Lifetime value
Private & secure
Decoding 100% of DNA
Your privacy is our top priority at genEplanet, personal genetics, d.o.o. (“GenePlanet”). GenePlanet is committed to the responsible handling of your Personal Data, which is secured at all administrative, technical, and physical levels.
By agreeing to this Privacy Policy, you agree to allow genEplanet d.o.o., (Cesta na Poljane 24, 1000 Ljubljana, Slovenia) to collect, process, and store your personal data (including your genetic information) in accordance with the content of this Privacy Policy.
This Privacy Policy describes:
· how we collect and process your Personal Data and for how long,
· who the recipients of your Personal Data are,
· what technical and organisational measures are implemented in order to secure your Personal Data,
· your legal rights and how to exercise them.
For the purposes of this Privacy Policy:
· Personal Data pertains to any information relating to an identified or identifiable individual (‘data subject’); an identifiable individual is one who can be identified, directly or indirectly, in particular by indicating an identifier such as a name, identification number, location data, web identifier, or by indicating one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
· Controller pertains to a natural or legal person, public authority, agency or any other body that, alone or jointly, determines the purposes and means of processing Personal Data.
· Processor pertains to a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.
· Processing pertains to any operation or set of operations carried out on Personal Data or sets of Personal Data (using or not using automated means), including collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, adapting or combining, restricting, deleting or destroying.
Legal grounds for processing data refer to the legal grounds for Personal Data processing by the Controller in the following circumstances:
· with the Consent of the individual concerned,
· with a Contractual obligation between you and the Controller (or a third party),
· to meet compliance with legal obligations (under applicable legislation),
· to protect your vital interests or those of a third person,
· when processing is necessary for the performance of tasks carried out in the public interest,
· for the legitimate interests of GenePlanet or a third party, if these are not overridden by fundamental rights and freedoms of the person whose data is being processed.
2. HOW WE OBTAIN YOUR PERSONAL DATA
GenePlanet collects Personal Data:
· Directly from you
Account information is the information required for the creation of an account
Additional information provided through your account related to your lifestyle or health
Shipping information and billing information (if applicable)
Biological sample
· From business partners
From Distributors, Laboratories, Insurance companies, and other trusted business partners who obtain your Personal Data based on the agreement you have entered into through informed Consent. Partners only provide us with the Personal Data needed for our services.
· Analysis derived data
From our internal laboratory or by trusted third-party providers, we receive the analysis data related to the Product you have ordered, performed on the biological sample sent to us.
· Web behaviour information is collected through tracking technology (e.g., from cookies and similar technologies) based on our Cookie Policy.
· Details on personal data processing
This section provides detailed information on:
· which Personal Data we collect,
· for what purposes,
· based on what legal grounds,
· how long your Personal Data is retained.
VeniSafe;
A DNA test (based on a saliva sample) that detects an increased risk of deep vein thrombosis and pulmonary embolism through the presence of genetic variants that have a proven association to an increased risk.
· PERSONAL DATA
relevant personal history of cardiovascular disease
condition/age of onset
known genetic variants related to venous thromboembolism
relevant family history of cardiovascular disease
condition/age of onset/relationship
known genetic variants related to familial venous thromboembolism.
· RETENTION PERIOD
GenePlanet will retain your Personal Data and your biological sample for 5 years after the test results are released.
Cancer Screen;
A DNA test (based on a saliva or blood sample) that detects selected mutations with a proven link to an increased risk of certain types of cancer
· PERSONAL DATA
patient’s medical history
patient's family medical history
known hereditary mutations
· RETENTION PERIOD
GenePlanet will retain Personal Data and your biological sample for 5 years after the test results are released.
Lifestyle DNA, MyLifestyle,MyAncestry, MyOral, MyHealth, and Premium;
DNA tests based on the association between numerous genetic variants and individual dietary and body needs. The Personal nutrigenetic guide identifies an individual’s specific characteristics and guides them on the path to optimal health and well-being.
· PERSONAL DATA
Raw DNA data
· RETENTION PERIOD
GenePlanet will retain Personal Data and your biological sample for 5 years after test result release(for “One-time Products”) and 5 years after fulfilment of the agreement for “Continuous Products”.
MyHeart;
A blood test of crucial cardiovascular blood marker analyses with the intent of protecting your health through Personalised recommendations.
· PERSONAL DATA
Blood marker values
· RETENTION PERIOD
GenePlanet will retain Personal Data for 5 years after the test results are released.
