Privacy Policy
SIA GENERA PRIVACY POLICY
To ensure the economic activity and legal interests of SIA GenEra as the service provider and employer, as well as the observance of laws and regulations, SIA GenEra needs to process the personal data of clients/patients and employees. SIA GenEra has developed this Privacy Policy (hereinafter — the ‘Policy’) to explain in a transparent and comprehensible manner its activities as the service provider and employer with the personal data of clients/patients and employees in accordance with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter — the ‘Regulation’) by providing information regarding the purpose, legal grounds and duration of data processing, recipients of personal data, as well as the rights of clients/patients and employees in connection with the processing of personal data.
1. Terms Used
The definitions of terms used in the Policy arise from Article 4 of the Regulation:
1.1. ‘Personal Data’ means any information relating to an identified or identifiable natural person, including, but not limited to: given name, surname, personal ID number, correspondence address, phone number, e-mail address, as well as special categories of personal data — any information concerning a person’s health condition, religious and philosophical beliefs, membership in trade unions, racial or ethnic origin, political opinion, genetic or biometric data, if such are used for identification;
1.2. ‘Controller’ means SIA GenEra, uniform registration No. 40003551431, registered address: 22 Mārupes Street (Mārupes iela), Riga, LV-1002, phone number: +371 26267833, e-mail address: info@genera.lv (hereinafter — ‘GenEra’ or ‘We/Us’);
1.3. ‘Data Subject’ means a natural person who can be identified, directly or indirectly, and whose personal data are processed. For the purposes of this Policy, existing clients/patients and employees who are natural persons and who use GenEra’s services, potential clients, natural persons who have no employment relationship established with GenEra and who are interested in the terms and conditions and/or costs of provision of GenEra’s services, former clients/patients, representatives of clients/patients, including contact persons and legal representatives, position candidates, current and former employees, persons present at the facilities or adjacent areas, users of information systems and the website, owners of immovable properties used for the provision of services, representatives of the owners, natural persons involved in marketing activities (e.g., tenders, campaigns), as well as other natural persons whom GenEra is currently unable to identify (hereinafter all together — ‘You’ or the ‘Client’);
1.4. ‘Recipient of Personal Data’ means a natural or legal person, public authority, agency or another body, to which the personal data are or can be disclosed;
1.5. ‘Data Protection Officer’ means a person whose task is to inform and consult GenEra and its Clients about the compliance with personal data protection requirements. In the event the Client wishes to contact the Data Protection Officer, inter alia, to find out about his/her rights as the Data Subject, he/she can use the address or means of communication indicated in Clause 1.2 hereof.
2. Applicability of the Privacy Policy
2.1. The Policy is applied to ensure the protection of privacy and personal data for:
2.1.1. natural persons — clients, patients and other service recipients, employees, as well as third parties who receive from or provide to GenEra any information (including on contact persons, payers, etc.) in connection with the provision of services to a natural person (patient, client);
2.1.2. visitors of GenEra’s office and other premises, including those subject to video surveillance;
2.1.3. users of the website maintained by GenEra.
2.2. The Policy applies to data processing regardless of the form in which the data are provided and processed.
2.3. GenEra may set additional rules for certain types of data processing, whereof You will be informed when You provide respective data.
3. Purposes (Objectives) of Personal Data Processing
3.1. For ensuring the provision of services:
3.1.1. to provide services to You and ensure the signing of agreements related to the provision of services (e.g., for the identification of Clients, for communication on matters related to the provision of services, for conducting of tests, examinations and diagnostics), the following types of Your personal data will be processed: identification data; contact details; service information; medical information; results of testing, examinations and genetic tests; information regarding the agreement; data of partners’ contact persons and specialists (e.g., data of specialists of medical institutions); health insurance policy (if any) and its number; signature; other non-classified and voluntarily provided data;
3.1.2. for monitoring the settlement of accounts, provision of accounting operations as well as prevention of any potential financial and organisational risks, We will additionally process Your payment information that reflects the services received and payments made for these services;
3.1.3. to enable Us to protect Our infringed legal interests (e.g., when applying to court to collect debts for the services received), in addition to the abovementioned, We will process litigation information;
3.1.4. to ensure the quality of services, for ensuring record-keeping operations, inter alia, for information archiving, as well as for examining Clients’ applications, requests and complaints, and for other type of communication, We will additionally process the information contained in communication materials (e.g., correspondence), video records (person’s image, appearance, behaviour, actions performed), any other information specified by the data subject (You), information regarding the question under consideration and the reply provided;
3.1.5. for the purpose of providing You with important and up-to-date information regarding Our provided services, as well as web page maintenance, We will process information regarding the use of the website, the platform Your device uses to operate and the device language, internet protocol address (if applicable).
