DATA PRIVACY POLICY

HeartGenetics respects your privacy. This Data Privacy Policy is intended to define your rights and answer any questions you may have about your personal data.

Your data will be processed by HeartGenetics, Genetics & Biotechnology, S.A. (HeartGenetics), legal entity no. 510575994, with registered office at Biocant Park, Núcleo 4, Lote 4A, 3060-197 Cantanhede, referred to in this document as “HeartGenetics” or “we”.

HeartGenetics is the data controller of the personal data as defined in the General Data Protection Regulation (“GDPR”).

Why does HeartGenetics process personal data?

HeartGenetics only processes personal data in certain situations:

-If it is necessary to process the data in order to provide a service, you have requested;

-If we are legally obliged to process the personal data,

-If you have explicitly given your permission to do so;

– Or, if it is necessary in the public interest or for a legitimate purpose.

What does HeartGenetics process your data for?

HeartGenetics only collects the personal data necessary to perform a service requested by you (or a third party).

HeartGenetics may contact you for marketing purposes related to services already contracted or that you have consented to the processing of your personal data for this purpose. We give users the opportunity to unsubscribe from our mailing lists via an “unsubscribe” button that is available at the bottom of emails, or by a request sent to dpo@heartgenetics.com.

Your consent is essential for HeartGenetics to process your personal data for certain purposes, including the use of the HeartGenetics webapp.

How does HeartGenetics process your personal data?

HeartGenetics will not sell, rent, lend, trade or lease any personal information collected online or offline. HeartGenetics will not share your personal information with third parties, and all information must be kept confidential unless you give your explicit consent to share it.

All personal data is always treated as confidential and is never made public. Your data is only used for the service you have requested (unless the conditions described in the paragraph above are met) and we never pass on contact details to third parties for commercial purposes.

Only authorised individuals have access to the information provided by our contacts.

What are my rights?

At any time you can:

– Access the information HeartGenetics holds about you: As a data subject, you have the right to obtain confirmation as to whether or not data concerning you is being processed and, if so, to access your personal data and the information provided by law.

– Correct information if it is inaccurate or incomplete: As a data subject, you have the right to require HeartGenetics to correct any inaccurate or incomplete data concerning you without undue delay.

– Delete your personal data: As the data subject you have the right to ask HeartGenetics to delete your data, without undue delay, and HeartGenetics is obliged to delete your personal data, without undue delay, in particular when one of the following reasons applies:

a) The personal data is no longer necessary for the purposes for which it was collected or processed;

b) You have withdrawn your consent to the processing of your personal data (in cases where the processing is based on consent) and there are no other grounds for such processing;

c) You oppose the processing and no legitimate interests prevail that justify the processing.

Limit the processing of your personal data: As the data subject you have the right to ask HeartGenetics to limit the processing of your data if one of the following situations occurs:

(a) You challenge the accuracy of the personal data, for a period that allows HeartGenetics to verify its accuracy;

b) The data processing is lawful, and you oppose to the erasure of your personal data but, instead, ask for its use to be limited;

c) HeartGenetics no longer needs the personal data for processing purposes, but these data are necessary to establish, exercise or defend legal claims;

d) If you have opposed the processing, even if it turns out that the legitimate reasons of the data controller outweigh those of the data subject.

Oppose the processing of your personal data: In cases where the data processing is carried out i) for the purpose of legitimate interests pursued by Hearthenetics or  ii) the data is processed for direct marketing purposes or ii) the data is processed to create profiles, you may also oppose the processing of your personal data at any time.

Withdraw the consent: If processing depends on your consent, you have the right to withdraw it. If consent is legally required for processing personal data, the data subject has the right to withdraw consent at any time. However, that right does not compromise the lawfulness of any processing carried out on the basis of consent previously given. Nor does it compromise the subsequent processing of the same data on another legal basis, such as compliance with any contract or legal obligation to which HeartGenetics is subject.

What can I do about my own personal data?

If you wish to exercise any of your rights, you must contact us, in writing, by email at  dpo@heartgenetics.com.

Your requests will be treated with particular care so that we can ensure the effectiveness of your rights. You may be asked to provide evidence of your identity to ensure that your  personal data is only shared with the data subject.

You should be aware that, in certain cases (for example, due to legal requirements), it may not be possible to deal with your request immediately. In any case, you will be informed of the measures taken in response to your request within one month of which the request was made.

If you consider that your data has been incorrectly processed, you can lodge a complaint with the Portuguese Data Protection Authority (CNPD): www.cnpd.pt).

Does HeartGenetics keep my personal data secure?

Your data is processed securely. We therefore use various technologies and security measures to protect your data from unauthorized access, use, loss, or publication. These technologies and measures are tested on a regular basis and updated if necessary. We use leading encryption technologies that protect your data during communication and storage, and we keep your data safe from loss. Our databases are in the European Union.

How long does HeartGenetics keep my personal data?

Your data is kept by HeartGenetics until the purpose of collection is achieved, and is removed or completely anonymised within 10 years of achieving its purpose, unless another storage period is derived from applicable law.

Contact us

If you have further questions about our privacy practices, you may contact us at dpo@heartgenetics.com

Please be aware that HeartGenetics occasionally updates this Privacy Policy. Therefore, we ask you to review this document from time to time to keep up to date.

Updated: March 2023