At genEplanet, personal genetics, d.o.o. (GenePlanet), your privacy is our top priority. GenePlanet is committed to the responsible handling of your personal data, which is secured at all administrative, technical, and physical levels.
1. Basic concepts
Genetic data pertains to personal data relating to an individual's inherited or acquired genetic characteristics, providing unique information on their physiology and health. Genetic data is the result of the analysis of an individual's biological sample.
Personal data pertains to any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified directly or indirectly, in particular by indicating an identifier such as a name, identification number, location data, web identifier, or by indicating one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
Processing pertains to any operation or set of operations carried out on personal data or sets of personal data (using or not using automated means), including collecting, recording, organising, structuring, storing, adapting or modifying, retrieving, inspecting, using, disclosing by transmission, dissemination or otherwise making available, adapting or combining, restricting, deleting or destroying.
Processor pertains to a natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller.
The data subject’s personal consent pertains to any voluntary, concrete, informed and unambiguous action, in the form of a statement or clear affirmative action, from which the data subject’s wishes can infer approval for the processing of their personal data.
Online result: Following the doctor’s communication of an individual’s NIPT analysis results, the individual has the opportunity to view their results online. If the individual decides to use this option, they will receive an email with a link to our platform at app.geneplanet.com. After clicking on the link in the received email, the individual will be taken through the registration process, during which they choose a password and thus create a user account. After entering the unique analysis code, the individual can view their NIPT analysis results. If an individual no longer wishes to have a user account, they can contact us to help them close it.
Controller pertains to a natural or legal person, public authority, agency or any other body which alone or jointly determines the purposes and means of processing personal data; When the purposes and means of processing are determined by European Union law or the laws of its Member States, the controller (or the specific criteria for the appointment of a controller) may be determined by European Union law or the laws of its Member States.
2. Legal basis for the processing of personal data
Your personal data is processed if any of the following legal bases apply:
(a) you have given consent to the processing of your personal data for one or more specific purposes. You can withdraw your consent at any time. Please note that revoking the collection and processing of your personal data does not affect the legality of personal data processing based on consent given before it was withdrawn and that we may continue to process your personal data despite the withdrawal of consent in as much as there is a legal basis for it;
(b) processing is necessary for the performance of the agreed-upon contract or in order to take steps at your request prior to entering into a contract;
(c) processing is necessary to fulfil a specific legal obligation that applies to GenePlanet;
(d) processing is necessary for the protection of vital interests;
(e) processing is necessary for the performance of a task performed in the public interest or in the exercise of official authority;
(f) processing is necessary for legitimate interests, except where such interests are outweighed by your interests or fundamental rights and freedoms that require personal data protection>
3. What personal data do we collect, for what purpose, and for how long do we store this data?
GenePlanet, based on the appropriate legal basis, derived from your consent for personal data processing and/or concluded contract, processes and stores your personal data as follows:
Purpose of data collection
Mother’s Personal Data
Time limits on data storage
Analysis and result interpretation
If you do not wish to share the personal data mentioned above, it is not possible to carry out the analysis and result interpretation.
We keep your personal data for 5 years after receiving the results of the analysis. After the storage period expiry, they are permanently deleted.
Creating a user account on the GenePlanet Health Intelligence Platform
If you do not wish to share your email address with us, it is not possible to create a user account.
We store your data until you express a desire to close your account. If you request your account to be closed, we will permanently delete the data.
Storage of genetic material
| || |
The laboratory will keep the blood sample for 2 years after receiving the results (for cases when the result shows a low risk of abnormalities) or 3 years (for cases when the result shows a high risk of abnormalities). Following the storage period expiry, your blood sample will be permanently destroyed. GenePlanet does not store your genetic material.
| || |
Your personal data is stored for 5 years after receiving the analysis results. Following the storage period expiry, your data will be permanently deleted.
| || |
We keep your personal data for 5 years after receiving the results of the analysis. Following the storage period expiry, your data will be permanently deleted.
4. When is your data shared, and whom is it shared with?
GenePlanet does not share your personal data (including genetic information) with third parties, except when necessary to perform the NIPT analysis or if requested by a legitimised authority (such as a government agency).