3.2. For marketing activities and promoting loyalty:
3.2.1. service popularisation and marketing activities (e.g., Client-targeted third-party advertising, collection of marketing statistics, analytics of service usage habits, etc.) are carried out for the purpose of popularising the services and attracting and retaining clients. Within the framework thereof, We will process the following types of Your personal data (depending on a particular activity): identification information, information regarding communication channels used, information regarding opinion, information regarding the service, information regarding the use of web pages, information contained in communication materials (e.g., correspondence), contact details, social media information, and other non-classified project-specific information;
3.2.2. to ensure that Our messages are interesting and useful to You, We may use information about You that is available to Us. Using the contact details provided by You, We have a possibility of contacting You not only by e-mail or SMS but also by availing of the possibilities of digital marketing, also on other portals, apps or social networks that provide means for Our messages to be shown to You (administration of commercial messages).
3.3. For administrating corporate activities:
3.3.1. to ensure the organisation of seminars and other events (including reception of visitors during events) and their presentation in internal and external communication channels for ensuring publicity, inter alia, in social networks, for the purpose of informing the public about Our activities, ensuring the publicity of the events organised, as well as promoting social responsibility and improving representative relations, We process the following types of Your personal data: identification information, information regarding access to the premises and territory, contact details, photographs, audio records, video records (person’s image [appearance, behaviour, actions]; time, date and place of the record), other non-classified and voluntarily provided data or information, project-specific information;
3.3.2. the organisation and reflection of corporate and team-building events and other events are intended to promote employees’ loyalty, motivation and team cohesion. Within the framework of events, We process the following personal data: identification data, contact details, photographs, audio records, video records (person’s image [appearance, behaviour, actions]; time, date and place of the record), other non-classified and voluntarily provided data or information, project-specific information;
3.3.3. the reflection of corporate events and the preparation and reflection of informative publications on the websites administered by Us, in mass media and social network profiles (e.g., facebook.com, instagram.com, twitter.com, youtube.com) are carried out to popularise the recognisability of GenEra’s brand and offered services, to ensure the informing of the public about GenEra’s commercial activities, as well as to retain information about events in Our archives. When choosing the information for publishing, GenEra always endeavours to ensure that the materials published do not infringe Your rights and freedoms as a data subject. We respect Your right to the inviolability of private life and at the same time are aware that We might not know all the facts and circumstances relating to the possible effects; therefore, to ensure data processing in good faith, You have the right to contact Us and object against the reflection of Your personal data.
3.4. For ensuring security and protection of other legal interests:
3.4.1. to avoid security risks that can cause harm to both Our premises, employees and visitors and to the information at Our disposal by compromising it, We ensure the regular supervision and monitoring of what is taking place in the premises and territories by using the created access mode as well as the information in video surveillance records. Likewise, We regularly monitor the information technology infrastructure, saving information regarding the cases when any party or person has connected to Our systems and infrastructure or attempted to do so. Within the framework thereof, the following personal data might be processed: identification data and position, information regarding access to the premises and territory, contact details,video records (person’s image [appearance, behaviour, actions]), litigation information, other information related to a particular case;
3.4.2. for the purpose of protecting the security and other legal interests of GenEra, its Clients and employees, We maintain the audit trail of information systems, prevent and investigate information technology security incidents (e.g., unauthorised external access) as well as any other malicious activities in the information systems, websites or apps (e.g., DDoS attack), breaches of personal data processing (e.g., unlawful access to premises), provide information to authorities and other persons (e.g., police). Within the framework thereof, the following (but not exclusively) personal data might be processed: information regarding authentication and access to the systems and their use, information regarding access to the premises and territory, information necessary for fulfilling job duties and exercising the company’s legitimate interests, information contained in communication materials (e.g., correspondence), social media information and opinions expressed therein, other non-classified and voluntarily provided data, or information provided by a data subject in an application, request, complaint or proposal.
