DATA PRIVACY POLICY

HeartGenetics respects your privacy. This Data Privacy Policy is intended to define your rights and answer any questions you may have about your personal data.

Your data will be processed by HeartGenetics, Genetics & Biotechnology, S.A. (HeartGenetics), legal entity no. 510575994, with registered office at Biocant Park, Núcleo 4, Lote 4A, 3060-197 Cantanhede, referred to in this document as “HeartGenetics” or “we”.

HeartGenetics is the data controller of the personal data as defined in the General Data Protection Regulation (“GDPR”).

Why does HeartGenetics process personal data?

HeartGenetics only processes personal data in certain situations:

-If it is necessary to process the data in order to provide a service, you have requested;

-If we are legally obliged to process the personal data,

-If you have explicitly given your permission to do so;

– Or, if it is necessary in the public interest or for a legitimate purpose.

What does HeartGenetics process your data for?

HeartGenetics only collects the personal data necessary to perform a service requested by you (or a third party).

HeartGenetics may contact you for marketing purposes related to services already contracted or that you have consented to the processing of your personal data for this purpose. We give users the opportunity to unsubscribe from our mailing lists via an “unsubscribe” button that is available at the bottom of emails, or by a request sent to dpo@heartgenetics.com.

Your consent is essential for HeartGenetics to process your personal data for certain purposes, including the use of the HeartGenetics webapp.

How does HeartGenetics process your personal data?

HeartGenetics will not sell, rent, lend, trade or lease any personal information collected online or offline. HeartGenetics will not share your personal information with third parties, and all information must be kept confidential unless you give your explicit consent to share it.

All personal data is always treated as confidential and is never made public. Your data is only used for the service you have requested (unless the conditions described in the paragraph above are met) and we never pass on contact details to third parties for commercial purposes.

Only authorised individuals have access to the information provided by our contacts.

What are my rights?

At any time you can:

– Access the information HeartGenetics holds about you: As a data subject, you have the right to obtain confirmation as to whether or not data concerning you is being processed and, if so, to access your personal data and the information provided by law.

– Correct information if it is inaccurate or incomplete: As a data subject, you have the right to require HeartGenetics to correct any inaccurate or incomplete data concerning you without undue delay.

– Delete your personal data: As a data subject, you have the right to ask HeartGenetics to delete your data without undue delay, and HeartGenetics is obliged to delete your personal data without undue delay, in particular when one of the following reasons applies:

a) The personal data is no longer necessary for the purposes for which it was collected or processed;

b) You have withdrawn your consent to the processing of your personal data (in cases where the processing is based on consent) and there are no other grounds for such processing;

c) he/she objects to the processing and no legitimate interests prevail which justify the processing.

Limit the processing of your personal data: As a data subject, you have the right to ask HeartGenetics to limit the processing of your data if one of the following situations occurs:

(a) You challenge the accuracy of the personal data, for a period that allows HeartGenetics to verify its accuracy;

b) The data processing is lawful, and the data subject objects to the erasure of the personal data and instead requests that its use be limited;

c) HeartGenetics no longer needs the personal data for processing purposes, but these data are necessary to establish, exercise or defend legal claims;

d) If you have objected to the processing, even if it turns out that the legitimate reasons of the data controller outweigh those of the data subject.

– Limit the processing of your personal data: In cases where data processing is carried out i) for the purposes of legitimate interests pursued by HeartGenetics or ii) data is processed for direct marketing purposes or iii) data is processed to create profiles, you may also object to the processing of your personal data at any time.

Withdraw consent: If processing is dependent on your consent, you have the right to withdraw it. If consent is legally required for the processing of personal data, the data subject has the right to withdraw consent at any time. However, this right does not affect the lawfulness of any processing carried out on the basis of consent previously given. It also does not compromise the subsequent processing of the same data on another lawful basis, such as for compliance with any contract or legal obligation to which HeartGenetics is subject.

What can I do about my own personal data?

If you wish to exercise any of your rights, you must contact us, in writing, by email at  dpo@heartgenetics.com.

Your requests will be treated with particular care so that we can ensure the effectiveness of your rights. You may be asked to provide evidence of your identity to ensure that your personal data is only shared with the data subject.

You should be aware that in certain cases (for example, due to legal requirements) it may not be possible to deal with your request immediately.

In any case, you will be informed of the action taken in response to your request within one month of the date on which the request is made.

If you consider that your data has been incorrectly processed, you can lodge a complaint with the Portuguese Data Protection Authority (CNPD): www.cnpd.pt).

Does HeartGenetics keep my personal data secure?

Your data are processed securely. We therefore use various technologies and security measures to protect your data against unauthorized access, use, loss, or publication. These technologies and measures are tested regularly and updated if necessary. We use leading encryption technologies that protect your data during communication and storage, and keep your data safe from loss.

Our databases are in the European Union.

How long does HeartGenetics keep my personal data?

Your data is kept by HeartGenetics until the purpose of collection is achieved, and is removed or completely anonymised within 10 years of achieving its purpose, unless another storage period is derived from applicable law.

Contact us at if you have further questions about our privacy practices, you may contact us at dpo@heartgenetics.com

Please be aware that HeartGenetics occasionally updates this Privacy Policy. Therefore, we ask that you review this document from time to time to stay current.

Updated: August 2020