Privacy policy

LAST UPDATED: 20/08/2024

DETAILS OF THE DATA CONTROLLER

Company name: Sabartech S.L. (hereinafter Sabartech)

TAX ID: B98812407

Address: Parque Científico Universidad de Valencia_ Calle Catedrático Agustín Escardino 9_ Edificio 3_ 46980 – Paterna (Valencia)

E-mail: info@sabartech.com

Email of our Data Protection Delegate: pilar.martin@sabartech.com

PRIVACY AND SECURITY POLICY

At Sabartech we are aware of the importance of information protection for our customers, and we have therefore adopted and undertake to continue to adopt a series of essential measures to establish a policy of privacy and confidentiality protection for the customer data that we receive, store, or process.

Our aim is to ensure that the confidentiality and privacy of all information collected and processed from our customers are fully respected in accordance with legal requirements.

Therefore, Sabartech does not sell or rent information about its customers, nor does it provide information about them to third parties who are not contractually related, unless you have consented to this operation in accordance with the provisions of this policy, it is required by law or it is necessary for the provision of the service by Sabartech.

Below, we explain how we process this data:

APPLICABLE REGULATIONS

The Privacy Policy has been designed in accordance with the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 5/46 EC (General Data Protection Regulation), and insofar as it does not contradict the aforementioned Regulation, by the provisions of Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantees of digital rights.

By providing us with your data, you declare that you have read and are aware of this Privacy Policy, giving your unequivocal and express consent to the processing of your personal data in accordance with the purposes and terms expressed herein.

Sabartech may modify this privacy policy in order to adapt it to new legislation, jurisprudence or the interpretation of the Spanish Data Protection Agency. These privacy conditions may be complemented by the Legal Notice, Cookies Policy, and the General Conditions which, where appropriate, are included for certain products or services if such access involves any specialty in the matter of personal data protection.

HOW DID WE OBTAIN YOUR DATA?

The personal data we process comes from the data subject or from an authorized third party. The data marked with an asterisk in the web forms are mandatory in order to provide the requested service.

WHAT DATA DO WE PROCESS?

The categories of data that we may process in the provision of our services are, by way of example but not limited to:

Identification data: name and surname, personal and/or delivery address, contact telephone number, contact email address.
Personal characteristics data: gender, ancestry, date of birth, height, weight, degree of physical activity.
Economic data: related to electronic payment processes and validation of the same.
Sensitive category data: genetic data and racial origin data (the latter for the purposes of previously anonymized population, demographic, or statistical research studies).

PURPOSE OF THE PROCESSING OF PERSONAL DATA

The most important purpose of collecting and storing information about our customers is to ensure the efficiency, safety, and speed of the services and/or products contracted. Sabartech will use the information collected to contractually comply with the contracted services and may use part of it for communications with customers and thus provide improved services and better care in our ability to information on our current and future services.

The personal data are obtained directly, by means of e-mail or forms through which you provide us with your data and consent to their processing.

When contracting a test with Sabartech, the genetic test to be carried out consists of the study of the information contained in the DNA extracted from a sample of blood, saliva, or buccal scraping to determine certain genetic variations. The identification of these genetic variations can help to adopt the personalised measures that are most effective in each individual case.

The purpose of the collection and processing is therefore:

The execution and maintenance of any contractual relations that Sabartech may maintain with its users and customers, for the services that the latter has contracted with Sabartech.
The execution, management, administration, extension and improvement of the services requested or used by users and customers.
The sending of general, technical, operational, advertising, and promotional information about our products or services through the different means of contact requested in the registration forms.
To carry out internal marketing studies in order to improve our services, including the sending of e-mails and opinion forms that the user is not obliged to answer.
The creation of new products and services by the company. This processing would always be carried out on the basis of anonymized data, that is to say, eliminating any reference to the identity of the individual, not being identifiable.
The performance of research studies (population, demographic or statistical) always using anonymized data. Anonymisation is the breaking of the chain of identification of individuals, in such a way that they cannot be associated in any way with the person who owns their data.

