Ensuring the confidentiality of information provided by the Users and Clients is paramount for MY DNA MAP PLC. We are aware of the sensitivities of the latter and your right to privacy. For this reason, and without prejudice to the full policy to which we refer you, we would like to begin by telling you the most important part: nobody, except you, can link your medical and genomic data to your identity.
In any case, following the legality, loyalty and transparency, in accordance with Organic Law 3/2018 of 5th December, regarding the Protection of Personal Data and guarantee of digital rights and the General Data Protection Regulation (EU) 2016/679, we provide you with the present Privacy Policy.
Who is responsible for processing your data?
DNA MAP PLC
Company tax no.: B88257928
HEAD OFFICE: C/ Avenida de Tolosa, 111 – 1º C, 20018 – San Sebastian – Guipúzcoa (Spain)
Email: administracion@mydnamap.com
Telephone: +34 94 393 7104
Data Protection Officer: Pedro Amorós Tenorio (ID no.: 51113636-T).
What data do we collect and how do we process it?
MY DNA MAP PLC shall store the following user data, which is strictly necessary for the purposes for which it is collected, on three different platforms, which respectively contain:
- Affiliation data.
- Genomic data.
- Medical data, geographical data, lifestyle habits.
MY DNA MAP PLC is unable to link the user’s affiliation data with their other data. For this reason, the sample and the other genomic, medical, geographical and lifestyle habit data ensures anonymity.
Only the user, by using their passwords, can link their identity to their genetic profile. The user is responsible for keeping their passwords confidential, as well as all the activities that occur during sessions started with the username and passwords.
In the event that the user loses their passwords, it will be necessary for a molecular identification test to be undertaken to be able to match the user and their genetic profile and generate new passwords. The costs of this analysis shall be payable by the user, conforming to what is stated in the Contract Conditions.
As a result of the above, MY DNA MAP PLC shall only process your affiliation and contact data, which cannot be linked, except by the user, to genomic, medical, geographical or lifestyle habit data. This, however, shall remain to be stored separately and may be used for the purposes indicated in the Privacy Policy.
What is the purpose of processing your personal data?
At MY DNA MAP PLC, we process data that helps us to manage the contractual relationship which binds us, to manage the sending of information you request, and to provided interested parties offers of interest regarding our services.
The latter may involve the sending of commercial emails, which will have been previously accepted by the User in any case. They shall always be identified as such with the opportunity to unsubscribe from the latter at any time via a link. You may also unsubscribe by contacting MY DNA MAP PLC via the details provided by the Data Processor.
Insofar as storing the data separately from other personal data which identifies the User, genomic, medical, geographic or lifestyle data is not considered as personal data. However, within the limitations of the existing technique, MY DNA MAP PLC shall also apply technical and organisational methods for the purpose of ensuring confidentiality.
This type of data shall be used for research purposes with the aim of contributing to scientific advances in the area of genetics. This shall not give rise to any financial compensation in favour of the interested party. In any case, in accordance with what has been stated, nobody except the interested party is able to link this data to their personal data allowing their identification.
How long will my personal data be retained?
Your personal data will be retained for the minimum period required for the correct provision of the service offered, as well as to meet the responsibilities, which may derive from the latter, and any other legal requirement. The remaining stored data, as described above, which is kept separately from the personal data as it permits the User’s identification, shall be retained indefinitely.
What is the legal basis for the processing of your data?
The legal basis for the processing of your personal data may be for the performance of a potential and/or concluded contract, legitimate interest, legal authorisation and/or consent of the interested party. The data we request is appropriate, pertinent and strictly necessary and in no case are you obligated to provide us with this information. However, by not doing so this could affect the purpose of the service or the impossibility to provide it.
Who is your data sent to?
MY DNA MAP PLC shall not pass on your data to any third-party, except if expressly informed to do so or is required to do so in compliance with the law. However, for the provision of the service requested by the User and only for this purpose, third parties may be ordered to process your personal data, as well as the medical data stored separately from this. In any case, these third parties are committed to MY DNA MAP PLC to apply our Privacy Policy to data as well as our confidentiality guarantees as reflected in this document.
What are your rights when providing your data?
The data protection rights of the interested parties are:
- Right to request access to personal data regarding the interested party.
- Right of rectification or erasure.
- Right of opposition.
- Right to request restriction of its processing.
- Right of data portability.
The owners of the personal data collected, may exercise their data protection rights by writing to the MY DNA MAP PLC head office or by email to the address for this purpose administracion@mydnamap.com. In both instances a copy of your ID and or an equivalent ID document should be provided.
There are templates, forms and more information regarding your rights on the webpage for the national supervisory authority, Spanish Data Protection Agency, hereinafter, AEPD, www.agpd.es.
Can I withdraw my consent?
You have the option and right to withdraw your consent to any given specific purpose at any time. This does not affect the legality of the processing based on the consent given prior to your withdrawal.
Who should I complain to should I consider my data has not been processed correctly?
If you consider that your data has not been processed correctly by MY DNA MAP PLC you can make a complaint to the email address administracion@mydnamap.com,or corresponding data protection officer, this being the stated AEPD in Spain, www.agpd.es.
Security, veracity and updating of personal data
With the aim of safeguarding the security of your personal data, we inform you that MY DNA MAP PLC has taken all of the necessary technical and organisational measures to ensure the security of the personal data supplied. All of this is to avoid any unauthorised change, loss, and/or processing or access, such as stipulated by the law, even if absolute security does not exist. If any anomaly is detected regarding unauthorised access to personal data, MY DNA MAP PLC shall immediately report this to the Spanish Data Protection Agency.
Likewise, MY DNA MAP PLC shall assign its team a Data Protection Officer, who ensures compliance with legislation and supervises all of the data processing processes pursuant to what is stipulated in the GDPR.
The user expresses that all data that he/she provides is true and correct, and he/she commits to ensure this data is kept up to date. It is important that we can keep your data updated and, therefore, that you always keep us informed of any changes to the latter.
Confidentiality
MY DNA MAP PLC informs you that your data, personal or otherwise, will be processed with the maximum commitment to confidentiality by all staff involved in any stages of processing, without being employed for specific purposes related to the contracted services or products purchased. MY DNA MAP PLC is bound to not divulge or disclose any information regarding user claims, reasons for advice requested or the duration of the relations with the latter.
In the event that MY DNA MAP PLC undertakes a merger, acquisition or sale of assets, we require that all participating bodies comply to the provisions of our Privacy Policy at the point of undertaking the said business transaction.
Can the Privacy Policy be modified?
Yes, in the event it is necessary to do so due to legal or regulatory requirements, or if required by the Spanish Data Protection Agency. Consequently, the User is advised to revisit the policy periodically. In any case, MY DNA MAP PLC commits to not reduce the security measures and confidentiality guarantees reflected in this Privacy Policy.