DATA PROTECTION CLAUSE
GENinCode takes the privacy of personal data from the Users very seriously and undertakes to implement all the required measures and policies to protect and grant such privacy on any personal data controlled and/or processed by GENinCode.
GENinCode complies with the terms of data protection, and in accordance with Regulation (EU) 2016/679 of the European Parliament and Council, of 27 April (“GDPR”) and with any related applicable laws and regulations. Therefore, any Personal Data collected from the GENinCode website www.genincode.com or from any other domain or subdomain owned and controlled by GENINCODE, including SITAB platform for Health Care Professionals (“Website”) and/or its social media profiles (LinkedIn, Tweeter, Facebook etc.), will be handled and processed in accordance with this legislation.
“Data Controller”’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Data Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
“Health Care Professionals” means physicians or any other health care professionals such as hospitals, nurses and other professionals offering specialized health care services (e.g., Genetists, laboratory technicians and medical experts etc.).
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“User” means any person using and acceding the Website and/or the social media profiles pertaining to different subject categories which includes, but it is not limited to general users of the Website and social media, Health Care Professionals, patients or consumers, notifying third parties, job applicants, clients, suppliers and collaborators.
DATA COLLECTED BY GENINCODE
GENinCode may collect Personal Data from the following sources:
- Directly from the User: The User provides the data through the Website (e.g., application/contact forms/e-mail) or through the Social Media Profiles.
- Cookies and similar technologies: GENinCode uses different technologies to collect information when Users log into the Website. For further information, please see our Cookies Policy section.
- Indirectly from the Health Care Professionals: The Health Care Professionals, through SITAB platform or by other means (e.g., e-mail, fax etc.) may send Personal Data with the exclusive purpose of providing the genetic testing services.
Please note that the Health Care Professionals are usually permitted to collect, store, use and share this information under GDPR regulations. In those cases, GENinCode acts as a Data Processor on behalf of the Health Care Professionals who are the Data Controller. In all cases, GENinCode will only process personal and sensitive Personal Data for the intended use, previously unlinked and pseudonymised and as expressly instructed by the Health Care Professionals and always following GDPR regulations.
The Personal Data used, handled, processed, and stored by GENinCode can be classified in the following general groups or categories:
- Identification data and contact details: Name, address, date of birth, gender, nationality, Tax ID number, ID or Passport number, telephone, fax, e-mail, etc.
- Health or sensitive data: Clinical data (specifically needed for the provision of the genetic testing services), results of laboratory tests and genetic recommendation reports.
- Professional/academic data: Profession related data (e.g., position, medical speciality, health institution etc.), academic degrees, spoken languages, CV, etc.
- Economic data: bank account
- Log in data: Log in passwords
USE OF THE PERSONAL DATA
Personal Data will be used for the following purposes:
- Commercial management of our contacts and customers and to ensure the correct management of budgets, offers, promotions, news, billing, payment collection and customer support.
- User management, to respond to inquiries through the Website and obtain feedback on our services, products and content.
- General management to improve and personalize the user experience and adjust the content of the Website accordingly.
- Transmitting information and personalized content that may be of interest to the User.
- Management of GENinCode newsletter and other commercial communications
- Improving the quality of our services and products.
- For the prevention of fraud, violation and any other possible misuses of the website and/or its applications.
- Management of job applicants and the selection processes of GENinCode.
- Management of requests from Health Care Professionals for the provision of the genetic test services through the SITAB platform.
- To respond to the requirements of the public or judicial authorised authorities.
- Any other purpose imposed by the law or legal authorities who will be able to collect the Personal Data.
CONSENT AND LEGITIMATE INTEREST
By accepting this Personal Data protection policy, the User accepts the above indicated information and Personal Data processing.
The Personal Data processing is legitimized according to article 6.1.a) of the GDPR, upon the implicit or explicit consent of the User as well as according to article 6.1.f) of the GDPR as there is a legitimate interest pursued by the Data Controller which met the legally established requirements for the legitimate processing of data.
GENINCODE either as Data Controller or Data Processor will carry out a treatment in a lawful, loyal, transparent, adequate, pertinent, limited, exact and updated manner to protect the User’s Personal Data integrity and granting the User’s rights.
PERSONAL DATA DISCLOSURE
Upon the User consent, or where applicable under the relevant legal exceptions for legitimate purposes, the User’s Personal Data may be disclosed to the following recipients:
- Other GENinCode group companies.
- Information technology systems’ providers who host the Website and SITAB platform.
- Services’ suppliers who access, store, or process the User’s Personal Data on GENinCode’s behalf as Data Processors or subcontracted Data Processors (e.g., Analytical Laboratory, Health Care Professionals, Legal and Tax advisors, Auditors), under strict conditions of confidentiality and security.
Exceptionally, the User’s Personal Data may be disclosed to legal or regulatory authorities as may be stipulated by law.
The Personal Data shall not be transferred to any third party without the User’s prior written consent. Nor shall it be used outside of the cases defined herein and in the data protection legislation.
In the case that any of the communications referred to above may involve the transfer of Personal Data outside the European Economic Area (EU member states plus Iceland, Liechtenstein and Norway) GENinCode will guarantee their protection by (i) applying the required level of protection according to GDPR regulations and any applicable local legislation about data protection/privacy applicable to GENinCode, (ii) exclusively transferring Personal Data as per the standard contractual clauses approved by the European Commission, and (iii] to sum up, should consent by the data subject be the Legal basis for the processing.
GENinCode will retain and/or store the Personal Data in accordance with the applicable law and as long as they are necessary for the purposes described in this Privacy Notice. Furthermore, we hereby notify you that your data shall be kept throughout your affiliation with GENinCode, or until you exercise you rights for the removal or deletion of your data. In the case of general consultation, your data shall be kept for at least five years from the last notification. All Personal Data is destroyed when it is no longer needed.
Users may exercise their rights of access, rectification, cancellation, destruction or opposition, or limit the treatment of data transfer by notifying: GENinCode, Rambla d’Egara, 235, 08224 – Terrassa (Barcelona) – or by emailing: email@example.com
In either case, a copy of your National ID card (DNI) or passport must be attached.
The User is also entitled to file a complaint with the relevant Data Protection Agency (“DPA”) of your EU country (list of DPA in the EU: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).
For any questions and requests regarding to GDPR regulations and Personal Data use and processing within the UE or related to UE citizens, please contact us at:
Rambla d’Egara 234, 4ºC 08224 Terrassa (Spain)
DPO contact: firstname.lastname@example.org
According to the GDPR regulation GENinCode declares that applies the security technical, administrative, and organisational measures to protect the Personal Data collected against accidental or illicit destruction, alteration, disclosure or unauthorised access, especially when the processing implies the transmission of data over a network and in regard to any other illicit form of processing.
Last updated: June 2021