3.5. For ensuring the employee recruitment process:
3.5.1. when You apply for a job at GenEra, We have a legitimate interest to process all the information You will have included in Your CV and application letter, examining the information specified therein, organising the job negotiation procedure, conducting the negotiations and provisioning an evidence that the respective process will have been conducted in a lawful manner. In the event of disputes, the information obtained during the recruitment process may be used to demonstrate that it has been conducted in a lawful manner;
3.5.2. in the event You are invited to a job interview, We will process the information provided during the interview, the tests completed or other test works and data obtained as the result of assessments. If a job interview takes place using means of online communication, Your audio and/or video record might be additionally processed;
3.5.3. if You are assigned to undergo a health check in accordance with the provisions of Article 36 of the Labour Law, We will process the information obtained during the health check to gain assurance that You have no impediments for taking the respective position;
3.5.4. We will process the information related to the organisation of the recruitment process (e.g., information as to whether We have contacted You; notes on the time and progress of a possible meeting).
3.6. For establishing and implementing employment relationships:
3.6.1. to enter into an employment contract with You, it is necessary to process the following types of Your personal data: identification data (given name, surname, personal ID number, contact details [address, e-mail address, phone number]), information regarding remuneration and education, and other special terms and conditions, if any, that regulate our relationship and are reflected in the employment contract. To check Your identity, We will request producing a personal identification document (passport or ID);
3.6.2. for the purpose of calculating and paying You remuneration, We will process the following types of Your personal data: given name, surname, personal ID number; bank details and account number; information regarding absence; tax privileges, if any; information regarding business trips, their duration, additional payments due; information regarding the amount and types of taxes calculated;
3.6.3. for the purpose of providing You with a safe and healthy work environment in accordance with statutory requirements, We will send You to mandatory health checks and process the information included in the mandatory health check form. For the said purpose, the following types of Your personal data will be processed: given name, surname, personal ID number, specified risk factor, information provided by the occupational physician regarding conditions to enable You to perform job duties;
3.6.4. to enable Us to fulfil statutory requirements regarding employee training for ensuring safe and harmless work conditions, We will carry out briefings (e.g., on labour protection and fire safety) during which the following types of Your personal data might be processed: given name, surname and other identification information; position held; as well as information regarding briefings attended;
3.6.5. for the purpose of providing You with harmless work conditions, it may be necessary to investigate accidents at work, processing the following types of Your data: given name, surname, personal ID number, residence address, length of service, position, contact details (phone, e-mail), information regarding the circumstances of the accident that has occurred, the degree of seriousness of an injury, and other information that might be necessary to properly investigate the accident concerned, including information in video surveillance records and photographs;
3.6.6. as part of Your job duties, You might need to go on business trips. In such case, to organise a business trip (to order air tickets, to book accommodation, etc.), the following types of Your personal data might be processed: given name, surname, personal ID number, contact details, data of personal identification documents;
3.6.7. to assess Your performance and individual work results, We might process Your personal data, including, but not limited to: given name, surname, position; information regarding the quantitative, efficiency and qualitative indicators of work performance, competences and skills, training needs; and information regarding Your interaction with colleagues and clients;
3.6.8. after entering into an employment contract, for the purpose of ensuring access to IT resources, a user profile will be set up for You in the information systems, creating an e-mail address and user password, and information regarding the authentication tool used will be recorded. During performance of Your daily job duties, We will obtain information reflecting how You use GenEra’s information systems, which actions and at what times You performed on the resources assigned to You. In the event You connect to information systems using remote work tools, information about the device you use and the internet protocol (IP) address will be processed;
3.6.9. It might be necessary to process Your personal data, inter alia, transferring them to third parties to ensure the economic activities of GenEra. For instance, a power of attorney might be drawn up, which will specify Your given name, surname, personal ID number; likewise, documents certifying Your professional activity might be submitted to third parties. Your given name, surname and contact details might be specified in both correspondence with other natural or legal persons and cooperation agreements, if You are specified as a contact person, or posted on the controller’s website.
3.7. For observing statutory requirements or exercising GenEra’s rights in accordance with laws and regulations:
3.7.1. for providing information to state and local government control and pre-trial investigation authorities, other state and local government bodies within their competence (e.g., police or archives);
3.7.2. for requesting information from state institutions or other authorised persons regarding the Client in instances where it is allowed by a law or regulation.
