|
GENETO PRIVACY POLICY
Here you will find information on the processing of your personal data in Geneto (hereinafter “we”, “us”, “our” or “Geneto”). We strive to be a reliable partner in providing our Services and the processing of personal data. |
|
Here you can find the definitions of capitalized terms.
|
1. Definitions1.1 Data Subject/you means a natural person about whom we hold data or information that enables to identify a natural person, including the User.1.2 Special Categories of Personal Data are Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data used to uniquely identify a natural person, health data or data concerning a natural person’s sex life or sexual orientation.1.3 Personal Data means any information relating to an identified or identifiable natural person (Data Subject), such as name, personal identification number, location data, network identifier, data on physiological, genetic, mental, economic, cultural or social characteristics.1.4 User means any natural person who uses or has expressed a wish to use our Services.1.5 Visitor means a person using the Website.1.6 Cookies are data files that are occasionally stored on the Visitor’s device while being on the Website.1.7 Agreement means an agreement for the provision of the Service or any other agreement between us and the User, including the Terms of Use and other applicable procedures and policies.1.8 Privacy Policy means this Privacy Policy that sets out our policy for the processing of Personal Data.1.9 Service means the services and products provided by us.1.10 Website/App means, in particular, our website https://geneto.com/ as well as our social media pages and mobile applications.The text of this Privacy Policy may also include other definitions.Terms relating to data protection are used in this Privacy Policy as defined in the General Data Protection Regulation (2016/679). |
|
Here you can find our contact details and when this Privacy Policy applies. |
2. About us and general INFORMATION2.1 About us. The controller of your personal data is Geneto OÜ, a legal entity with registry code 14091673, legal address at Narva mnt 9, Tartu 51009, Tartu County, Estonia.2.2 Contacts. In case of any questions regarding Personal Data, please contact us by e-mail at info@geneto.com.2.3 The Privacy Policy applies to Data Subjects who use the Services or who have made an enquiry to us or have expressed a wish to receive offers or newsletters from us. |
|
Here you can find our main principles that guide our processing of Personal Data. |
3. PRINCIPLES3.1 We aim to be transparent, accountable and secure in the processing of Personal Data.3.2 All of our processes, policies and activities relating to the processing of Personal Data are based on the following principles: lawfulness, fairness, transparency, purposefulness, minimisation of data collection, accuracy, limitation of retention, reliability and confidentiality, as well as data protection by default and by design. |
|
Here you can find information on the purposes and legal basis on which we may process your Personal Data.
|
4. GENERAL PURPOSES, LEGAL BASiS AND OPERATIONS REGARDING DATA PROCESSING4.1 Geneto’s aim is to provide the Services which help to lose weight, make suitable dietary choices and support a healthy lifestyle.We rely on the following legal basis for the processing of Personal Data:4.2 Consent is usually basis for the processing of Special Categories of Personal Data (e.g., genetic data and health data). For the processing of Special Categories of Personal Data, we will seek your explicit consent directly or through our cooperation partner. Please note that if you consent to our processing of your genetic data in the context of our genetic testing, we will process your genetic data until you delete the account which you have created in the App or withdraw your consent to the processing of your genetic data. If you withdraw your consent to the processing of your genetic data, you can, for instance continue to use our Premium Service Package, however, your genetic data will be deleted and no further risk scores shall be calculated for you. We may also ask for your separate consent in other cases, such as for sending personalised offers or for the use of genetic data in Geneto’s research and development. On the basis of consent, we will process Personal Data strictly within the limits, to the extent and for the purposes specified when requesting the consent. The Data Subject gives his or her consent to us voluntarily, specifically, knowingly and unambiguously, for instance by ticking a checkbox on the Website/App or on our cooperation partner’s website.4.3 Entry into and performance of a contract may involve the processing of Personal Data for the following purposes:(1) implementation of precontractual measures upon the Data Subject’s request;(2) User identification to the extent required by the duty of care;(3) performance of obligations to the User with respect to the provision of our Services;(4) communicating with the User;(5) ensuring the performance of the User’s payment obligations;(6) preparing, enforcing and defending legal claims.Please note that the purpose of personal data processing may be further specified in an Agreement concluded with you.4.4 Legitimate Interest means our interest in managing or operating our business to enable us to provide the best possible Services in the market. In doing so, the processing of Personal Data must not unduly prejudice your rights. We process your Personal Data on the basis of legitimate interest for the following purposes:(1) for the management and analysis of the user base, including conducting research to improve the availability, range and quality of the Services and to make the best and most personalised offers to the User subject to his/her consent, and we use the data collected for the purposes of web analytics or analysis of mobile and information society services, to ensure the functioning of these channels, to improve them, to compile statistics and to analyse Visitor/User behaviour and user experience and to provide a better and more personalised Service;(2) for conducting campaigns, including the organisation of personalised and targeted campaigns, conducting User