Health Score and Food ID;
An algorithm based on the results of other analyses and provided information (Habits questionnaire, Body measurements, and Blood test results).
· PERSONAL DATA
Body measurements and values
· RETENTION PERIOD
Personal Data added manually to the account is deleted only upon your request for data deletion or after the purpose is fulfilled (exercising your “right of erasure”).
PGx (brand name: MyPharmaGenetics / MyMeds);
A DNA pharmacogenomics test based on a saliva sample. The test determines the presence of genetic variants with known effect on the metabolism and response to medications.
· PERSONAL DATA
Name
Surname
Date of birth
Contact information(telephone number/email)
Raw DNA data
· RETENTION PERIOD
GenePlanet will retain the Personal data and your biological sample for 5 years after the test results are released.
Order & Delivery
If you purchase a Product from GenePlanet, we need to collect the Personal Data listed below in order to deliver the testing kit, based on which you will provide us with your biological sample (saliva or blood).
We also request your phone number and e-mail address to contact you if the information you have provided is incorrect or we have any additional information about your Product order. We will also use your Personal Data for any communication you initiate pertaining to questions regarding your purchased Products.
Payment of the order is provided by third-party payment providers in accordance with their Privacy Policies.
GenePlanet will not receive any of your personal payment details (e.g., credit card information), only information on payment status(paid, not paid).
Data Collected:
1) Shipping Information
· First name
· Last name
· Street address
· Postal code
· City
· Country
· Mobile number
· E-mail address
2) Billing information (only if different from shipping information)
· First name
· Last name
· Street address
· Postal code
· City
· Country
· E-mail address
We receive the following information from third-party payment providers:
· Information about successful payments.
Legal Grounds:
A Contract between GenePlanet and the individual (Terms and Conditions of Products purchased).
Retention Period:
Ten years from the date of purchase, or permanently when required by relevant legislation.
Invoice processing & archiving
GenePlanet will issue an invoice for each purchased Product based on applicable legislation, and archive said invoice for a legally defined period. The invoice includes Personal Data.
Data Collected:
· Name
· Surname
· Address
Legal Grounds:
Legal Obligation
Retention Period:
Ten years from the end of the year when the invoice was issued.
Sample collection, analysis, and test report preparation
After purchasing GenePlanet’s Products, you will be asked to provide us with a biological sample (saliva or blood) using a testing kit you receive (this may only be relevant for certain Product types) to your address.
Your biological sample and answers to the questionnaire (which is part of the online onboarding process) are required prior to the analysis of the selected Product in order to obtain the relevant information to provide you with your Test Results.
For certain Products, this information can also be provided by your selected physician, in accordance with the agreement between you and the selected physician.
“One-time Products”
You will receive the Test Results in a machine-readable format on your account. Your Personal Data and Unused Biological Sample will be kept for 5 years after the test results are released.
“Continuous Products”
In case you purchased a Product that contains various analyses and content that will be delivered throughout a longer period of time, your Unused Biological Sample and Personal Data will be kept for 5years after fulfilment of the agreement, on the grounds of our legal obligations.
Data Collected:
Directly from you:
· Biological sample (saliva, blood)
· Answers from the questionnaire included in the Testing Kit or provided through the online onboarding process.
Derived Data: based on the analysis of a third party (the laboratory carrying out sample analysis),depending on the purchased Product.
Legal Grounds:
Personal Data processing is carried out based on the legal grounds provided by your Product purchase (Terms and Conditions and our agreement).
However, considering that processing includes special categories of Personal Data, we also need your explicit Consent to process these data categories. Without Consent, we will be unable to provide you with your Test Results.
Retention Period:
5 years after the test results are released for “One-time Products” and 5 years after fulfilment of the agreement for “Continuous Products”.
Marketing Communications
You can give GenePlanetConsent for sending you e-mails related to our new products, offers or any other promotional notifications.
Data Collected:
· E-mail
Legal Grounds:
Consent
Retention Period:
Until Consent is withdrawn.
Research purposes
GenePlanet can process Personal Data for research purposes to gain new potential insights/findings in science (e.g., novel genetic variant role discovery).
By giving Consent, you agree that your Unused Biological Sample and Personal Data can be saved and further processed for the purpose of research. Your Unused Biological Sample and Personal Data will be stored in pseudonymised form until you request their destruction. In cases when they are used for research purposes, they will be anonymised.
Data Collected:
· Relevant Personal Data is obtained from GenePlanet’s purchased Product analysis.