There is no processing based on profiling and automated decision-making based on the characteristics of these profiles.

DATA RETENTION PERIOD

We will retain your personal data for a minimum period of five years from the date on which it was collected, after which the data subject may request that it be deleted. If you do not express this right, Sabartech will anonymize the data.

LEGITIMACY AND DATA COLLECTED

The legitimacy for the processing of your data is:

Consent of the data subject
Execution of a contract, whereby the data subject requests Sabartech to perform certain services, which are contractually binding and subject to rights, obligations, and responsibilities on both sides.
Fulfillment of legal obligations. By way of example and without limitation in the commercial sphere: General Tax Law, Corporate Tax Law, Account Auditing Law, Value Added Tax Law, Civil Code, Commercial Code. By way of example and without limitation, in the field of health and genetics: Law on Biomedical Research, Law on Assisted Human Reproduction Techniques, Law establishing the legal regime for the contained use, voluntary release and commercialization of genetically modified organisms.

CONSENT TO THE PROCESSING OF YOUR DATA

By filling in the forms, ticking the box “I accept the Privacy Policy” and clicking to send the data, or by sending e-mails to Sabartech through the accounts set up for this purpose, the User declares to have read and expressly accepted this privacy policy, and gives his unequivocal and express consent to the processing of his personal data in accordance with the purposes informed.

OBLIGATORY DATA, WHAT HAPPENS IF I DO NOT PROVIDE THEM?

Mandatory data will be distinguished in the information collection forms. If you decide not to provide us with any of the data considered obligatory, we will not be able to comply with the intended purpose and the processing of the data or the provision of the corresponding service will not be carried out.

You guarantee that the Personal Data you provide us with are true and correct, and you will be responsible for notifying us of any changes to them. In the event that the data provided belong to a third party, the User guarantees that he/she has informed said third party of the aspects contained in this document and obtained their authorization to provide their data. In the case of tests of minors, express authorization to this effect must be sent by the parents or legal guardians. The authorization will be available for download when you select the test option for a minor.

SECURITY MEASURES

As part of our commitment to guarantee the security and confidentiality of your personal data, we inform you that we have adopted the necessary technical and organizational measures to guarantee the security of your personal data and to avoid its alteration, loss, unauthorized processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.

In services where customers or users enter personal data, in order to guarantee security and confidentiality in transactions, the prior identification and authentication of the user in the system through the request for access codes is necessary. In those cases in which the user requests information about Sabartech services, either by sending forms on the Sabartech web pages or by e-mail, it will, in any case, be necessary to collect the personal data that are essential to be able to inform you about your request.

We are aware of the need to guarantee the transit of information between Sabartech and its customers, which is why at least the transactional parts of our websites work with the SSL (Secure Socket Layer) protocol. This security and encryption protocol protects the data in transit from the browser to our servers, ensuring that the information is only intelligible to the customer’s computer and our server.

Notwithstanding the foregoing, the User should be aware that security measures on the Internet are not insurmountable.

You can obtain more information about the security measures we apply by contacting our Data Protection Officer through the channels indicated at the beginning of this Privacy Policy in the section on identification of the data controller.

TRANSFER OF DATA

The user knows and accepts that their data will be communicated in all those cases in which it is necessary for the development, compliance, and control of the services requested or contracted, or by legally required obligations to Sabartech, not being in any case transferred in other cases to third parties without prior authorization of the person concerned.

The assignees of the data may be the State Tax Administration Agency, Banking and Financial Institutions, and other Public Administrations with competence in the matter (fiscal, tax, mercantile or accounting, as appropriate). Similarly, and in the field of health, data referring to genetic tests may be communicated to the Ministry of Health, Biomedical Research Committees, or Ethics Committees, as fundamental instruments for the evaluation and monitoring of research projects, when so required. Personal data may also be disclosed for the purpose of complying with a legal obligation or for the performance of a task carried out in the public interest (Recital 10 RGPD). They may also be disclosed to judges or courts in the exercise of their powers when Sabartech is legally required to do so.

