Data protection

The LNS is a public institution under the supervision of the Ministry of Health. Its head office is located at 1, rue Louis Rech, L-3555 Dudelange.

The purpose of the LNS is :

• To develop analytical activities and scientific expertise related to the prevention, diagnosis, and monitoring of human diseases.
• To ensure the role of a national control or reference laboratory.
• To carry out missions of a forensic nature.

Why is some of your data collected?

The LNS needs to collect your personal data for the following activities:

• Collection
• Sample analysis
• Transmission of results.

What data is collected?

The following data is collected:

• Your name(s) and surname(s)
• Your postal address and email address
• Your telephone number
• Your registration number
• Your health data necessary for the activities of the LNS

How is my data collected?

This personal data may be collected directly from you during your appointment at the LNS, for example.

It may also be collected indirectly through partners or clients (hospitals, doctors, private laboratories, etc.) who need to use the LNS’ expertise. In this case, a secure transmission of your data is ensured.

How is my data processed?

Your personal data will be subject to computer processing which may be based on Article 6 1. e) of the GDPR. Indeed, the LNS is entrusted with a mission of public interest by the Ministry of Health. The processing of your data may also be based on a legal obligation (art. 6 1.c)) or justified by a legitimate interest (art. 6 1.f)) and even on your consent (art. 6 1.a)).

The processing of health data by the LNS is carried out:

• For the purposes of medical diagnosis and to enable the health care of individuals (art.9 2.h))
• For reasons of public interest in the field of public health (art. 9 2.i))
• For the conduct of scientific research (art.9 2.j))

The LNS only processes personal data that are strictly necessary for the purposes of carrying out the services requested in relation to your care and administrative processing and its other legal obligations such as reporting infectious diseases to the Director of Health, reporting to the Caisse national de santé (CNS), etc.

Is your data transferred to other recipients?

The LNS is the recipient of your data.

In order to carry out its missions, the LNS may transfer your personal data to its partners and/or subcontractors, in particular in the context of

• Performing specific examinations
• Conducting and/or participating in scientific research

The list of LNS subcontractors (List of third parties_20211105) is available upon request to the DPO.

LNS partners include, but are not limited to, physicians, private and public health care and medical institutions, laboratories, and the public administration.

Your personal data may be transferred outside the European Economic Area (EEA) provided that security and confidentiality guarantees are equivalent to those practised in the EEA are put in place.

How long will your data be kept?

Personal data collected by LNS directly or indirectly is kept for at least ten (10) years on the LNS’ active database.

At the end of this period, your data is archived in an archive database with limited access rights until the expiry of the common law period, i.e., thirty (30) years (art. 2262 of the Civil Code).

What are my rights regarding the protection of my data?

You have the right to request access to your personal data and to obtain a copy of it and, in the event that your personal data is incomplete or incorrect, to have it rectified. You also have the right to limit the processing of your personal data, the right to object to their use, the right to obtain their portability as well as the right to obtain their deletion, under the conditions and within the limits provided for by the General Data Protection Regulation.

You may request to exercise the rights listed above by submitting a written and signed request, with proof of your identity, to the LNS DPO at the following address:

Laboratoire national de santé

Att. Data Protection Officer

1, rue Louis Rech

L-3555 Dudelange

Or by e-mail to the following address: dpo@lns.etat.lu.

Your request will be dealt with within a suitable time.

Finally, you can lodge a complaint with the National Commission for Data Protection (“CNPD”) if you feel that your rights have not been respected: https://cnpd.public.lu/fr.html.

When you browse the LNS website, the LNS may collect and use some of your personal data in its capacity as data controller.

Why is this data collected ?

The personal data collected via the LNS website allows us to:

• Provide you with services: respond to contact requests, register for an event, send documentation or information, job offers
• Provide you with optimal browsing on the LNS website: adapting the display according to the terminal used, detecting the user’s language, storing preferences, etc.
• Offer you sharing functions on social networks
• Display videos in an optimal way on your terminal
• Carry out statistical analyses of visits to this site and thus optimise it.

Whata data is collected about you?

We collect your personal data when you browse this website (via cookies) and when you use the services offered on this website (e.g., contact request).

Through forms

When you fill in a contact form or respond to an advertisement on our website according to your profile. This may include the following data:

• Your profile
• Name and surname
• Telephone number and e-mail address
• Subject and content of your message
• Media
• Area of interest.

Via cookies

Some data is collected automatically as a result of your visit to the site, through the use of cookies.

Several types of cookies are used by the LNS website:

• Internal cookies necessary for the site to function optimally
• Third party cookies for audience measurement
• Third-party cookies intended to improve the interactivity of the site and its multimedia content.

Social networks may collect data relating to your browsing on our site and associate it with data about you that they hold.

We invite you to consult the privacy protection policies of these networks in order to learn about the purposes of use, particularly advertising, of the browsing information they may collect thanks to these application buttons.

Is your data shared with other companies ?

Some of your personal data may be shared with some of our service providers, who work with LNS in particular to

• Improve the navigation, content, and interactivity of our website (Google, YouTube, Facebook, Twitter)
• Hosting our website.

We undertake to share this data only with these service providers.

How long will your data be kept ?

We endeavour to keep your personal data for no longer than is necessary for the purposes set out here or as required by applicable law.

Data collected by cookies is retained for a maximum of two (2) years.

Non-cookie data is retained from the time of collection for the time strictly necessary for processing and is then deleted.

On what legal grounds is your data processed?

The processing of your data collected on our site is based on legal grounds:

• Your consent, in particular for canvassing, the placement of analytical and advertising cookies, and contact requests
• The pursuit of legitimate interests for the deposit and management of functional cookies in order to ensure the proper functioning of the site.

Your data and your rights

In accordance with the regulations, you have the right to access, rectify, object to, delete and port your data collected via this website.

To exercise your rights, contact the LNS Data Protection Officer (DPO) at the following e-mail address: dpo@lns.etat.lu or at the following postal address:

Laboratoire national de santé

Attn. Data Protection Officer

1 rue Louis Rech

L-3555 Dudelange

If you feel that your rights are not being respected, you may also make a complaint to the National Commission for Data Protection (“CNPD”), https://cnpd.public.lu/fr.html.