This document refers exclusively to personal data of a general nature, since the specific protection of genetic data is dealt with in the document “PROTECTION OF GENETIC DATA”, which is also displayed on the website.

“24GENETICS, S.L. ” (hereinafter referred to as 24Genetics) is committed to ensuring that your personal information is protected and not misused, strictly subject to the provisions of the Organic Law 3/2018 of December 5, 2018, on the Protection of Personal Data and guarantee of digital rights, and in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and other regulations in force.

In particular, we would like to highlight four fundamental aspects of our privacy policy:

First, at 24Genetics there is a DATA PROTECTION DELEGATE (hereinafter, the DPD), who is in charge of ensuring that there is strict compliance with all data protection regulations, advising us and supervising all the processing we carry out. In addition, the DPD is at your disposal to answer any questions related to the processing of your personal data.

Second, at 24Genetics we take all necessary measures to prevent cyber-attacks. However, if a breach in our security affecting your personal data were to occur, we would immediately notify the SPANISH DATA PROTECTION AGENCY to help us manage the incident, and you yourself, if the situation is serious. In any case, we believe that the most effective and definitive measure against this risk is not to have on our website the genetic data of our customers, so that if we suffer a cyberattack could not find any trace of such data.

Third, in order to provide you with our services, we sometimes subcontract to specialized companies (for example, courier companies), which may have access to your personal data in order, exclusively, to develop their work. In any case, we apply a rigorous supplier selection process to ensure that all our suppliers comply strictly with data protection regulations.
Fourth, if the service you hire requires sending the company a DNA sample, we inform you that from the moment it reaches us, it becomes coded, so that the biological sample is subjected to a process of coding or dissociation: your personal data will not be associated with the sample because the information that identifies you will be replaced or unlinked through the system of using a unique bar code. This will only allow duly authorized 24Genetics personnel to link the saliva sample, and the genetic information derived from it, to your 24Genetics customer account, so that only such duly authorized 24Genetics personnel will have access to the relationship between your biological sample, your DNA and information obtained from its processing, and the code assigned in each case. And, in any case, 24Genetics personnel who access your genetic data in the exercise of their functions will be subject to the duty of secrecy on a permanent basis.

Accordingly, only duly authorized 24Genetics personnel may access your personal data and the results of your genetic tests. And only with your express written consent may such data be disclosed to third parties.
Furthermore, your results and your genetic map are not published online, we do not store the information on our website, and, consequently, they are not accessible to any hacker (for our specific genetic data privacy policy, please visit our website: https://24genetics.com/genetic-data-protection

Having established these fundamental premises, in this document we will proceed to explain who is responsible for the processing of the personal data provided, the non-obligatory nature of their provision, the origin of the personal data processed, the purpose for which the personal information provided by the user will be processed and what are the user’s fundamental data that will be processed, for how long, the basis on which 24Genetics is legitimized to process such data, the regime of its communication to third parties, the user’s responsibility for the accuracy of the data provided, the user’s rights regarding data protection, the protection of the personal information provided and the possibility of changes to this PRIVACY POLICY.

By providing us with your personal information and using our website, we understand that you have read and understood the terms related to personal data protection information that are exposed, giving your consent to that effect.
24Genetics is obliged to comply with the current legislation on data protection, both national and European, with the sole purpose of processing your data in a lawful, fair and transparent manner.

 

I. ORIGIN OF THE PERSONAL DATA PROCESSED

The personal data we process comes from the data subject.

 

II. IDENTITY AND CONTACT DETAILS OF THE PERSON RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA

In accordance with the provisions of art. 11 of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights and other regulations in force in this regard, we inform you that the personal data that you may provide during the use of the website www.24 genetics.com (hereinafter, the website) will be processed, as PERSON RESPONSIBLE FOR THE PROCESSING, by “24GENETICS, S.L.” (hereinafter, 24Genetics), with address in Madrid, Paseo de la Castellana, n.º 95, Planta 28 (C.P. 28046), holder of Tax Identification Number B-8693812 and registered in the Mercantile Registry of Madrid in Volume 28370, Folio 116, Page M-51931; and with e-mail address info@24genetics.com.

 

III. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

Likewise, and as we have already mentioned, 24Genetics has appointed a DATA PROTECTION DELEGATE (hereinafter, the DPO), in charge of ensuring that your data is treated appropriately. In addition, if you would like to make a comment, make a suggestion or ask any kind of question regarding our use of your personal information, you can contact him/her by sending an e-mail to the following address: DPD@24genetics.com.