Legal Grounds:
Consent
Retention Period:
Until your request for deletion and destruction.
Online advertising
In certain cases, as described in our Cookie Policy, we process Personal Data for the purposes of online advertising by uploading cookies (or similar tracking technologies).
Data Collected:
As defined by the CookiePolicy
Legal Grounds:
Consent
Retention Period:
In accordance with relevant cookie validity or until you withdraw your Consent or delete cookies.
Analytics and statistical research
In certain cases, as described in our Cookie Policy, we process your Personal Data for the purposes of analytics and statistical research, by uploading cookies (or similar tracking technologies) related to the use of the GenePlanet website and other relevant searches.
Data Collected:
As defined by the CookiePolicy
Legal Grounds:
Consent
Retention Period:
In accordance with relevant cookie validity or until you withdraw your Consent or delete cookies.
Under certain circumstances, GenePlanet may be required to process Personal Data under laws, judicial or other proceedings in order to meet legal requirements or enforce contractual obligations of GenePlanet.
Data Collected:
As required for each individual purpose.
Legal Grounds:
Legitimate interest
Retention Period:
Until the expiration of relevant limitation periods, as defined and in accordance with applicable legislation.
3. SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
Your Personal Data is not shared or sold to third parties, except in the cases described below.
Employees of GenePlanet
Employees having access to your Personal Data are limited to those who have a “need to know basis” to ensure that you receive the purchased Products and are bound by the confidentiality agreement.
Contractual processors of Personal Data
We involve certain third parties which enable your Product purchase and delivery. Your Personal Data is only processed for purposes defined in this Privacy Policy, subject to GenePlanet’s documented instructions. Contractual processors are involved for:
Biological sample analysis
We engage trusted and certified laboratories where your biological samples are tested. The laboratory depends on the Product you have purchased.
VeniSafe
· Type of processing
SNP (saliva)
· Laboratory
LGC Genomics LTD
· Location of processing
Copenhagen (Denmark)
Cancer Screen
· Type of processing
Targeted NGS (saliva orblood)
· Laboratory
BGI Europe
· Location of processing
Copenhagen (Denmark)
MyLifestyle, MyHealth, MyAncestry, MyOral and Premium
· Type of processing
WGS (saliva)
· Laboratory
Novogene LTD
· Location of processing
Cambridge (United Kingdom)and Beijing (China)
Lifestyle DNA (old products)
· Type of processing
SNP (saliva)
· Laboratory
LGC Genomics LTD
· Location of processing
Hoddesdon (United Kingdom)
PGA / HealthPlan
· Type of processing
SNP (saliva)
· Laboratory
LGC Genomics LTD
· Location of processing
Hoddesdon (United Kingdom)
MyHeart
· Type of processing
Blood markers (blood)
· Laboratory
Adria Lab Laboratorijska Diagnostika, d.o.o.
· Location of processing
Ljubljana (Slovenia)
PGx (brand name: MyPharmaGenetics / MyMeds)
· Type of processing
WGS (30x)
· Laboratory
DanteLabs
· Location of processing
L'Aquila (Italy)
Order fulfilment and shipping
· We engage third-party providers who ensure delivery of the Testing Kit and Test Result delivery following analysis.
Cloud storage, IT, and security
· GenePlanet outsources Personal Data storage and engages third-party providers for security purposes. In addition, GenePlanet engages third-party providers for IT services and maintenance that enable the tools we use for our operations related to our Products.
Marketing, advertising, and analytics
E-mail, SMS, and written notice sending providers
Transfer of Personal Data based on legal requirements
In certain cases, applicable authorities may require GenePlanet to submit your Personal Data, which we are legally obliged to share.
4. YOUR RIGHTS
Applicable legislation grants you certain rights related to your Personal Data. Below you can find a description of how to exercise these rights, what your Personal Data rights are, and what they mean.
You can exercise your rights by sending an e-mail to dpo@geneplanet.com or by regular mail to GenePlanet’s address (listed above). We will reply as soon as possible and comply with your rights, but never latert han 30 (thirty) days after receiving the request. You will be notified if a longer period is required due to justifiable reasons.
Your right to withdraw Consent
If your Personal Data is based on Consent, you can withdraw your Consent at any time. This does not influence the lawfulness of processing your Personal Data based on the legal ground prior to the Consent withdrawal. Withdrawing your Consent does not lead to any costs or disadvantages.
