PERSONAL DATA PROCESSING BY BIOBANK UNDER THE GDPR
1. Purpose of data processing
The processing is aimed at traceability of the bone tissue from harvesting to bone transplant. It ensures that BIOBank fulfils the regulatory requirements, including the good practice rules required by ANSM for the collection of human tissue for therapeutic use, transplantation and follow-up of transplant patients.
Article 6 (1) of the General Data Protection Regulation – GDPR
Processing Manager and Data Protection Officer
The above mentioned processing is carried out by BIOBank …..Le traitement mentionné ci-dessus a pour responsable BIOBank localisé au 3 rue Georges Charpak – 77127 LieusaintTh.
Data Protection Officer
BIOBank’s Data Protection officer is Mr. Grégoire EDORH. He can be contacted by post or by e-mail at 3 rue Georges Charpak – 77127 Lieusaint – 01.64.42.00.75 – email@example.com.
3. Processed Data
Categories of Data processed and Data subjects
Identification Data and professional contact details for donor surgeons, transplant surgeons, local biovigilance correspondents, depot managers, any person named in signed agreements and service providers working with BIOBank. Identification Data and Sensitive Personal Data for bone tissue donors and transplant patients.
Depending on their respective needs, the following departments at BIOBank are recipient of all or part of the Data: administrative, commercial, collection and quality.
Transfer of Data to third parties
No Data transfer is made except to the medical analysis laboratory receiving the donor’s blood samples, to the delocalized archiving service provider and to the competent authorities in case of a biovigilance investigation.
Data retention period
The Data is kept for 30 years from the expiry date of the products.
4. Rights to the processed Data
Access to Data
Data subjects may access and obtain Data concerning them, object to the processing of such Data, have them rectified or deleted. They also the right to limit the processing of their Data.
Exercise of their rights
The Data Protection Officer is the contact person for any request to exercise rights in relation to this processing. The DPO can be contacted by e-mail or post.
Complaint to the CNIL (Commission Nationale Informatique et Libertés)
It is possible to lodge a complaint with the CNIL if Personal Data rights are not respected.