Data Protection Policy

Preamble

MIMAMSIA GmbH (MIMAMSIA) offers genetic data analysis and interpretation services in the field of rare hereditary disorders. MIMAMSIA particularly focuses on data derived from Whole Exome and Whole Genome sequencing that have previously resulted in negative findings. MIMAMSIA aims to bring solutions to the forefront of all genetic testing whereby we assist medical professionals with respect to emerging information in the technical and medical field and challenge the negative datasets with new information in order to gain positive insights into the genetic etiology behind the patient’s phenotype. MIMAMSIA is commited to increase the diagnostic accuracy from large next generation sequencing datasets and reduce the financial risk and burden from the patient and their respective healthcare providers by adopting an outcome based invoicing approach. In order to duly fulfil its services, MIMAMSIA uses personal information that allows improve diagnostic accuracy and broaden its reach to support as many patients, physicians and health organizations across the world. MIMAMSIA is commited to respect and protect the privacy of individuals and the associated data that can identify them as a person. Thereby, MIMAMSIA process all personal data lawfully, fairly and in a transparent manner and in accordance with its responsiblities under European Union – General Data Protection Regulation (EU-GDPR). The Privacy provisions below describe the type, scope and purpose of collecting, processing and utilizing personal data. This policy is periodically reviewed to improve the safety and security of any personal information related to an individual or an entity.

 

Definitions

GDPR means the General Data Protection Regulation.

Patient means an individual on whose sample genetic analysis has been performed and requests his data to be analyzed by MIMAMSIA

Customer means either a requesting physician, a health care provider or a clinical lab requesting the services or interested in requesting services from MIMAMSIA.

Website means website maintained by MIMAMSIA, www.mimamsia.com

 

Responsible Data Protection Officer

Inquiries regarding your stored personal information, its correction or deletion of any such data can be directly addressed to our data protection officer Shivendra Kishore via Shivendra.Kishore(at)mimamsia(dot)com

 

Categories of data being acquired, controlled and processed by MIMAMSIA

1.     Patient Data

  • This data is collected through the respective consent as provided by the patient through his/her Physician or the referral laboratory. MIMAMSIA has a legitimate interest in verifying and maintaining accurate records of the true identity of the person being analyzed, and being able to unambiguously identify and track the patient’s identity within our system. Personal medical information allows us to eliminate any reporting of incidental findings and identify only the variants consistent with the phenotype. Collected patient data may include
    - Name
    - Date of birth
    - Gender
    - Age
    - Family relations
    - Address
    - Ethnicity
    - Nationality
    - Consent
    - Medical information related to the patient as provided by the physician
    - The specimen type on which sequencing was previously performed
    - Information on Patient’s insurance
    - Identifiable genetic information
    - Information on previous tests performed and results

  • MIMAMSIA uses the patient related data only to the extent that is absolutely necessary to perform the requested analysis, and related activities as billing.

  • Patient related personal data is not used for any other purposes unless explicitely authorized to do so.

  • When sharing the genetic finding data on a general level for eg. in public databases, to improve the quality of overall global services in genetic testing field, MIMAMSIA ensures that such findings are completely de-identified and no identifying information is ever revealed

  • Patient who have consented to research use of the data for the benefit of other patients and/or global scientific community, have their data pseudoanonymzed and shared under utmost confidentiality.

  • Patient related data is stored for a minimum of 20 years.

  • The consent to use and store data can be revoked at any time by notifying us in writing.

2.     Customer data

  • MIMAMSIA collects certain personal data from our customers. Our legitimate interest for collecting and processing this data is in maintaining accurate records of the business we conduct, accurately outlining the customer contract, managing our customer relationships, accurately keeping records of the interests of our customers, timely communication with our partners with respects to findings and pertinent issues, to maintain acurate financial records, for marketing and further developing our business. Customer data may include
    - Name
    - Email
    - Phone number
    - Fax number
    - Address
    - Affiliation
    - Designation
    - Specialization
    - Billing information

  • Customer personal information is used to fulfill contractual obligations like processing of orders, discussing or delivering the findings of the requested analysis.

