Data Privacy Policy

HeartGenetics respects your privacy. This Data Privacy Policy is intended to set out your rights and answer any queries you may have about your personal data.

Your data will be processed by HeartGenetics, Genetics & Biotechnology, S.A. (HeartGenetics), legal entity no. 510575994, with registered office at Biocant Park, Núcleo 4, Lote 4A, 3060-197 Cantanhede, referred to in this document as “HeartGenetics” or “we”.

HeartGenetics is the data controller of the personal data as defined in the General Data Protection Regulation (‘GDPR’).

Why does HeartGenetics process personal data?

HeartGenetics only processes personal data in certain situations:

– If you have explicitly given your permission to do so;

– If it is necessary to process the data in order to provide a service, you have requested;

– If we are legally obliged to process the personal data,

– Or, if it is necessary in the public interest or for a legitimate purpose.

What does HeartGenetics process your data for?

HeartGenetics only collects the personal data needed to carry out a service requested by you (or by a third party).

HeartGenetics may contact you for marketing purposes related to the services already contracted or that you have consented to the processing of your personal data for such purpose. We give users the opportunity to unsubscribe from our mailing lists through an ‘’unsubscribe’’ button which is available at the bottom of emails, or through a request sent to the address

Your consent is essential for HeartGenetics to process your personal data for certain purposes, including the use of HeartGenetics’ webapp.

How does HeartGenetics process your personal data?

HeartGenetics will not sell, rent, loan, trade or lease any personal information collected online or offline. HeartGenetics will not share your personal information with others, and all information is to be kept confidential unless explicit consent to share is given by the user.

All personal data is always treated as confidential and never made public. Your data is only used for the service you have requested (unless the conditions described in the paragraph above are met) and we never pass on contact details to third parties for commercial purposes.

Only authorized individuals have access to the information provided by our contacts.

What are my rights?

At any time, you can:

– Access the information that HeartGenetics holds about you: As the data subject, you have the right to obtain confirmation as to whether or not the data relating to you are being processed and, if this is the case, to access your personal data and the information provided for by law.

– Correct the information if it is inaccurate or incomplete: As the data subject, you have the right to require HeartGenetics to correct any inaccurate or incomplete data that concern you, without undue delay.

– Erasure of your personal data: As the data subject, you have the right to ask HeartGenetics to erase your data, without undue delay, and HeartGenetics is obliged to erase your personal data, without undue delay, in particular, when one of the following reasons applies:

a) The personal data are no longer needed for the purpose for which they were collected or processed;

b) You withdrew your consent to the processing of your personal data (in cases in which the processing is based on consent) and there are no other grounds for this processing;

c) You oppose the processing and there are no prevailing legitimate interests that justify the processing.

– Limit the processing of your personal data: As the data subject, you have the right to ask HeartGenetics to limit the processing of your data if one of the following situations applies:

a) You challenge the accuracy of the personal data, for a period that allows HeartGenetics to check its accuracy;

b) The data processing is lawful, and the data subject opposes the erasure of the personal data and, instead, asks for its use to be limited;

c) HeartGenetics no longer needs the personal data for processing purposes, but these data are necessary to establish, exercise or defend legal claims;

d) If you have opposed the processing, even if it transpires that the legitimate reasons of the data controller prevail over those of the data subject.

– Oppose the processing of your personal data: In cases where the data processing is carried out i) for the purpose of legitimate interests pursued by HeartGenetics or ii) the data is processed for direct marketing purposes or iii) the data is processed to create profiles, you may also oppose the processing of your personal data at any time.
– Withdraw the consent: If the processing depends on your consent, you have the right to withdraw it. If consent is legally required to process personal data, you, as data subject, have the right to withdraw consent at any time. However, that right does not compromise the lawfulness of any processing carried out based on consent previously given. Nor does it compromise the subsequent processing of the same data on another legal basis, as is the case of fulfilling any contract or legal obligation to which HeartGenetics is subject.

What can I do about my own personal data?

If you wish to exercise any of your rights, you should contact us, in writing, by email to

Your requests will be handled with particular care so that we can ensure the effectiveness of your rights. You may be asked to provide proof of your identity to ensure personal data is only shared with its data subject.

You should be aware that, in certain cases (for example, due to legal requirements), it may not be possible to deal with your request immediately.

In any case, you will be informed of the measures taken in response to your request within one month of the date the request is made.

If you consider that your data has been handled incorrectly, you can submit a complaint to the Portuguese Data Protection Authority (CNPD:

Does HeartGenetics keep my personal data safe?

Your data is processed safely. We therefore use various security technologies and measures to protect your data from unauthorized access, use, loss, or publication. These technologies and measures are tested on a regular basis and updated if necessary. We use leading encryption technologies that protect your data during communication and storage, and we keep your data safe from loss.

Our databases are in the European Union.

For how long does HeartGenetics keep my personal data?

Your data is maintained by HeartGenetics until the purpose of collection is achieved, being removed or completely anonymized in a period of 10 years after it has served its purpose, unless another storage period derives from the applicable law.

Contact us

If you have any further questions about our privacy practices, you may contact us at

Please bear in mind that HeartGenetics occasionally updates this Privacy Policy. Therefore, we ask you to review this document from time to time to keep up to date.


Updated: August 2020