Your right to access your Personal Data
You may submit a request to GenePlanet to access your Personal Data at any time (if your Personal Data is processed) or your Personal Information and information about Personal Data processing (i.e., purposes of processing, types of Personal Data, retention periods, or the defining criteria of those periods, your rights, the source of the Personal Data, and other information required that is provided by Articles 14 and 15 of the GDPR).
Your right to correct your Personal Data
You have the right to request that Gene Planet corrects your Personal Data or supplements the existing Personal Data that GenePlanet is processing, based on the processing purpose.
Your right to delete your Personal Data (“Right to be forgotten”)
You may at any time request the deletion of your Personal Data if:
· the Personal Data is no longer required for the purposes for which it was collected;
· if you withdraw Consent and no other legal basis applies for its processing;
· if you object to the processing and there are no overriding legitimate reasons for processing;
· your Personal Data has been processed unlawfully;
· your Personal Data must be deleted in order to fulfil the obligations under applicable legislation.
In certain events, as defined by Article 17(3) of the GDPR, GenePlanet will not delete your Personal Data (e.g., due to legal requirements or compliance with applicable legislation, establishment, exercise, or defence of legal claims).
Your right to restrict the processing of your Personal Data
As an individual, you have the right to restrict the processing of your Personal Data in the following events:
· If you contest the accuracy of the Personal Data, enabling GenePlanet for a period to verify its accuracy.
· If the processing is unlawful, and you oppose the erasure of your Personal Data and request restriction of its use instead.
· If GenePlanet no longer needs your Personal Data for the purposes of processing, but you require it for the establishment, exercise, or defence of legal claims.
· It is necessary for the purposes of our legitimate interests as long as our interests are not overridden by your interests or fundamental rights and freedoms. For instance to establish, exercise or defend our legal rights in case of a legal claim; to maintain and update our list of contacts; to deal with communications received from you, contacts via phone or email, and responding to your queries; to ensure network and information security and stability.
Your right to data portability
· If you wish to receive your Personal Data processed by GenePlanet, we will provide it to you (or another individual or legal entity of your choosing) in a structured, machine-readable format if:
· the processing is based on Consent or contract;
· the processing is carried out by automated means.
Your right to object to processing
You have the right to object to the processing of your Personal Data, at any time, by sending a written request.
If your Personal Data is processed for direct marketing purposes, including profiling, you can object to such processing at any time, and your Personal Data will no longer be processed for this purpose.
GenePlanet maintains a comprehensive data protection program using administrative, physical, and technical protection measures to safeguard our users' Personal Data.
We use measures to protect our users from inappropriate access, loss, misuse, or alteration of Personal Data (including genetic data).
The security team at GenePlanet regularly reviews the implementation of our security and privacy practices and upgrades them as necessary to ensure the integrity of our system and your Personal Data.
We use the latest security mechanism standards to process and store Personal Data (including genetic data). We only work with companies that meet and commit to our safety standards. While we cannot guarantee that there will be no loss, misuse, or alteration of Personal data, we strive to prevent this from happening.
It is also important to protect yourself from unauthorised access to your Personal Data by choosing a strong password that prevents unauthorised use of your computer or other electronic devices.
Your account password will only be valid for online sign-in, and we will not ask for your password in any other instance. In the event of unauthorised use of your account, please notify us immediately.
Genetic tests are suitable for anyone wishing to improve wellbeing and adopt a healthy lifestyle. However, if minors purchase the test, they need consent or/and authorisation from their parent or legal guardian.
If you have any questions related to the processing of your Personal Data by GenePlanet, the content of this Privacy Policy, or if you wish to exercise your Personal Data rights, you can contact our Data Protection Officer (DPO) at any time.
Information about GenePlanet’s DPO:
· Name and surname: Andrej Kraševec
· E-mail: dpo@geneplanet.com
· Contact address: genEplanet, osebna genetika d.o.o., Cesta na Poljane 24, 1210 Ljubljana Šentvid, Slovenia.
As an individual, you have the option to lodge a complaint with the Supervisory Authority for the protection of Personal Data if you suspect that the processing of Personal Data by GenePlanet is violating your rights or obligations of applicable legislation, including the General Data Protection Regulation.
The Lead Supervisory Authority for all matters related to Personal Data at GenePlanet is the Information Commissionaire of the Republic of Slovenia (www.ip-rs.si),whom you can contact at gp.ip@ip-rs.si.
Any changes to our Privacy Policy will be published on this website.