and Visitor satisfaction surveys and measuring the effectiveness of marketing activities; including, subject to applicable legal requirements, to carry out (direct) marketing on the basis of legitimate interest;(3) for network, information and cyber security reasons, including measures taken for ensuring the security of the Website/ App and making and storing back-up copies;(4) for the preparation, filing or defending of legal claims.Please note that we will NOT process Special Categories of Personal Data collected in the course of providing the Service on the basis of legitimate interest (unless we have the right and need to do so under applicable law), but ONLY within the limits of your consent.Please note that if we use your Personal Data to send marketing e-mails or for similar purposes, this is also subject to your consent and you may always opt out of such communications, e.g., by clicking the unsubscribe link in an e-mail.4.5 To comply with our legal obligations, we process Personal Data to fulfil our obligations established by legislation. For example, we have a legal obligations to maintain accounting records or process payments.4.6 Additional purpose. Where Personal Data is processed for a new purpose compared to the purpose for which the Personal Data was originally collected, or if processing is not based on the Data Subject’s consent, we will carefully assess the permissibility of such additional processing. We will take into account, among others things, in determining the compatibility of the additional purpose with the purpose for which the Personal Data was originally collected:(1) the relationship between the purposes for which the Personal Data were collected and the purposes of the proposed further processing;(2) the context in which the Personal Data were collected, in particular the relationship between the Data Subject and us;(3) the nature of the personal data, in particular whether Special Categories of Personal Data are processed or whether personal data related to criminal convictions and offences are processed;(4) the possible consequences for Data Subjects of the proposed further processing;(5) the existence of appropriate safeguards, which may include, for instance encryption and pseudonymisation. |
|
Here you can find the types of Personal Data we collect for the provision of our Services, and other information. |
5. Details of processing related to our Services5.1 Our Service has different functionalities. Here you can find relevant information about our Service and the functionalities for which the processing of Personal Data is vital.Please note that our Services may be made available to you as part of the services/products of our cooperation partners, in which case the processing of Personal Data may differ from that set out in this Privacy Policy. Please assure to review the terms and conditions of the specific service/product and/or its provider and their processing of Personal Data. In any case, we and our cooperation partners will comply with applicable data protection regulation.5.2 Collection of Personal Data. We may obtain Personal Data through the following means:(1) Personal Data is disclosed to us by the Data Subject;(2) Personal Data is obtained in the course of ordinary communication between the Data Subject and us;(3) Personal Data is explicitly disclosed by the Data Subject (e.g. on social media);(4) Personal Data is generated during the use of the Service;(5) Personal Data is generated as a result of visiting and using the Website;(6) Personal Data is provided by third parties (e.g., when you allow access to data from other applications when using our Service; these may include, for example, a pedometer, various training applications; data from third-party identity verification/log-in providers used for logging into the Service, etc.);(7) Personal Data is created and combined by us (e.g., interactions in the context of a user relationship, a combination of the Service consumption and other data).5.3 Overview of the functionalities of the Service and the relating Personal Data. The functionalities offered and the corresponding types of the Personal Data processed may vary depending on the selected Services (e.g., package) or providers (e.g., if our Service is provided in cooperation with/through our partners). In general, we process the following Personal Data in connection with the Service:(1) Personal details and contacts, including, but not limited to, full name, personal identification number, profile picture (if selected), e-mail address, address, phone number. This Personal Data is primarily necessary for the purposes of entering into the Agreement, identification and provision of the Service.(2) User identification data, i.e. the data used to identify the User when logging into the Service, such as username, identity document details. This Personal Data is primarily necessary for the identification of the User and the provision of the Service.(3) Service usage data, including, but not limited to, username, Service package details, Service options/settings (e.g., entered dietary or exercise preferences, weight goals), workouts, nutrition information, usage history, Service reports and reviews, payments, user profile, data on user support interactions and any other data entered by the User. Service usage data data is primarily necessary for the provision, development and quality assurance of the Service.(4) Physical data, including, but not limited to, gender, date of birth, height, weight, physical activity. Physical data is primarily necessary for the provision of the Service.(5) Health data, including, but not limited to, genetic data and other health data that the User discloses to us in connection with the use of the Service. The health data (genetic data) is primarily necessary for the purpose of genetic testing and the preparation of feedback/surveys.Please note that we collect genetic data only if you have opted in to the relevant functionality, i.e. ordered a genetic test. According to your choice, we will carry out the test together with our genetic testing cooperation partner and provide you with the results and feedback. The genetic laboratory will only receive your sample and the corresponding code generated for you, i.e. the genetic laboratory receives non-personalised data only. We have concluded a contract with the genetic laboratory to ensure that your data is only used for the purposes of providing our Service.