- The Laboratory
- Organization
- Departments
- Jobs
- Analysis book
- Contact
- News
- Publications
- Download
The Laboratoire national de santé (LNS) is committed to meeting patients’ needs and protecting their privacy.
In this respect and in accordance with the European Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, also known as the General Data Protection Regulation (GDPR)) and the Law of 1 August 2018, LNS, as data controller, has drafted a data protection policy that applies to both its analytical laboratory activities and its website.
The data controller is the LNS, a public institution under the supervision of the Ministry of Health, whose head office is located at 1, rue Louis Rech, L-3555 Dudelange.
To ensure compliance with these regulations and protect your privacy, LNS has appointed a Data Protection Officer (DPO) who can be contacted at the following address: dpo@lns.etat.lu.
This policy sets out the purposes of data processing carried out by LNS. The purpose of this document is to inform you about the personal data we collect, why we use and share it, how long we keep it, what rights you have and how you can exercise them.
In the event of medical research using your data, specific information will be provided by LNS.
The purpose of LNS is to:
LNS needs to collect your personal data for the following activities:
Your data is collected in order to guarantee you appropriate care, within the framework of contractual relations and/or to carry out scientific studies or research.
The data collected are:
In the context of your contractual and/or commercial relationship with LNS, your personal data may be collected directly from you (during your appointment at LNS for example).
Your data may also be collected indirectly through partners or customers (hospitals, doctors, private laboratories, etc.) who need LNS expertise. In such cases, your data will be transmitted securely.
Your personal data will be subject to computerized processing which may be based on Article 6 1. e) of the GDPR. Indeed, LNS is invested with a mission of public interest by the Ministry of Health.
The processing of your data may also be based on a legal obligation (art. 6 1.c) of the GDPR) or justified by a legitimate interest (art. 6 1. f) of the GDPR) or on your consent (art. 6 1. a) of the GDPR).
In the context of commercial relationships, your data is collected to enable the development and management of the contractual relationship (art. 6. 1 b) of the RGPD).
Health data:
LNS processes health data:
LNS only processes personal data that is strictly necessary for the purposes of providing the services requested in connection with your care and administrative processing and its other legal obligations such as reporting infectious diseases to the Director of Health, reporting to the National Health Fund (CNS), …
LNS is the recipient of your data.
In order to carry out these tasks, LNS may transfer your personal data to its partners and/or subcontractors, in particular in the context of:
The list of LNS subcontractors is available on request from the DPO.
LNS partners include, but are not limited to, physicians, private and public healthcare and medical-social establishments, laboratories and public administration.
Your personal data may be transferred outside the European Economic Area (EEA) on condition that security and confidentiality guarantees equivalent to those practised in the EEA are put in place (in particular the conclusion of binding clauses and the implementation of advanced security measures).
Personal data collected directly or indirectly by LNS is kept for at least ten (10) years on LNS’s active database, unless otherwise required by law.
When you browse the LNS website, LNS collects and uses some of your personal data in its capacity as data controller.
We collect your personal data when you browse this website (via cookies) and when you use the services offered on this site (e.g. contact request, feedback and complaints).
The personal data collected via the LNS website allows us to provide you with the following services:
We collect your personal data when you fill in a contact form, create an online account or register for an event. This may include the following data:
The provision of services is carried out with your consent collected at the time of your request for the services offered in accordance with Article 6 1.a) of the GDPR.
Some of your personal data may be shared with our website host.
LNS may use third-party service providers to provide services and this may involve transfers of your personal data to countries outside the European Union/European Economic Area (EU/EEA). This transfer may occur if there is a European Commission decision stating that the country outside the EU/EEA provides an adequate level of data protection.
For transfers to countries outside the EU/EEA that do not offer an adequate level of protection, LNS will implement the appropriate protections provided by current data protection legislation (e.g., the conclusion of standard data protection clauses) or LNS may obtain your consent.
We will keep your personal data for no longer than is necessary for the purposes set out herein or as required by applicable law.
Your data is kept for the time strictly necessary for processing, from the moment it is collected, and is then deleted.
Some data is collected automatically when you visit the site, by means of cookies.
Several types of cookies are used by the LNS site, in particular to:
By clicking on the X, Instagram or LinkedIn button on our website, you will be redirected to these websites. These social networks may collect data relating to your browsing on our site and associate it with the data they hold about you.
