Privacy notice for the 4Kscore Test
Updated on 12.11.2018
12618 Tallinn, Estonia
Tel: +372 606 6969
Fax: +372 670 1219
In addition to AS KEVELT, all healthcare facilities providing the 4Kscore Test, act as data controllers.
4Kscore Test – a blood test for evaluating the patient’s risk of having aggressive prostate cancer
Data subject – patient, whose data is being processed as a part of the 4Kscore Test
Legal basis and purpose for processing personal data
The purpose of processing the patient’s personal data is to perform the 4Kscore Test.
The legal basis to process the patient’s personal data is the explicit consent form that You have previously signed, prior applying for the 4Kscore Test.
What data is being processed?
The following data is being processed as part of the 4Kscore Test:
– Information about which healthcare provider was used to order the 4Kscore Test
– Patient’s personal ID number
– Digital rectal exam result (if performed)
– Prior biopsy result (if performed)
– tPSA, iPSA, fPSA and hK2 biomarker concentrations
– 4Kscore Test result
From where do we receive data?
We receive data primarily from the patient himself, from the healthcare provider and from the laboratory performing the analysis.
To whom do we disclose and transfer the data, do we transfer data outside the EU or EEA?
AS KEVELT and the healthcare provider offering the 4Kscore Test act as data controllers. In addition the controllers, local data inspectorate can have access to your data, in accordance to applicable law.
In addition to data controllers, data processors are used to provide the 4Kscore Test. All processors meet the necessary requirements for technical and organizational security measures for the protection of personal data. The data processors are laboratories that handle the blood samples.
The personal data is being sent to the United States of America, outside of European Union. This is necessary, because the blood samples are analyzed in a lab situated in USA. The lab also administrates the web based ordering system that is used to send data between healthcare providers and the laboratory. The servers that are used to store and process the patient’s data are also in USA.
How do we protect the data and for how long do we store them?
Only the persons, who due to their working duties are involved with the 4Kscore Test, have access to Your personal data. Each user has a personal username and password to the systems. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and backup copies of them are stored in locked premises and can be accessed only by certain pre-designated persons.
The results of the 4Kscore Test become a part of healthcare provider’s patient register, in which the data is stored, based on legislation. Some parts of your data are stored for up to 20 years, and potentially longer, where necessary to meet their legal and regulatory needs and obligations related to 4Kscore® test, including in situations where you may have withdrawn your consent.
What are your rights as a data subject?
As a data subject, you have the right to receive information about the processing of your personal data. You have the right to inspect the personal data concerning yourself, the right to demand rectification or erasure of inaccurate, obsolete, unnecessary or illegal data.
Insofar as the processing is based on consent, you have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent. Please note that if You withdraw Your consent, the 4Kscore Test cannot be performed.
As a data subject you also have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority of the processing of data.
Who can you contact?
All contacts and requests concerning this privacy notice must be submitted in writing or in person to the contacts listed on the top of the page.
Changes to the privacy notice
We will place all the amendments regarding the privacy notice visible on our website dated. We recommend that you visit our webpage from time to time to ensure you are aware of any amendments made.