(6) Family data is any data that the User enters about his or her family members, including, e.g., physical data, Service usage data. This Personal Data is primarily required for the provision of the Service.Please note that the User must confirm that he/she is entitled to or has obtained a consent to provide the relevant data to us and for our processing of such data in accordance with the Privacy Policy.(7) Technical information of the Service, including, but not limited to, IP address, technical logs, the device used (e.g., mobile, tablet, etc.), cookie information. The technical information of the Service is required for the provision of the Service, ensuring cyber security, development of the Service and quality assurance.5.4 Geneto will use the collected Personal Data as described above and for the provision the various functionalities of the Service. These functionalities include e.g., nutrition diary, diet plan, exercise diary, exercise plan, weight tracking, User activity, daily and weekly summaries, shopping list, creation and management of User’s own meals, management of family members, ordering genetic tests, genetic test results and feedback.Note. The Service and its functionalities may change over time and according to the Service packages selected.We may send you notifications and reminders regarding the Service and its features.Please note that further details of the processing of Personal Data in connection with our Service may be additionally set out in the specific Agreement concluded with you and/or in the terms of service of our cooperation partner(s) (if You use our Service/functionality through another provider). |
|
Here you can find information on when we may share your Personal Data to our cooperation partners. |
6. personal data TRANSFERS AND AUTHORISED PROCESSORS6.1 We cooperate with other parties to whom we may sometimes transfer the Personal Data of Data Subjects in the course of and for the purposes of such cooperation.6.2 Third parties to whom we may share/disclose data include ICT partners, i.e. providers of various technical services, invoicing service providers, advertising and marketing partners, customer satisfaction researchers, debt collection service providers, credit registers, provided that:(1) the relevant purpose and processing is lawful;(2) the processing of Personal Data is carried out in accordance with our instructions and under a valid contract.6.3 As a general rule, we will not transfer Personal Data outside the European Economic Area. Where we transfer Personal Data outside the European Economic Area, we will only do so in compliance with the requirements of data protection legislation, e.g., where the European Commission has decided that an “adequate level of protection” exists in the target country or, in the absence of such a decision, if we have adequate safeguards in place (e.g., binding intra-group rules or standard data protection clauses). If you would like to enquire whether your Personal Data has been transferred outside the European Economic Area or about the safeguards we have put in place to protect your Personal Data, please contact us at info@geneto.com. |
|
Here you can find a description of how we protect your Personal Data and for how long we retain your Personal Data. |
7. SECURITY AND RETENTION OF Personal Data7.1 Retention. We will retain Personal Data only as long as necessary (usually for the duration of the provision of the Service, for the time needed to achieve the purpose of the processing on the basis of legitimate interest, for the mandatory retention period under the law). If you have consented to the processing of your genetic data for the purposes of providing the Services, please note that we will retain your genetic data in a personalised form on the basis of that consent for as long as you use the Premium Service Package. If you withdraw your consent to the processing of your genetic data for this purpose, you can continue to use the Premium Service Package, however, no new risk scores will be calculated for you on the basis of your genetic data. If you have any questions about the retention of your Personal Data, please contact us at info@geneto.com.When the retention period of certain Personal Data expires, the respective data will be destroyed or anonymised according to best practices available and in accordance with the procedures established by us.7.2 Security. We have established policies and procedures to ensure the security of the processing of Personal Data by using organisational and technical measures. All data traffic is encrypted and Special Categories of Personal Data are always stored in encrypted form.7.3 In the event of any incident involving Personal Data, we will take all necessary measures to mitigate the consequences and to manage the relevant risks in the future. Among other things, we will record all incidents and, where appropriate, notify the Data Protection Inspectorate and the Data Subject directly (e.g., by e-mail) or publicly (e.g., through national media). |
|
Processing the Personal Data of children. |
8. PROCESSING OF THE PERSONAL DATA OF CHILDREN8.1 Our Services are not intended for children. Our Users must be at least 18 years old.8.2 We do not knowingly collect information about persons under the age of 18, i.e. about Children, and we will act in accordance with the instructions of the parent or guardian when knowingly doing so.Please note that a User may enter information about their family members, including about Children. In such a case, the User has confirmed that the User has the required rights/consents to enable us to process Personal Data for the provision of the Service.8.3 However, should we become aware that we have collected Personal Data about a Child without the consent of the parent or guardian, we will make our best efforts to stop processing such Personal Data immediately. |
|
Your Personal Data belongs to you and here you can find information about your rights regarding the protection of your Personal Data.