These social networks have their own cookie and privacy policies, over which we have no control. We therefore invite you to consult the privacy protection policies of these networks in order to learn about the purposes for which they may use the browsing information they may collect through these application buttons, and in particular for advertising purposes.
MATOMO is an audience measurement tool used to generate statistics on visits to the LNS website.
The cookies used by MATOMO are hosted on LNS servers, meaning that only authorized persons will have access to your data. LNS has implemented technical and organizational measures to guarantee appropriate data security.
Some of your personal data may be shared with our service providers, who work with LNS to improve navigation, content and interactivity on our site (Google, YouTube, Facebook, X).
We undertake to share this data with these service providers only.
| Cookie category | Cookie name | Retention period |
| Analytical cookie (optional) | MATOMO | 13 months |
Some cookies are necessary to ensure the proper functioning of the site, improve interactivity and its multimedia content. Therefore, it is in our legitimate interest to collect and use this data (Article 6 1. f) of the GDPR).
Your consent is required for the placement of analytical and advertising cookies.
As part of its recruitment process, LNS is responsible for collecting and processing personal data in connection with your application for a position at LNS.
LNS collects and uses your personal data necessary for its recruitment process, which you decide to submit when applying for a particular position, including:
If you decide to attach letters of recommendation to your application, it is your responsibility to inform the persons providing the recommendation (before providing us with their personal data), that their personal data will be processed by LNS in accordance with this Recruitment Data Protection Policy. We will not contact referrers directly unless we have your consent to do so.
Only data required for the recruitment process is necessary for LNS, namely your CV and cover letter. Sensitive data such as data revealing your ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (which allows or confirms your unique identification), data concerning your health, data concerning your sexual life or orientation or any judicial data (e.g. criminal record) are not required in order to submit your application for a position advertised by LNS. However, such data may be collected in order to establish your employment contract if your application is accepted.
You can choose what type of information to submit as part of your application. The following categories of data are strictly necessary for us to consider your application for a given position:
In some cases, an LNS job advertisement may specify additional categories of personal data required for a particular position. If this is the case, the provision of this information is also mandatory (please check the job offer again).
The submission of any other information is entirely optional. By submitting non-mandatory data to LNS, you consent to the processing of your data for recruitment purposes.
Your data is collected directly, i.e. it is made available to us directly by you.
LNS may also collect your data indirectly by visiting professional social networks such as LinkedIn or via recruitment agencies.
The personal data you provide will be processed solely for the purposes of the LNS selection and recruitment process and in particular for:
Your data will be treated confidentially by the team in charge of recruitment (human resources and the department or service where a vacancy exists) if access to the data is necessary for the performance of their duties.
In the context of the recruitment of a position subject to approval or information by the Board of Directors in accordance with article 6 (2) of the law of August 7, 2012 creating the national health laboratory, your data may be communicated to our administrators.
We may also pass on your personal data to the following contacts:
We may also receive requests from third parties with the necessary authority to obtain disclosure of personal data. We will only respond to such requests where we are authorized to do so in accordance with applicable laws and regulations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
If you are hired, the personal data collected during the recruitment process will be kept in your personal file in the HR department.
In the event of an unsuccessful recruitment procedure, your personal data will be kept for a limited period of two (2) years in accordance with the law in force. At the end of this period, or following your objection to the processing of your personal data, your personal data will be deleted or destroyed.
You have the right to request access to your personal data and to obtain a copy of it, and, in the event that your personal data is incomplete or erroneous, to have it corrected. You also have the right to limit the processing of your personal data, the right to object to their use, the right to obtain their portability as well as the right to obtain their deletion, under the conditions and within the limits provided for by the General Data Protection Regulation.
It is possible to request to exercise the rights listed above by submitting a written, signed request and proof of your identity to the LNS DPO at the following address:
Laboratoire national de santé
Att. Data Protection Officer
1, rue Louis Rech
L-3555 Dudelange
Or send an e-mail to dpo@lns.etat.lu.
Your request will be processed within a reasonable time.
Finally, you can lodge a complaint with the National Commission for Data Protection (“CNPD”) if you feel that your rights have not been respected: https://cnpd.public.lu/en.html