 

IV. PURPOSES OF THE PROCESSING FOR WHICH THE PERSONAL DATA IS USED AND ESSENTIAL DATA COLLECTED

The main reason why we collect your personal information is to facilitate and improve the service we provide to you.
This main reason is divided into six other more specific purposes for which we collect your personal data, which are as follows:

1.ª) To manage the creation of a user account: to enjoy the service it is necessary for the applicant to create an account and identify himself as a user, since the account allows the telematic processing of both the contracting of the service and the payments derived from the provision of such service. In any case, through the section “My account”, included in the heading “Login” in the top menu of the web, you can modify at any time the personal data you have provided;
2.ª) Manage the Help Center: the purpose of this is to offer you the best possible attention and assistance because, through it and at any time, you can raise all your doubts, comments, suggestions or incidents related to the service we provide. Consequently, it allows us to analyze the requests for information, suggestions and complaints from customers for their management and resolution.
3rd) To carry out marketing actions: we will use your personal data to send you news, products and promotions related to 24Genetics. However, you may unsubscribe from these communications at any time. To do so, simply click on the “unsubscribe” link contained in any of the communications.
4th) Improving the service: at 24Genetics we are constantly working on improving the application and the website, and for this reason we carry out tests, research and analytical studies, and develop new products that end up improving the quality of the service. But it happens that such work often requires the use of personal user data. Therefore, this data allows us to optimize the website, make it more functional and adapt it to your needs.
5th) Preventing fraud: the processing of users’ personal data is also necessary to prevent potential fraud against them and against 24Genetics, making it possible to implement measures that make our Platform a safe place.
6th) To consult the user’s opinion about 24Genetics: it is very useful for us to know what your opinion about 24Genetics is in order to be able to make strategic decisions that make us a company aligned with the interests and concerns of our users. Therefore, at times we may ask you to respond to a simple survey to find out what your perception of us is. However, please note that we are only interested in knowing the opinion of our users in a strictly statistical way. Therefore, when we receive your opinion, we will anonymize it, that is to say, your answers will only be associated with a code. Subsequently, we will deliver the anonymized information to the entity that helps us carry out these studies so that it can proceed to analyze it together with the opinions of many other users, and can thus elaborate a statistical study on the image and perception that users have of 24Genetics. Of course, you don’t have to give us your opinion if you don’t want to.

In order to be even more precise, we will now list the fundamental data we collect from the user, expressing the specific purposes we pursue with their processing:

– E-mail: through it we can communicate with the user and keep him/her informed of news and updates of the website. In any case, the user always has the possibility to unsubscribe, from your user profile, both in the receipt of the generality of our emails and exclusively in certain communications.
– Name and surname or company name, as well as NIF: with these data we can invoice our services. This is also to enable us to duly comply with all legal (e.g. those resulting from Law 10/2010 on the prevention of money laundering and terrorist financing) and tax obligations that apply to such payments.
– Postal, fiscal and, where appropriate, social address: its processing is essential for tax and logistical purposes.
– Contact telephone number: it is convenient in order to have a better communication and, thus, be able to offer a personalized attention.
– Payment data: this data is necessary to carry out transactions involving our services.
In this regard, it should be noted that the means of payment we use are the following:

+ Debit or credit card: on the web we use the STRIPE payment gateway. The privacy policy of this platform is public and you can consult it here: https://stripe.com/es/privacy
+ Bank transfer: this payment method requires that you send us a transfer receipt to the email indicated. Each of the receipts sent is treated in accordance with our PRIVACY POLICY and is destroyed once the transfer reaches the assigned bank account. In no case does the website store such information.
+ PayPal: the user that selects it is redirected to the PayPal platform and its secure environment. 24Genetics does not manage any data within this platform. For more information about PayPal’s privacy policy: https://www.paypal.com/es/webapps/mpp/ua/privacy-full?locale.x=es_ES

– Tracking ID, using tracking software: Generally, each of our users is assigned a tracking ID that helps us understand how you behave when you browse our site. This data helps us to improve our user experience and is not used for any other purpose.
– KIT number: this is the label that the client will stick on the DNA sample (if the contracted service requires it to be sent), as well as on the documents to be sent to us and which the user keeps for himself/herself.
– Order number: this is the number with which we identify each of the user’s orders.