|
9. DATA SUBJECTS’ RIGHTS9.1 Rights relating to consents. The data subject has the right to notify us at any time of his or her wish to withdraw consent to the processing of Personal Data. Withdrawal of consent does not affect the lawfulness of the prior processing.9.2 The Data Subject also has the following rights in relation to the processing of Personal Data:(1) Right to information, i.e. the Data Subject’s right to obtain information on the Personal Data collected about him or her.(2) Right of access, which includes, inter alia, the Data Subject’s right to obtain a copy of the Personal Data processed.(3) Right to rectification of inaccurate Personal Data.(4) Right to erasure, i.e. the Data Subject has the right to request the erasure of Personal Data in certain cases, e.g., where processing is based solely on consent.(5) Right to request the restriction of the processing of Personal Data. This right arises, inter alia, where the processing of Personal Data is not permitted by law, or temporarily if the Data Subject contests the accuracy of the Personal Data.(6) Right to object to the processing of personal data.(7) Right to data portability, i.e. in certain cases, the Data Subject has the right to receive the Personal Data in a machine-readable format or have it transferred to another controller.(8) Rights relating to automated processing mean that the Data Subject has the right to object, at any time and on grounds relating to his or her particular situation, to processing of his or her Personal Data which is based on automated decisions. You have the right to prevent any decisions based on automated processing of Personal Data if such decisions can be classified as profiling. Geneto will notify the Data Subject of its use of automated decisions, if any.(9) Right to lodge a complaint with a supervisory authority.9.3 Exercise of rights. In case of any questions, requests or complaints regarding the processing of Personal Data, the Data Subject can contact Geneto using the contact details provided in Section 2.9.4 Filing of complaints. The Data Subject may file a complaint with Geneto, the Data Protection Inspectorate or a court.The contacts of the Data Protection Inspectorate (AKI) are available on AKI’s website at: https://www.aki.ee/et/inspektsioon-kontaktid/tootajate-kontaktid. |
|
Here you can find information about the use of Cookies or other technologies, and how you can control the use of such technologies. |
10. Cookies and other web technologies10.1 We may collect data about Visitors of the Website/App and other information society services by using Cookies (i.e. small pieces of information stored by the Visitor’s browser on the hard drive of the Visitor’s computer or other device) or other similar technologies (e.g., IP address, device information, location information) and process such data.10.2 We use the data we collect to enable us to provide the Service in accordance with the Visitor’s or User’s preferences; to ensure the best Service quality; to notify the Visitor and User about content and make recommendations; to make advertisements more relevant and to support marketing efforts; to facilitate log-in and data protection. The data thus collected will also be used to count Visitors and to record their usage patterns.10.3 We use session cookies, persistent cookies and advertising cookies. Session cookies are automatically deleted after each visit; persistent cookies are stored for repeated use of the Website; and advertising and third-party cookies are used by our partner websites linked to our Website. We do not control the creation of such third-party Cookies, so you can obtain information about these Cookies from third parties.10.4 With respect to Cookies, Visitors consent to their use on the Website, in the settings of the information society service or in the web browser. Most browsers allow Cookies. Without fully enabling Cookies, the functionality of the Website will not be available to the Visitor. Whether or not to enable or disable Cookies and other similar technologies can be controlled by the Visitor through his or her web browser settings, information society service settings and special privacy-enhancing platforms. |
|
Here you can find information about the current version and changes to the Privacy Policy.
|
11. MISCELLANEOUS11.1 We reserve the right to unilaterally change this Privacy Policy. We will notify the Data Subjects of any such change on our Website/App, by e-mail or otherwise. |