Date drafted: 05.11.2019
1. Data controller
The controller is OÜ Antegenes (Business ID: 14489312) and the customer can contact Antegenes using the following information:
Sõbra 56, 51013, Tartu, Estonia
2. Contact person
Berit Kolk, Managing Director
3. Name of the register
Antegenes customer register
4. Where the personal data is stored
The personal data Antegenes collects is stored within the European Economic Area (EEA), but may also be transferred and processed in a non-EEA country (“Third Country”). Upon such transfer, processing of the data is still done in accordance with applicable data protection legislation. In cases where processing of the personal data is done outside the EU/EEA, this is due to the European Commission either having determined that a Third Country ensures an adequate level of protection or provides appropriate safeguards to ensure that your rights are protected. Examples of appropriate safeguards are an approved code of conduct in the recipient country, standard contract clauses, binding company internal rules or Privacy Shield.
5. Purpose of processing personal data
Personal data contained in the Antegenes customer register is used to manage customer relationships and deliveries. We process personal data for the following purposes:
- to contact and communicate with our customers
- to provide requested information or services
- to comply with legal obligations.
- to confirm your identity and verify your personal and contact
- to manage your account on our member page
- to prevent abuse such as fraud and identity theft
to administer your order and customer relationship to prevent abuse such as fraud and identity theft.
Antegenes uses providers to perform system maintenance, data analyses, audits, payment and development. These providers have access to your personal data to the extent necessary to carry out these tasks on behalf of Antegenes. Providers are under an obligation not to disclose or use your personal data for purposes that extend beyond the above assignments. Antegenes never forwards, sells or exchanges your personal data for marketing purposes.
6. Information contained in the register
Customer information collected in the register includes:
- first and last name
- company name, if applicable
- contact information (street address, postcode, city, phone number and email address)
- answers to medical condition specific questionnaires
- list of patient permissions
- personal genetic data
- country of residence
- date of birth
- order history (order date, payment method, products ordered, ordering method, shopping list)
- technical log data (IP address, browser) of the Internet server
- permission for direct marketing
- delivery tracking data (if any)
- pseudonym code
7. Regular data sources
The data controller only registers information on the Antegenes online service user that is personally provided by the customer when using the service.
8. How long the personal data is processed
Antegenes processes the personal data for as long as is necessary with regard to the purpose of the relevant processing. The processing may continue as long as it is necessary to execute our contractual commitments towards the customer and as long as required by statutory storage times. When Antegenes processes the personal data for purposes other than our contractual commitments, for example to meet requirements contained in accounting or consumer law, Antegenes processes personal data only for as long as necessary for each purpose.
9. Disclosure of information
No data is disclosed outside of Antegenes. The personal data of data subjects is deleted at the request of the customer.
10. Data protection of the register
Customer data is only processed by personnel specifically authorized to manage the customer register. The register is located on a private server owned by Antegenes in a high-security data center in the EU area. Consistent with applicable laws and requirements, including the GDPR, Antegenes has established appropriate physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse, alteration, theft, unauthorized access, or unauthorized disclosure. We evaluate these protections on an ongoing basis to help minimize risks from new security threats as they become known.
11. Grounds for keeping the register