 

V. LEGAL BASIS FOR PROCESSING

The processing of user data by 24Genetics is based on the consent given by the user for this purpose. This consent may be withdrawn by the interested party at any time, although, in the event of revocation, such revocation will not affect the lawfulness of the processing previously carried out.

It is also legally based on the fact that the processing is necessary for the performance of the contract you sign.
And, finally, that the processing is also necessary for the satisfaction of legitimate interests pursued by 24Genetics.
With regard to this last legal basis, we proceed to specify what these legitimate interests of 24Genetics are, depending on the purpose pursued:

1st) To provide the Service: using your personal data is necessary to be able to execute the contract that binds us to you. Otherwise, you would not be able to use the service.

2nd) To carry out marketing activities: we will use your personal data to send you news, offers and promotions based on your profile, but only if you have given us your consent for this purpose. The communications we send you may be sent by email, SMS, apps, etc. Remember, in any case, that you can ask us at any time to stop sending you these personalized communications.

3rd) Improve our service: we consider that at 24Genetics we have a legitimate interest in carrying out tests, research and analytical studies that improve the quality of our service, allow us to make it more functional and adapt it to your needs. In our opinion, this treatment also benefits you directly, since you will be able to enjoy a service that more accurately meets your needs.

4th) To prevent fraud: we also understand that 24Genetics has a legitimate interest in trying to prevent potential fraud related to the service. This treatment is positive for 24Genetics and also for you, since it will allow us to use procedures that try to avoid fraudulent uses of the service.

5th) To consult your opinion about 24Genetics: we believe that we have a legitimate interest in knowing your perception of 24Genetics, as it will allow us to make strategic decisions that are adapted to the needs and concerns of all our users.

 

VI. RECIPIENTS OF PERSONAL DATA (COMMUNICATION OF USER DATA)

The personal data provided by the user will not be communicated to third parties, unless it is necessary for the provision of the requested service or when the user has expressly accepted its communication.
Regarding the first circumstance, it should be noted that in some cases it is necessary for us to communicate the information you have provided to 24Genetics’ collaborating companies in order to be able to provide the requested service. For example, courier companies or third party providers who assist us with various service-related issues.
These third parties only have access to the personal information they strictly need in order to carry out their collaboration. Therefore, the volume and type of personal data we share with them is minimal: it is limited to what is essential. In any case, we ensure that they perform in a confidential and fair manner, and in full compliance with applicable data protection regulations. To this end, we require them to enter into specific agreements with us governing their use of users’ personal data.

 

VII. CRITERIA USED TO DETERMINE THE PERIOD OF RETENTION OF PERSONAL DATA

We only store your personal information to the extent that we need it, in order to use it for the purpose for which it was collected, and always in accordance with the legal basis for processing it, in accordance with applicable law.
In any case, if you exercise your right of deletion and/or limitation of the processing of your data, 24Genetics will keep the information duly blocked, without giving it any use, while it may be necessary for the exercise of claims or for the defense against them, or may derive some kind of judicial, legal or contractual liability for its processing, which must be addressed, and for which its recovery is necessary.
In addition, and as already mentioned, the period of conservation of your personal data depends on each of the purposes for which we use them. Next, we will tell you for how long or until what time we will keep your data in relation to each of the purposes outlined above:
1.º) Provision of the service: we will use your personal data until you decide to stop using our service, for which you must delete your user account. As long as you do not unsubscribe, we will continue to process your personal data for this purpose. Please note that if there is any unresolved issue related to the service, we will try to resolve it before you can unsubscribe.
2.ª) Marketing actions: we will use your personal data until you ask us to stop doing so, regardless of whether you continue to use our service or have unsubscribed. Please note that you can ask us to stop sending you personalized news, offers and promotions at any time: simply click on the “Unsubscribe” link contained in any of our communications.
3rd) Service improvement and feedback on 24Genetics: we will use your personal data until you decide to stop using our service, for which you will need to delete your user account. As long as you do not unsubscribe, we will continue to process your personal data for this purpose.
4th) Fraud prevention: as in the previous case, we will use your personal data until you decide to stop using our service, for which you must also delete your user account. As long as you do not unsubscribe, we will also continue to process your personal data for this purpose.