact your health care provider and we will support them to provide what you need.
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Customer Service department for more information.
Do We Use Profiling or Automated Decision Making?
No. While the technology that Agendia uses includes application of certain information to aid in treatment management decisions, the decision about how or whether to provide you with care is made by your health care provider.
Our Customer Service department will be happy to speak to you about this if you have concerns or objections.
How Do We Protect Information?
Agendia is committed to ensuring the security and confidentiality of your information. There are a number of ways we do this:
- Staff receive regular training about protecting and using personal data.
- Policies are in place for staff to follow and are regularly reviewed.
- We check that only the minimum amount of data is shared or accessed.
- We use controlled access to systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’.
- We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information.
- We report and manage incidents to make sure we learn from them and improve.
- We put in place contracts that require providers and suppliers to protect your data as well.
- If we send information outside of the EEA, we have measures in place to protect it.
How Long Do We Store Information?
Agendia will retain and or store your information in accordance with applicable law. We may retain other Information pertaining to an entity or individual for as long as necessary for the purposes described in the Privacy Notice. All personal data is destroyed when it is no longer needed.
Changes to the Terms of this Notice