MedLab Data Protection Policy
It is the policy of MedLab (MLP) supported by its board of directors, to take steps to ensure that your information is kept confidential and secure and to otherwise protect and respect your privacy. MLP will only ever collect and process the minimum amount of information required in order to provide our pathology services.
Who is the data controller?
Our Data Protection policy together with your terms and conditions sets out the basis on which any information MLP collects from you, or that you provide to MLP, will be processed by MLP. Please read the following carefully to understand our views and practices regarding your information and how we will treat it.
MLP as a data controller and/or processor
In providing products and services, MLP may be acting as a data processor on behalf of a third parties (such as clinicians, hospitals and/or insurers) who will themselves be the data controllers, or as a data controller (if for example you are an employee). Where acting as a data controller, MPL will comply in full with this policy. Where acting as a data processor, MLP will be required to act on the instructions of the data controller
Information MLP may collect from or about you
Typically the information about data subjects that is processed by MLP comes from clinicians that you visit for healthcare purposes, but it may also be collected via email, over the phone or any other means of communication. They send us personal information in addition to pathology samples (body fluids or tissues) and request tests are carried out upon those samples.
The information provided to MLP may include:
- your name, date of birth, gender, address, e-mail address and in some cases phone number and card payment details, and medical history;
- practice details of the requesting clinician such as address, specialities and secretary information;
- information that is necessary to process invoices including patient demographics, financial, bank and credit card information, medical and insurer specific information such as insurer name and policy/identification details;
You may also give MLP information by accessing or filling in forms on its websites at: /test-information/request-forms.aspx, ('MLP sites') or by corresponding with MLP via its products and services, by phone, e-mail or otherwise. This includes information you provide when you register to use MLP's sites, or place an order on MLP sites.
Uses of the information you provide
MLP will use this information:
To carry out MLP's obligations arising from any contracts entered into between your clinician and MLP and to provide them with the information, products and services request from MLP such as:
- the provision of pathology services, and associated processing of bills for payment;
- providing test requesting and results delivery management tools
- to process invoices on behalf of various parties, such as clinicians, hospitals and insurers;
- for process management and improvement;
- to notify you or your clinician about changes to MLP's products and services and to otherwise manage MLP's communications with you; and/or;
- to ensure that content from MLP's sites are presented in the most effective manner for you and for your computer.
Disclosure of your information
MLP may share your information with selected third parties including:
- any member of its group, which means its subsidiaries, ultimate holding company and its subsidiaries;
- business partners, referral laboratories, suppliers, insurers, logistics companies, debt management agencies, and sub-contractors required for the performance of any contract MLP enter into with them, you or your clinician;
- National screening or public health monitoring schemes such as the Institute of Public Health Ireland;
When MLP shares such information, it will ensure that it is only sharing as much information as is required to fulfil the purpose for which it is sharing it.
MLP may also disclose your information to third parties if MLP are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply MLP terms and conditions and other agreements; or to protect the rights, property, or safety of MLP, its customers, employees, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your information
Unless specific consent is sought and received, or another of the conditions for transferring data outside the EEA under GDPR satisfied (such as the inclusion of EU model contractual clauses in our contract with the supplier/ third party) we will not transfer your information outside of the EEA. The policy of your Data Controller, which could be your hospital, clinician, insurer etc… may be different to this so you should check carefully the relevant privacy policies in order to fully understand their implications.
Under the General Data Protection Regulation you are given certain rights to control aspects of the processing of your information. You can exercise these rights at any time by contacting MLP via the methods set out in the Contact section below.