4. Legal Grounds for Processing
4.1. an agreement has been or will be entered into by and between You and GenEra (e.g., employment contract or service agreement). In such case, We will process Your personal data if such are necessary for performance of the agreement or activities at Your request prior to entering into the agreement. In the event You fail to provide personal data required for entering into and/or performance of the agreement, We will not be able to enter into and/or perform the agreement;
4.2. the processing of Your personal data is required to observe the statutory legal obligations applicable to GenEra. We are obliged, in cases determined in laws and regulations, to ensure the provision of Your information to state institutions and information systems they maintain (e.g., to observe accounting document management obligations, as well as to archive documents, to inform about the commencement of employment relationship);
4.3. the processing of personal data is required for observing the legitimate (lawful) interests of GenEra or a third party. Legitimate interests are rights, the exercising of which is permissible in accordance with laws and regulations, inter alia, arising from the agreement entered into by and between You and GenEra (e.g., to prevent potential financial and organisational risks, to provide evidence of the lawfulness of personnel recruitment process);
4.4. You have given Your consent to the processing of Your personal data, inter alia, in writing, electronically, as well as by telephone or using other solutions (e.g., with regard to participation in surveys, the use of personal data collected via cookies);
4.5. the processing of personal data is necessary, so that GenEra could fulfil the duty in the public interest.
5. Term of Personal Data Processing
5.1. Your personal data are processed for a period necessary to achieve the purposes of personal data processing specified in Clause 3 hereof, inter alia, to fulfil the duties stipulated in laws and regulations, e.g.:
5.1.1. We will store National Health Service (NHS) referrals and paid test referrals for 3 years;
5.1.2. We will store paternity and kinship testing requests for 10 years after the issuance of results;
5.1.3. We will store NIPT referrals and referrals of the Rare Disease Coordination Centre for 40 years;
5.1.4. We will store issued testing reports in paper form for 6 moths;
5.1.5. We will store medical test reports in paper and/or electronic form for 40 years;
5.1.6. We will store the information provided by job applicants for 6 months or, if a complaint is received regarding a particular recruitment process, until the examination of the complaint and its full settlement, or, if personal data processing is based on a consent, until the withdrawal of the consent;
5.1.7. employment contracts will be stored for 90 years from the person’s date of birth;
5.1.8. information regarding mandatory health checks (MHCs) will be stored for 10 years;
5.1.9. We will store information regarding invoices issued and payment-related information for at least 5 years, observing the provisions of the Accounting Law;
5.1.10. We will store video surveillance records for up to 21 days;
5.1.11. for the period of effectiveness of Your consent to the processing of personal data, e.g., to marketing activities or processing of cookies;
5.1.12. if a complaint is received or the Controller’s legal interest is infringed (e.g., there is a dispute regarding the scope of services received), the respective information might be retained until the issue is settled (e.g., until the entry into force of the final court ruling).
6. Processing of Personal Data Via Cookies
To improve the functionality of GenEra’s web pages and adapt it to Your usage habits, as well as to obtain statistics on performed activities, to ensure customised user experience and to inform about current affairs, GenEra’s website processes cookies. Necessary or functional cookies are processed for the purpose of observing GenEra’s legitimate interests, whereas statistical and marketing cookies are processed if You have given Your consent to the processing of these cookies. With regard to the processing of personal data via cookies, detailed information is available in the Cookies Policy web page of GenEra.
7. Disclosure of Personal Data Outside the European Union
7.1. In certain cases, GenEra might transfer Your personal data outside the European Union (e.g., if online communication tools such as WhatsApp, Zoom or other are used) or to data storage solutions that provide services outside the European Union, or by involving third parties that help GenEra to perform the economic activities referred to in the Policy and are located outside the European Union (e.g., other testing laboratories). For the purposes of statistics and marketing, GenEra might use also third-party (e.g., Google, Facebook) cookies whose information might be sent and stored outside the European Union.
7.2. In each particular case, GenEra chooses special personal data protection guarantees stipulated in the Regulation (e.g., standard clauses on the recipient of personal data or use of exceptions as the necessity of fulfilling the agreement signed, or Your consent to data processing).
8. Processing and Protection of Personal Data
8.1. We understand that, in providing Our services, We process health and genetic data that are deemed the special categories of personal data in the meaning of the Regulation.
8.2. GenEra processes and protects personal data using present-day technology solutions, taking into account existing privacy risks and reasonably available organisational, financial and technical resources, inter alia, implementing administrative and physical security measures, in so far as they are commensurate with possible risks.
8.3. GenEra ensures that access to personal data is given only to persons who need this for performance of their job duties and only to the extent needed. Persons provided with access to health and genetic data have signed confidentiality agreements and undertaken to observe the requirements of personal data protection in their activities.
