Privacy Policy
This Privacy Policy explains how (will provide later), operating www.cairna.health ("Website"), processes personal data, including genetic data, in accordance with the EU General Data Protection Regulation ("GDPR").
1. Data Controller
(will provide later)
Tartu mnt 67/1-13b, 10115 Tallinn, Estonia
Contact entity: (will provide later)
Email: (will provide later)
2. Categories of Personal Data
We may process the following categories of data:
• Identification data (name, date of birth)
• Contact details (email, address)
• Order and payment data
• Biological and genetic data submitted for testing
• Technical data (IP address, device information)
3. Legal Bases for Processing
We process personal data based on:
• Article 6(1)(b) GDPR – performance of a contract
• Article 6(1)(c) GDPR – legal obligations
• Article 6(1)(a) GDPR – consent
• Article 9(2)(a) GDPR – explicit consent for genetic data
4. Purpose of Processing
Personal and genetic data are processed solely for:
• Providing the contracted DNA/genetic Services
• Delivering reports (including PDF reports via secure email)
• Customer support and service improvement
• Compliance with legal obligations
5. Email and PDF Delivery
By consenting to the Services, you acknowledge that genetic test results may be delivered as password-protected PDF files via email. This constitutes explicit consent to electronic transmission of sensitive personal data.
6. Data Storage and Retention
Personal data is retained only as long as necessary for the purposes described.
Biological samples are destroyed after completion of Services unless extended storage is explicitly consented to.
7. Data Recipients
Data may be shared with:
• Accredited laboratories
• Technical and hosting service providers
• Regulatory authorities where legally required
All recipients are bound by confidentiality and data protection agreements.
8. International Transfers
If data is transferred outside the EEA, appropriate safeguards under Chapter V GDPR are applied.
9. Data Subject Rights
You have the right to access, rectify, erase, restrict, and port your data, and to withdraw consent at any time without affecting prior lawful processing.
10. Complaints
You may lodge a complaint with the Estonian Data Protection Inspectorate (AKI) or your local supervisory authority.
Die französische Fassung ist maßgeblich.