  • MIMAMSIA may contact the customers to send notifications that may have high importance for them or their patients. The information content shared relate to topics such as product, technology or pricing

  • Customer data may also be used for internal purposes to continuously improve our services.

  • No reference to the customer will be made to the Third Party without the prior explicit consent of the involved customer. 

3.     Website user data

  • To optimize our web presence and to enhance your user experience, MIMAMSIA uses cookies like all other professional websites. Cookies are small text files stored in your computer’s memory.
    - The short term session cookies do not contain any personal identification information and are deleted after you close your browser.
    - The long term cookies remain on your computer that allows your recognition upon subsequent visit, thereby allowing faste and more convenient access to our site.
    - Our site uses analytics to track and measure user behaviour such that we can continue to produce engaging content. These track things such as how long one spends on the site or popular contents visited, which keywords drive a user to our website, distribution of visitors based on geography, operating systems and browsers used. This information helps us to understand how we can improve the site for you and make more relevant content easily accessible to you.

  • You can prevent storage of cookies by choosing a "disable cookies" option in your browser settings. But this can limit the functionality of our Internet offers as a result.

  • You can opt-out from being tracked by Google Analytics by installing Google Analytics deactivation add-on for your web browser

4. Data transmitted through webcontact form or addressed to MIMAMSIA via email

  • This form of data includes
    - Name
    - Email address
    - Content or any personal information that was provided by the individual on the contact form or email.

  • Personal information gathered through this source is solely stored and used for the purpose of addressing the individual query and to offer the best possible support.

 

Data Subject Rights

If any personal information was collected, under certain circumstances the individual can exercise the following rights under data protection laws (Chapter 3 of GDPR):
- Request information on what personal data is being processed, why and who else is the data shared with.
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data, when the personal data is no longer required for the purposes it was collected for.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data as it has been provided by an individual.
- Right to withdraw consent.
- Rights in relation to automated decision making and profiling whereby Data Subjects have the right not to be subject to a decision based solely on automated processing.

For further details on individual topics please refer to https://eugdpr.org/. If an individual wishes to exercise any of the rights above, please address the data protection officer at MIMAMSIA with the contact information provided above. We will respond to your request within a maximum of 30 days from the day the request is sent.

 

MIMAMSIA’s Data Protection Principles

  • All data processed by MIMAMSIA are done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests

  • Where consent is relied upon as a lawful basis for processing data, evidence of opt-in  consent is kept with the personal data.

  • Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent is available and executable.

  • MIMAMSIA ensures that personal data collected are adequate, relevant, up to date and limited to what is necessary in relation to the purposes for which they are processed.

  • MIMAMSIA undertakes reasonable steps to ensure personal data is accurate.

  • To ensure that personal data is kept for no longer than necessary, MIMAMSIA has an archiving policy for each area in which personal data is processed. Genetic data is stored maximum for a period of 20 years.  

  • MIMAMSIA ensures that personal information is processed and stored securely. Access to personal data is limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information. This is done through managing access rights, encrypting data whereever possible, integrating up-to-date software security to prevent any unauthorized access to personal content.

  • When personal data is deleted MIMAMSIA ensures that this is done safely such that the data is irrecoverable.

  • Appropriate back-up and disaster recovery solutions are in place to prevent anyaccidental loss of data.

  • In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, MIMAMSIA shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the parties involved.

Any queries regarding the privacy of your information, or about  the information in this statement can be addressed to the data protection officer under contact information provided above.

 

Changes to this Policy

Services of MIMAMSIA may change in an attempt to improve over time that may have an impact on how we are collecting and processing the personal data. MIMAMSIA checks this Policy at regular intervals for compliance with legal provisions, the statements of the supervisory authorities as well as for alignment with emerging trends and the development of the technical state-of-the-art. In order to adapt, MIMAMSIA therefore reserves the right to ammend the Data Protection Policy at any time. We kindly request to inform yourself in regular intervals about the Privacy policy valid at that point of time.

The current Data Protection Policy is effective from November 7th 2018.