8.4. GenEra implements measures for the regular training and informing of its employees about personal data protection matters to reduce the probability of occurrence of incidents.
8.5. GenEra implements internal control procedures that help reduce the probability of occurrence of security incidents and their consequences.
8.6. For the purposes of ensuring the performance of obligations under signed agreements in high quality and in a timely manner, GenEra might authorise its partners to carry out certain activities related to the provision of services (e.g., employee health insurance services, sending of invoices). If, in performing these tasks, partners process the personal data at the disposal of GenEra, the respective partners are deemed to be the processors of personal data and GenEra is entitled to transfer the personal data required for these activities to partners in the scope necessary for the performance of the activities concerned.
8.7. GenEra ensures the careful selection of service providers and requests the use of appropriate means to protect the confidentiality of personal data and ensure the security of information and its use.
8.8. GenEra’s partners with the status of the processor of personal data ensure the observance of personal data processing and protection requirements in accordance with laws and regulations and refrain from using personal data for purposes other than the fulfilment of the signed agreements on behalf of GenEra.
9. Who Will Receive Your Personal Data
9.1. Your personal data will be processed by the authorised employees of GenEra to the extent determined in their job duties, observing personal data protection requirements and other statutory requirements, as well as personal data processing requirements determined in GenEra’s internal regulatory documents.
9.2. We might transfer Your personal data to the following recipients of personal data, unless this contradicts the applicable laws and regulations (e.g., transfer personal data to processors [partners providing support to GenEra in the provision of services] with whom an agreement compliant with the requirements set forth in the Regulation is signed):
9.2.1. medical treatment institutions and physicians for implementing the client’s/patient’s diagnostic and treatment process;
9.2.2. a court for ensuring the execution of the duties (paternity test) determined in its ruling;
9.2.3. the National Health Service in accordance with an agreement signed and for fulfilling statutory obligations;
9.2.4. state and local government institutions, law enforcement authorities, courts (e.g., State Revenue Service, State Social Insurance Agency for fulfilling statutory obligations, etc.);
9.2.5. academics and study centres for the purposes of ensuring the further education of employees;
9.2.6. partners, economic operators, with whom GenEra has entered into cooperation agreements and shares mutual obligations. For instance, for providing services, ensuring delivery (including the delivery of parcels and agreements, etc., inter alia, couriers, post, business trips, etc.), controlling the quality of services (including survey performers, etc.), ensuring management (partners for managing and ensuring organisational, financial management and accounting processes, inter alia, auditors, inspectors, event organisers, etc.);
9.2.7. supervisory authorities (e.g., accreditation institutions, law enforcement authorities and rescue services) in accordance with laws and regulations;
9.2.8. information system consultants;
9.2.9. providers of advertising and marketing services, event organisers;
9.2.10. providers of legal services;
9.2.11. providers of real estate maintenance and management services;
9.2.12. providers of economic activity provision services;
9.2.13. providers of printing services;
9.2.14. providers of extrajudicial debt recovery services;
9.2.15. providers of security and safety services;
9.2.16. providers of insurance services;
9.2.17. providers of postal and delivery services;
9.2.18. providers of audit and inspection services;
9.2.19. banks and other providers of payment and financial services;
9.2.20. cookie administrators;
9.2.21. operators of online communication channels and service providers;
9.2.22. verifiers of secure electronic signatures.
9.3. GenEra ensures that the personal data at its disposal are issued only to the data subject him-/herself. Data are issued to third parties, including persons related to the data subject, only when a written consent has been received from the data subject or there is a case determined by laws and regulations when such transfer of data is permitted.
9.4. GenEra does not transfer data in instances where it cannot check the identity of the data subject or there are suspicions that the identity specified by the data subject does not match his/her actual identity.
9.5. In instances where data are sent via e-mail, GenEra ensures that this is done only after a consent has been received from the data subject, either in writing or verbally (with an employee recording the said fact), specifying the e-mail address to which he/she wishes the data to be sent.
9.6. When sending data via e-mail or other online data exchange solutions, GenEra implements measures for protecting the respective data, applying the data access protection or encryption methods.
9.7. We can receive information about You from third parties, such as:
9.7.1. courts, receiving a request to carry out an expert examination;
9.7.2. medical institutions or medical practitioners, receiving a sample of tissue with a referral;
9.7.3. partners that help Us to receive payments from You;
9.7.4. other medical treatment institutions and specialists.