Your data is shared with:
- personnel authorised by GenePlanet, who need the information to ensure smooth execution of our contracts;
- selected business partners in order to carry out the contracts they have entered into with you or with us. This category includes: the laboratory, application and website development companies, hosting-system management and maintenance, data storage, and virtual infrastructure, as well as payment processing companies and accounting firms.
When choosing business partners with whom we share your personal data, GenePlanet strictly adheres to all security measures and verifies that the operations of the organisations to which we transfer data comply with the legislation in the field of personal data protection.
GenePlanet takes a number of security measures to prevent the transmission of personal data to countries outside the European Economic Community. GenePlanet does not transfer personal data to countries outside the European Economic Community unless a country or territory meets relevant personal data protection criteria, and provided that the data subjects have guaranteed rights and legal remedies to protect their personal data. In cases of data transmission outside the European Economic Community, you have the right to obtain a copy of the data transfer security measures we provide from our Data Protection Officer (DPO).
5. Your rights and access to your data
a) Right of information and access:
You have the right to obtain confirmation of whether GenePlanet is processing your personal data and, if so, access that personal data. If your personal data is to be exported to third countries, you have the right to request a copy of the security measures we take to protect the personal data that are the subject of these exports. Access to these documents is granted through our DPO.
b) Right to rectification:
You have the right to obtain the rectification of your inaccurate personal data without undue delay. Taking into account the purposes of the processing, you have the right to supplement incomplete personal data.
c) Right of erasure (”right to be forgotten”):
You have the right to request erasure of any personal data concerning you without undue delay, and we have an obligation to delete personal data without undue delay when the original purpose of processing this personal data is no longer relevant or there is no legal basis to reject such a request.
d) The right to limit processing
You have the right to request a restriction of the data processing if you do not agree to the processing of personal data that is based on our legitimate interest. You may also request a restriction on the processing of data that is inaccurate or no longer required for processing.
e) Right to data portability
You have the right to receive the personal data you provided to GenePlanet and have this data transmitted to another controller.
f) Right to object
For the reasons set out in more detail in the General Data Protection Regulation (GDPR), you have the right to object to the processing of your personal data at any time.
g) Right to withdraw consent
If your personal data was collected with your consent, you have the right to withdraw your consent at any time.
h) The right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the Information Commissioner if you believe that the processing of your personal data violates applicable law. You can file a complaint by sending an email to gp.IP (at) ip-rs.si, or by ordinary mail to the address: Information Commissioner of the Republic of Slovenija, Dunajska Cesta 22, 1000 Ljubljana, Slovenia.
i) Automated decision-making, including profiling
You have the right to know whether you are subject to a decision based solely on automated processing, including profiling, that has legal effects concerning you or similarly significantly affects you.
Any request relating to exercising the rights related to personal data protection can be sent by email to email@example.com or by ordinary mail to the address: genEplanet d.o.o., Cesta na Poljane 24, 1000 Ljubljana, Slovenia.
6. Security measures
GenePlanet maintains a comprehensive data protection program using administrative, physical, and technical protection measures to protect our users' personal data.
We use measures to protect our users from inappropriate access, loss, misuse, or alteration of personal data (including genetic data).
The security team at GenePlanet regularly reviews the implementation of our security and privacy practices and upgrades them as necessary to ensure the integrity of our system and your personal data.
We use the latest security mechanism standards to process and store personal data (including genetic information). We only work with companies that meet and commit to our safety standards. While we cannot guarantee that there will be no loss, misuse, or alteration of personal data, we strive to prevent this from happening.
It is also important to protect yourself from unauthorised access to your personal information by choosing a strong password that prevents unauthorised use of your computer or other electronic devices.
Your account password will only be valid for online sign-in, and we will not ask for your password in any other instance. In the event of unauthorised use of your account, please notify us immediately.
7. Data on children
GenePlanet is committed to protecting the privacy of both adults and children. Neither GenePlanet nor its services are intended forpersons under 18 years of age.
8. Identity and contact details of the Data Protection Officer (DPO)
Contact information of the Data Protection Officer:
- Name and surname: Tadej Francelj
- email address: firstname.lastname@example.org
You can contact us at any time by phone or send your questions by email.
Date of entry into force: 24. 3. 2021