The user knows and accepts that their personal data may be provided to third parties when necessary to fulfill the purposes of the processing, respecting in all cases the security measures required by current legislation on the protection of personal data, as well as the general quality and privacy policies of Sabartech. Certain services are outsourced by Sabartech to suppliers (logistics, genetic analysis, or technological infrastructure for the provision of services) and the corresponding data access contracts have been formalized with all of them in accordance with current data protection legislation.

With the exception of the provisions contained in the previous paragraph, Sabartech will not communicate the User’s data to third parties beyond those required by current data protection regulations and their implementing provisions, other than those made to the competent authorities when required to do so.

Finally, Sabartech informs that in general no transfers or communications of data outside the European Economic Area are foreseen and, in the event that they should occur in the future, the appropriate legal guarantees will be adopted for the legitimate transfer of such data in accordance with the regulations in force.

USER RIGHTS

According to the General Data Protection Regulation, you have the following rights:

– Access, the right to request information from the controller of a file as to whether their personal data is being processed.

– Rectification, the right that allows the data subject to request the modification of data that are inaccurate or incomplete.

– Opposition, the right of an individual to object to the processing of his or her personal data or the cessation of such processing.

– Automated individual decisions, the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or similarly significantly affects him or her.

– Limitation, the right to suspend the processing of the user’s personal data in certain cases.

– Erasure or Oblivion, the right to the erasure of the data subject’s personal data.

– Portability, the right to request the controller to provide personal data in a structured and clear format to another controller.

HOW CAN I EXERCISE MY RIGHTS?

The interested party may exercise their data protection rights by e-mail at info@sabartech.com. You may be asked to provide documentation proving the identity of the applicant (copy of the front of the National Identity Card, or equivalent). The maximum response period will be 30 days from receipt, which may be extended for a maximum of 2 months if necessary. In any case, you may request the protection of the Spanish Data Protection Agency via its website.

ARE PERSONAL DATA PROCESSED THROUGH COOKIES?

The use and browsing of our website allows the installation of cookies. The acceptance or rejection of cookies, their configuration, as well as their details, is described in our Cookies Policy.

Likewise, and in accordance with the provisions of Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce, in the event that you do not wish to receive electronic commercial communications in the future, you may express this wish by sending an e-mail to info@sabartech.com, which will appear as a means of cancellation or unsubscription at the bottom of all our commercial communications.

CAN DATA OF MINORS BE PROCESSED?

In Spain, the consent of parents or legal guardians is required for the processing of data of children under 14 years of age. In the case of requesting a genetic test for a minor, an express authorization to this effect must be provided by the parents or legal guardians, as part of the service request process.

SOCIAL NETWORKS

The profiles on social networks that Sabartech has will not entail any processing of data beyond that which the social network itself allows for corporate profiles. Sabartech may use these profiles to inform the users of each social network subscribed to the Sabartech profile about its activities, events, seminars, offers, promotions, or news on its products or services, as well as to share information of interest on the usual topics of Sabartech. Sabartech will not extract any data directly from the social network.

LINKS TO OTHER WEBSITES

Sabartech provides links to other websites that we believe may be useful to users. The terms and conditions of this privacy and confidentiality policy do not apply to such links, and the inclusion of such links does not imply any obligation on the part of Sabartech to access the services advertised or sold therein.

An IP address is an identifier given by an Internet Service Provider (ISP) to a computer that connects to the Internet. Sabartech receives information about the IP addresses of visitors to its website, as browsers report it automatically each time they open a web page. This IP address information enables Sabartech to administer its systems, monitor and improve security, troubleshoot problems, optimize service and perform statistical traffic analysis.