10. Data Subject’s (Your) Rights
You as a data subject have the following rights with regard to the processing of Your personal data:
10.1. Right of access:
10.1.1. to access Your personal data and receive information from GenEra regarding the processing of Your personal data. If You consider the information provided in this Policy as insufficiently exhaustive, then, using the contact details indicated in Clause 1.2 hereof, You may request to provide information regarding the purposes of processing Your personal data, the type of personal data and categories of recipients, retention term of personal data, Your rights with regard to data processing and the source of receipt of personal data;
10.1.2. to receive a free copy of Your personal data processed by GenEra. If copy requests are obviously unjustified or incommensurate, especially due to the regular recurrence, GenEra may determine a reasonable fee substantiated by administrative expenses or refuse fulfilment of the request.
10.2. Right to rectification: if You notice inaccuracies in Your personal data, You have the right to demand GenEra to rectify the inaccurate data.
10.3. Right to erasure: You have the right to demand GenEra to erase your personal data if:
10.3.1. the personal data are no longer necessary for achieving the purposes specified in this Policy;
10.3.2. You withdraw Your consent on which the processing of personal data was based;
10.3.3. You object to the processing pursuant to Article 21(1) of the Regulation and GenEra does not indicate legitimate grounds for the processing overriding the data subject’s interests, rights and freedoms;
10.3.4. the personal data have been unlawfully processed;
10.3.5. the personal data have to be erased for compliance with statutory requirements.
In certain cases, GenEra will be unable to fulfil Your request to erase personal data. This applies to cases where, in accordance with laws and regulations, GenEra is obliged to process Your personal data (e.g., for accounting purposes and to save information regarding the remuneration calculated for You). Likewise, the erasure of data is impossible if processing is required to fulfil the task in the interests of the public, inter alia, in the field of public health, for the purposes of archiving or statistics, as well as to establish, exercise or defend legal claims, as well as, if the rectification or erasure of personal data is impossible, to avoid affecting the integrity of records. Namely, in the said instances, the right to demand the erasure of own personal data is restricted.
10.4. Right to restriction of personal data processing: You have the right to demand GenEra to restrict the processing of Your personal data if:
10.4.1. You deem that the data being processed are inaccurate (while GenEra verifies their accuracy);
10.4.2. You deem that the processing is unlawful but do not wish erasure of these personal data;
10.4.3. GenEra no longer needs your data to achieve the specified purpose, but You need them for the establishment, exercise or defence of legal claims;
10.4.4. You have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of GenEra override those of the data subject.
10.5. Right to object against processing: You have the right to object at any time against the processing of Your personal data, which GenEra has based on Article 6(1)(f) of the Regulation, i.e., legitimate interest. GenEra has the right to continue processing Your personal data if it demonstrates compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
10.6. Right to withdraw consent: in instances where You have given Your consent to the processing of certain personal data, You have the right to withdraw it at any time; however, such withdrawal of consent does not affect the legality of the processing based on the consent prior to the withdrawal. To withdraw Your consent, You can use the contact details indicated in Clause 1.2 of the Policy.
10.7. Right to data portability: You have the right to receive Your personal data, which You have provided to GenEra, in a structured, commonly used and machine-readable format (processed electronically or in information systems) and have the right to request to transmit those data to another controller (service provider) if such data are processed based on an agreement or consent. The right to portability applies only to data which You as a data subject have provided to Us.
10.8. Right to lodge a complaint: You have the right to lodge a complaint to GenEra, as well as to the Data State Inspectorate, if You consider that GenEra has infringed Your right or has failed to protect duly Your personal data. However, prior to contacting the Data State Inspectorate, We ask You to contact Us or the Data Protection Officer to find a solution if Your right to personal data protection has been infringed.
11. Request Submission Procedure
11.1. For exercising all the rights referred to in the previous clause, You can use GenEra’s contact details indicated herein, specifying the following types of Your personal data in the request: given name, surname, personal ID number, postal address (if You wish to receive a reply in a registered letter) or e-mail address (if You wish to receive a reply to the e-mail address from which You sent Your request).
11.2. We advise to submit the request in one of the following ways:
11.2.1. sending a free-form application by e-mail, signing the e-mail letter with a secure electronic signature;
11.2.2. sending by post a free-form application containing Your signature;
11.2.3. submitting a free-form application containing Your signature in person at GenEra’s address.
12. Miscellaneous Provisions
GenEra may amend the Policy, posting the information about amendments on its website.
Do you have questions about testing opportunities?
Ask us!