Privacy Policy

1. Data Controller

The Data Controller is:

Media Lives S.r.l.
Via Liguria 34, 20068 Peschiera Borromeo (MI) — Italy
VAT: IT11422121001
Email: privacy@genomatik.com
Genomatik is a trademark of Media Lives S.r.l.

2. Definitions

For the purposes of this notice:

Genetic data: personal data relating to inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or health of that person, resulting from an analysis of a biological sample (Art. 4(13) GDPR).

Biological sample: any quantity of biological material (specifically, saliva) containing DNA collected for genomic analysis.

Genotyping: analysis of specific DNA positions (SNPs — Single Nucleotide Polymorphisms) using high-density microarray technology.

Pharmacogenetic test: genetic test aimed at identifying specific DNA sequence variations that predict individual drug response.

3. Categories of data processed

Genomatik collects and processes the following categories of personal data:

3.1 Identification and contact data

Name, surname, tax ID, residential address, email, phone number, province. These data are necessary for order processing, kit shipping, billing, and result communication.

3.2 Genetic data (special category — Art. 9 GDPR)

Data from genotyping of the data subject's biological sample on 612,847 genetic markers (SNPs), including: variants associated with genetic predispositions, pharmacogenomic profile, phenotypic traits, carrier status. Genetic data constitute special category data under Art. 9 GDPR and are processed with enhanced safeguards.

3.3 Payment data

Credit card or other payment data are processed directly by Stripe, Inc. as data processor. Genomatik does not store or access complete card data.

3.4 Browsing data

During navigation on genomatik.com, the following may be automatically collected: IP address, browser type, operating system, pages visited, access time. These data are processed in aggregate and anonymous form for statistical purposes.

4. Purposes and legal bases of processing

4.1 Provision of genomic analysis service

Purpose: order processing, kit shipping, genotyping, clinical report generation, result communication.
Legal basis: contract performance (Art. 6(1)(b) GDPR) and explicit consent for genetic data processing (Art. 9(2)(a) GDPR).

4.2 Legal obligations

Purpose: fulfillment of tax, accounting, and regulatory obligations.
Legal basis: legal obligation (Art. 6(1)(c) GDPR).

4.3 Service communications

Purpose: communications regarding order status, shipping, report availability.
Legal basis: contract performance (Art. 6(1)(b) GDPR).

4.4 Requests from healthcare professionals and partners

Purpose: management of requests submitted through website forms.
Legal basis: data subject's consent (Art. 6(1)(a) GDPR) and pre-contractual measures (Art. 6(1)(b) GDPR).

5. Processing methods and security measures

Personal data are processed using IT tools, with logic strictly related to the stated purposes and in a manner ensuring data security and confidentiality.

The biological sample travels with a unique identification code, without identifying data. Identifying data and genetic data are stored separately (pseudonymization). Report access is protected by authentication systems. Genetic data are encrypted during transmission (TLS 1.2+). Access to genetic data is limited to authorized personnel.

6. Laboratory and data transfers

Genomic analysis is performed at an ISO 15189/9001/17025-certified European laboratory, acting as data processor (Art. 28 GDPR).

Genetic data are not transferred outside the European Economic Area (EEA).

7. Data retention

Identification data: retained for the duration of the contractual relationship and subsequently for 10 years for tax obligations.

Genetic data and report: retained for 24 months from report generation. Early deletion available on request.

Biological samples: retained by the laboratory for a maximum of 12 months, then destroyed.

Browsing data: retained for 12 months in aggregate and anonymous form.

8. Data communication and disclosure

Data may be communicated to: certified laboratory (data processor), Stripe Inc. (payments), courier, professionals for legal compliance.

Genetic data are never disclosed. Results are not communicated to third parties without explicit consent.

Genomatik does not sell, transfer, or share genetic data with third parties for commercial purposes.

9. Data subject rights

Pursuant to Articles 15-22 GDPR: Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17) including sample destruction, Restriction (Art. 18), Portability (Art. 20), Objection (Art. 21).

Withdrawal of consent: consent may be withdrawn at any time by contacting privacy@genomatik.com.

10. Consent to genetic data processing

Genetic data processing requires the explicit and informed consent of the data subject pursuant to Art. 9(2)(a) GDPR.

Consent is collected through the form available on the Informed Consent page, which the data subject must read and sign.

Refusal to provide consent makes it impossible to deliver the genomic analysis service.

11. Processing of minors' data

The service is intended for persons aged 18 or over. For minors, consent must be given by the holder of parental responsibility (Art. 8 GDPR).

12. Cookies

The website uses only technical cookies necessary for operation. No profiling or third-party cookies are used.

Technical cookies do not require consent (Art. 122 Italian Legislative Decree 196/2003).

13. Changes to this notice

The Controller reserves the right to modify this notice. Changes will be published on this page. For substantial changes regarding genetic data, the data subject will be informed by email.

14. Complaint to the supervisory authority

The data subject may lodge a complaint with the Italian Data Protection Authority:

Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma
www.garanteprivacy.it
Email: protocollo@gpdp.it