Privacy Policy

Date drafted: 05.11.2019

Welcome, and thank you for your interest in Antegenes (“Antegenes”, “we,” or “us”). Antegenes is a biotechnology company and healthcare service provider located in Estonia. It is our responsibility to serve our customers by being committed to protection of their privacy. We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this Privacy Policy and as permitted by law, including the European General Data Protection Regulation (“GDPR”).

The Privacy Policy describes the information that we gather, how we use and disclose such information, and the steps we take to protect such information. By visiting the web site, or by purchasing or using the service, you accept the privacy practices described in this Privacy Policy.

1. Data controller

The controller is OÜ Antegenes (Business ID: 14489312) and the customer can contact Antegenes using the following information:

Sõbra 56, 51013, Tartu, Estonia

2. Contact person

Berit Kolk, Managing Director

3. Name of the register

Antegenes customer register

4. Where the personal data is stored

The personal data Antegenes collects is stored within the European Economic Area (EEA), but may also be transferred and processed in a non-EEA country (“Third Country”). Upon such transfer, processing of the data is still done in accordance with applicable data protection legislation. In cases where processing of the personal data is done outside the EU/EEA, this is due to the European Commission either having determined that a Third Country ensures an adequate level of protection or provides appropriate safeguards to ensure that your rights are protected. Examples of appropriate safeguards are an approved code of conduct in the recipient country, standard contract clauses, binding company internal rules or Privacy Shield.

5. Purpose of processing personal data

Personal data contained in the Antegenes customer register is used to manage customer relationships and deliveries. We process personal data for the following purposes:

  • to contact and communicate with our customers
  • to provide requested information or services
  • to comply with legal obligations.
  • to confirm your identity and verify your personal and contact 
  • to manage your account on our member page
  • to prevent abuse such as fraud and identity theft
  • to administer your order and customer relationship to prevent abuse such as fraud and identity theft.

Antegenes uses providers to perform system maintenance, data analyses, audits, payment and development. These providers have access to your personal data to the extent necessary to carry out these tasks on behalf of Antegenes. Providers are under an obligation not to disclose or use your personal data for purposes that extend beyond the above assignments. Antegenes never forwards, sells or exchanges your personal data for marketing purposes.

6. Information contained in the register

Customer information collected in the register includes:

  • first and last name
  • company name, if applicable 
  • contact information (street address, postcode, city, phone number and email address)
  • answers to medical condition specific questionnaires
  • list of patient permissions
  • personal genetic data
  • country of residence
  • sex
  • date of birth
  • order history (order date, payment method, products ordered, ordering method, shopping list)
  • technical log data (IP address, browser) of the Internet server
  • permission for direct marketing
  • delivery tracking data (if any)
  • pseudonym code

7. Regular data sources

The data controller only registers information on the Antegenes online service user that is personally provided by the customer when using the service.

8. How long the personal data is processed

Antegenes processes the personal data for as long as is necessary with regard to the purpose of the relevant processing. The processing may continue as long as it is necessary to execute our contractual commitments towards the customer and as long as required by statutory storage times. When Antegenes processes the personal data for purposes other than our contractual commitments, for example to meet requirements contained in accounting or consumer law, Antegenes processes personal data only for as long as necessary for each purpose.

9. Disclosure of information

No data is disclosed outside of Antegenes. The personal data of data subjects is deleted at the request of the customer.

10. Data protection of the register

Customer data is only processed by personnel specifically authorized to manage the customer register. The register is located on a private server owned by Antegenes in a high-security data center in the EU area. Consistent with applicable laws and requirements, including the GDPR, Antegenes has established appropriate physical, electronic, and administrative safeguards to protect your Personal Data from loss, misuse, alteration, theft, unauthorized access, or unauthorized disclosure. We evaluate these protections on an ongoing basis to help minimize risks from new security threats as they become known.

11. Grounds for keeping the register

Customer relationship/Consent

12. Right to amend this privacy policy

From time to time, we may update this Privacy Policy. Please revisit this page periodically to stay aware of any changes to this Privacy Policy. If we modify the Privacy Policy, we will make it available through the service, and indicate the date of the latest revision, and will comply with applicable law.