About us
Cerba is a leading reference in specialized medical biology in France and internationally. For over 50 years, it has been leveraging its medical expertise and strong capacity for innovation to serve patients, healthcare professionals, and the pharmaceutical industry.
Our expertise
Since 1967, Cerba has been leveraging its expertise and innovation to serve healthcare. Recognized in France and internationally, our laboratory is a leading player in specialised medical biology, offering a high level of excellence for patients and healthcare professionals.
Training and resources
We are committed daily to placing medical biology at the heart of the care pathway to improve patient management in terms of prevention, diagnosis, and monitoring of diseases. This involves medical and technical expertise, innovation, as well as a range of training programs and a constantly evolving array of services and tools.
Our news
Contact us

Politique de protection des données

Data Protection Policy

Introduction

Laboratoire Cerba, whose registered office is located at:
ZAC DES EPINEAUX, 10-12 Avenue ROLLAND MORENO, CS 51312, 95740 FREPILLON, processes your personal data as part of its medical biology activities, in compliance with the applicable legislation.

This policy provides you with information on how your personal data is processed by Laboratoire Cerba.

This policy is updated regularly to reflect legislative and regulatory changes, as well as any changes within the organization or in the processing it carries out.

This policy was last updated on February 16, 2022.

Who are we ?

Cerba, a medical biology laboratory, is responsible for the personal data of its patients, the employees of its partners (suppliers or clients), and job applicants.

What are our commitments ?

We are committed to complying with the applicable regulations for all personal data processing activities we carry out. Accordingly, we undertake to respect the following principles:

We process your personal data lawfully, fairly, and transparently.
We collect your personal data for specific, explicit, and legitimate purposes and do not process it in a way that is incompatible with those purposes.
We ensure that personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
We make every effort to ensure that personal data is accurate and, where necessary, kept up to date. We take all reasonable steps to ensure that inaccurate personal data, with regard to the purposes for which it is processed, is erased or rectified without delay.
We retain your personal data in a form that permits your identification only for as long as necessary for the purposes of the processing.
We guarantee an appropriate level of security for the personal data we process.

These commitments are reflected as follows:

We respect your privacy.
We ensure that the protection and security of your personal data are at the heart of our concerns.
We do not use your personal data for purposes that have not been brought to your attention.
We do not consider that your personal data should be stored indefinitely.
We do not sell your personal data to third parties.
We work with trusted partners who provide sufficient guarantees regarding the implementation of technical and organizational measures, so that our processing activities meet the requirements of the applicable regulations.
We respect your rights as a data subject and as a patient, and we make every effort to respond to your requests whenever they are legitimate.

How do we collect your personal data?

Your personal data has been entrusted to Laboratoire Cerba by the medical biology laboratory that performed your sampling, your healthcare facility, or your prescribing healthcare professional who carried out the sampling.

As part of colorectal cancer screening, the data was provided directly by you through the identification form.

What personal data do we process and for how long?

We remind you that personal data refers to any information relating to an identified or identifiable natural person (the “data subject”), such as your first and last name, your postal address, or health-related data.

We are committed to processing only the personal data that is strictly necessary for the purposes for which it is collected, and to retaining it only for as long as required for those purposes.

The categories of personal data we process are as follows:

Processing Activities	Legal Basis	Categories of Personal Data	Retention Period (active database)*
Laboratory management (for the purpose of performing your analyses, interpreting and transmitting your results, and managing the laboratory’s administrative tasks)	Performance of the contract / Legal obligation to maintain the medical record	Identification data, health data, and social security number	5 years
Website management	Legitimate interest (management of account creation, logins, contact requests, newsletter)	Identification data, connection data, contact management data, newsletter management data	3 years from the last contact / 6 months for login logs
Monitoring and recording of calls made to the Customer Relations Department	Legitimate interest (improving service quality, employee training, employee evaluation, close management)	Identification data, health data	90 days from the recording
Anonymization of data associated with sampling residues for reuse for scientific or quality control purposes	Legitimate interest (implementation of specific safeguards related to processing for scientific research purposes)	Identification data, health data	Not applicable
Recruitment	Performance of pre-contractual measures	Identification data and data relating to the candidate’s professional background	2 years from the submission of the application (unless opposed)
Supplier management	Performance of the contract	Identification data, professional data	3 years from the end of the contractual relationship
Client management	Performance of the contract	Identification data, professional data	3 years from the end of the contractual relationship

* At the end of the active retention period, the data may be kept in intermediate archiving for longer durations, particularly if their retention is required by applicable regulations or to safeguard the rights and interests of Laboratoire Cerba where longer statutory limitation periods apply.

Who can access your personal data?

Your data will only be disclosed to authorized members of the laboratory or to those who need to access it.

Patient data may also be shared with the following recipients:

the medical biology laboratory, healthcare facility, or prescribing healthcare professional (unless you object) at whose request the sampling and analyses were carried out;
public authorities (such as SI-DEP) and organizations mandated by the French National Health Insurance Fund (CNAM) within the framework of the national colorectal cancer screening program;
health insurance organizations;
reference medical biology laboratories to which, if necessary, your samples are sent for analysis;
subcontractors, trusted service providers of the laboratory, in particular for IT services or debt collection.

We make every effort to ensure that the number of people with access to your data is kept as limited as possible.

We only provide our trusted service providers with the information strictly necessary for them to deliver their service, and under no circumstances may they use your personal data for any other purpose.

We always make our best efforts to ensure that all our trusted service providers maintain the security of your data.

We also ensure that, when our relationship with a trusted service provider comes to an end, the provider deletes your personal data without delay.

We carefully select our trusted service providers, ensuring that they provide sufficient guarantees, particularly in terms of expertise, reliability, and resources, to implement the technical and organizational measures required to meet the applicable legal requirements, especially regarding security. In this respect, we ensure that our trusted service providers process personal data solely on our documented instructions. We also ensure that their staff is committed to confidentiality or subject to an appropriate legal obligation of confidentiality.
Quelles garanties en cas de transfert des données hors Union européenne ?

Lorsque les données personnelles vous concernant ont été confiées au Laboratoire Cerba par un correspondant situé hors de l’Union européenne, qui a lui-même réalisé votre prélèvement, les résultats lui sont communiqués par nos soins de manière sécurisée et leur transfert est réalisé dans le respect des articles 45 et suivants du RGPD.

What are your rights as a data subject?

You have the right to access, object to, rectify, and erase your personal data, as well as the right to restrict its processing.

For more information regarding your rights, please visit the website cnil.fr.

You may exercise your rights by:

Email, at the following address: rpd.cerba@lab-cerba.com
Postal mail, at the following address, for the attention of the Data Protection Officer (RPD):
LABORATOIRE CERBA – ZAC DES EPINEAUX – 10 Avenue ROLLAND MORENO, 95740 FREPILLON

If you believe, in particular after contacting us, that your rights have not been respected, you may lodge a complaint with the CNIL (French Data Protection Authority).