CLIENTS PRIVACY NOTICE
This Privacy Notice complies Data Protection Legislation. It serves as a notice for our clients including prospective clients. It notifies them about the personal data that the company holds relating to their relationship with the Company, for what purpose it is processed and for how long it is expected to be used.
INTRODUCTION
Clinipath Services Ltd. (hereinafter referred to as Clinipath, the Data Controller, the Company, our, we, us) respects the privacy of all its past, existing, and prospective clients and is dedicated to protect the personal data it has to process about such clients. We thus want to inform you how we use and protect your personal data. This includes informing you of your rights.
Data Protection Legislation: Data Protection Legislation: (i) unless and until the General Data Protection Regulation is no longer directly applicable in Malta, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in Malta and then (ii) any successor legislation to the GDPR or the Data Protection Act (Ch. 586 of the Laws of Malta).
CLINIPATH SERVICES LTD
Our full details are:
Name of our Data Protection Officer (DPO): Dr Laura Grech
Email address: info@clinipath.com.mt
Postal address: 217/3, Marina Street, Pieta, PTA 9041
Telephone number: +356 21221355
DATA WE MAY COLLECT FROM YOU
We may collect personal data from you because of a legal reason or because you have consented us to do so for a specific purpose.
Information you may give us during different stages of our relationship:
-
Identity Data includes first name, last name, identity card number and/or passport number.
-
Contact Data includes billing address, postal address, email address and telephone number/s.
-
Financial Data includes bank account and payment card details.
-
Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
-
Communications Data includes your preferences in receiving communication from us.[A1]
-
You may give us information about you, for example:
-
By filling in a form, sending us an e-mail or over a telephone call.
-
Requesting a quote for a service.
-
Purchasing a service.
If you fail to provide personal data which we need to collect by law, or under the terms of a contract we have with you, we may not be able to perform the contract we have or the contract we need to enter into with you (for example, to provide you with services). In such a case, we may have to cancel the service you have with us but we will notify you if this is the case at the time.
We may also receive information about you from third parties (including referring doctors and employer) and may receive information about you from them as part of the service we provide you.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
-
Where we need to perform the contract we are about to enter into or have entered into with you in relation to the service being requested.
-
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
-
Where we need to comply with a legal or regulatory obligation.
PURPOSE FOR PROCESSING YOUR PERSONAL DATA
Clinipath will process your data when:
-
You request us to quote for a service.
-
You enter into a contract with us for us to render a service.
-
You give us permission to do so.
-
To comply with the law.
MARKETING
We do not perform any direct marketing.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
SHARING OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below
-
Professional advisers including doctors, lawyers, auditors and insurers based in Malta who provide professional, insurance and accounting services.
-
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Special Category data, mainly health related data, is only shared with your referring doctor and this is only done when you consent us to do so. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We do not transfer your personal data outside the European Economic Area (EEA).
DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, and other third parties who have a business need to know and who are subject to a duty of confidentiality. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
RETENTION PERIODS
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
YOUR RIGHTS
You have the right to:
BE INFORMED
We are giving you this Privacy Notice to keep you informed.
ACCESS
Please contact our DPO if you wish to access the personal information we hold about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
RECTIFICATION
Please contact our DPO if you wish to rectify your information. We will also rectify the information you have consented us to pass onto third parties, if it is the case.
ERASURE
Please contact our DPO if you want us to erase all your personal data and we do not have a legal reason to continue to process and hold it.
RESTRICT PROCESSING
Please contact our DPO if you want us to restrict processing of your data. In this case we will restrict processing but we will still hold the data.
DATA PORTABILITY
Please contact our DPO if you want information on how to port your data elsewhere. This right only applies to personal data that you have provided to us as the Data Controller. The data must be held by us by consent or for the performance of a contract.
OBJECT
You have the right to object to us processing your data even when we do so for our legitimate interests. If you wish to object please contact our DPO.
WITHDRAW CONSENT
If you have given us your consent to process your data but later changed your mind, you have the right to withdraw your consent at any time. Please contact our DPO in case you wish to withdraw consent.
COMPLAIN TO A SUPERVISORY AUTHORITY
You have the right to complain to the IDPC if you feel that we have not responded to your requests to solve a problem. The supervisory authority in Malta is the Office of the Information and Data Protection Commissioner (IDPC) which is at Floor 2, Airways House, Triq il-Kbira, Tas-Sliema and can be reached on 2328 7100.
CHANGES TO OUR PRIVACY NOTICE
We may change this notice from time to time in the future. Changes to our privacy policy will be notified to the data subjects through the preferred means of communication.