Personal Data Controller
A“Warsaw Genomics spółka z ograniczoną odpowiedzialnością” spółka komandytowa with its registered office in Warsaw at ul. Kiwerska 33A, 01-682 Warsaw (hereinafter “Warsaw Genomics”) is the controller of personal data.
Basis of Personal Data Processing
Warsaw Genomics processes personal data, including sensitive data, on the basis of:
- the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”),
- the Regulation of the Minister of Interior and Administration of 29 April 2004 on Documentation of Personal Data Processing and Technical and Organisational Conditions That Should Be Met by Devices and IT Systems Used to Process Personal Data (J. L. No 100, item 1024),
- the Act on Patients’ Rights and the Patients’ Rights Ombudsman of 6 November 2008 (uniform text, J.L. of 2017, item 1318),
- the Act on Medical Activity of 15 April 2011 (uniform text, J.L. of 2016, item 1638),
- the Act on Providing Services by Electronic Means of 18 July 2002 (uniform text, J.L. of 2017, item 1219),
- and the Patient’s consent (with respect to tests requested directly by the Patient).
Providing us with personal data is completely voluntary but necessary to achieve the purpose of processing for which such data is given.
Any personal data provided to us is not subject to automated decision-making, including profiling.
After completion of the Service, isolated genetic material (DNA) may be stored by Warsaw Genomics for re-use in the future. For that purpose, the Participant must sign an appropriate consent in the Informed Consent Form (attachment no 2). In case no consent is given to such use, genetic material (DNA) will be destroyed.
After completion of the Service, isolated genetic material (DNA) and medical data may be stored and anonymously used by Warsaw Genomics for educational purposes and for the purpose of scientific research aimed at determining the frequency and clinical significance of pathogenic mutations in the Polish population. For that purpose, the Participant must sign an appropriate consent in the Informed Consent Form (attachment no 2). In case no consent is given to such use, genetic material (DNA) will be destroyed.
Biological material other than specified above may be used by Warsaw Genomic, after the requested tests have been completed, for the purposes of scientific research carried out by Warsaw Genomics.
Consents mentioned above may be destroyed at any time.
Each Participant will have the right to obtain from the Controller:
- access to his or her personal data,
- rectification of own personal data,
- erasure of own personal data which will result in immediate deletion of the Participant’s personal data from database,
- restriction of personal data processing,
- lodging a complaint regarding processing of personal data with supervisory authority, which in Poland is Urząd Ochrony Danych Osobowych, www.uodo.gov.pl,
- data portability
- withdrawal of a consent to personal data processing at any time. The withdrawal of the consent will not affect the lawfulness of processing based on the consent before its withdrawal, however, it will prevent us from providing services,
- objection against personal data processing – in case processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller and when processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including in case of profiling. The Controller will no longer process such personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Providing Access to Personal Data to Third Parties
Warsaw Genomics may entrust the processing of personal data to service providers whose services it uses in connection with the operation of the Service and to the suppliers of courier services. In order to provide services for Warsaw Genomics, such entities may obtain access to Participants’ personal data. Warsaw Genomics ensures that in such a case these entities will be obliged to ensure the same data protection standards and will not be authorised to use personal data for own purposes, including for marketing purposes.
Providing Access to Personal Data to Third Countires
If necessary, Warsaw Genomics may transfer personal data to third countries, i.e. located outside the European Economic Area ('EEA'). Before each case of such a transfer, Warsaw Genomics will ensure level of data protection adequate to the level of protection inside the EEA, particularly by:
- ensuring that the entityv to which the data is transferred, is located in the country for which the European Commission has issued a decision confirming that this country ensures adequate level of protection,
- concluding a contract with the entity which contains the so-called standard contractual clauses established by European Commission,
- informing data subjects about the intention of such a transfer.
Personal data of Participants, including sensitive data, are stored in compliance with all security standards aimed at safeguarding them against unlawful disclosure to unauthorised persons.