LEGAL BASIS

PERSONAL DATA PROCESSING BY BIOBANK UNDER THE GDPR

1. Purpose of data processing

Goals

The processing is aimed at traceability of the bone tissue from harvesting to bone transplant. It ensures that BIOBank fulfils the regulatory requirements, including the good practice rules required by ANSM for the collection of human tissue for therapeutic use, transplantation and follow-up of transplant patients.

Legal basis

Article 6 (1) of the General Data Protection Regulation – GDPR

Processing Manager and Data Protection Officer

Processing Manager

The above mentioned processing is carried out by BIOBank …..Le traitement mentionné ci-dessus a pour responsable BIOBank localisé au 3 rue Georges Charpak – 77127 LieusaintTh.

Data Protection Officer

BIOBank’s Data Protection officer is Mr. Grégoire EDORH. He can be contacted by post or by e-mail at 3 rue Georges Charpak – 77127 Lieusaint – 01.64.42.00.75 – gedorh@biobank.fr.

3. Processed Data

Categories of Data processed and Data subjects

Identification Data and professional contact details for donor surgeons, transplant surgeons, local biovigilance correspondents, depot managers, any person named in signed agreements and service providers working with BIOBank. Identification Data and Sensitive Personal Data for bone tissue donors and transplant patients.

Data recipient

Depending on their respective needs, the following departments at BIOBank are recipient of all or part of the Data: administrative, commercial, collection and quality.

Transfer of Data to third parties

No Data transfer is made except to the medical analysis laboratory receiving the donor’s blood samples, to the delocalized archiving service provider and to the competent authorities in case of a biovigilance investigation.

Data retention period

The Data is kept for 30 years from the expiry date of the products.

4. Rights to the processed Data

Access to Data

Data subjects may access and obtain Data concerning them, object to the processing of such Data, have them rectified or deleted. They also the right to limit the processing of their Data.

Exercise of their rights

The Data Protection Officer is the contact person for any request to exercise rights in relation to this processing. The DPO can be contacted by e-mail or post.

Complaint to the CNIL (Commission Nationale Informatique et Libertés)

It is possible to lodge a complaint with the CNIL if Personal Data rights are not respected.