Scroll Top

GDPR

Please read the following information regarding the processing of your personal data. Data prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation data) (hereinafter referred to as "GDPR") and in accordance with Act no. 18/2018 Coll. on the protection of personal data and on the amendment of certain laws (hereinafter referred to as "the law"). When processing your personal data, you are in the position of the affected person.

Identification of the operator

The company APROCON s.r.o., with registered office: Landererova 1, 811 09 Bratislava, ID number: 36 704 407, registered in the commercial register of the District Court Bratislava I, Department: Sro, Insert number: 43306/B   

Contact details of the operator: phone no. 0904 590 590, e-mail: support@dna4fit.sk

In case of any questions, or if you want to exercise your rights in connection with the processing of your personal data, please contact the operator via the above-mentioned e-mail. You can also exercise your rights in writing by delivering it to the address of the operator's registered office.

 

 

  1. Where and what kind of personal data do we obtain?

We obtain personal data directly from you, for example when filling out the contact form on the operator's website www.dna4fit.com, when registering a user account or when concluding a contract and also on the website for registering a subscription kit www.my.dna4fit.com,.

 

What personal data do we obtain from you?

 

  • Account information
  • Your name and surname
  • E-mail adress
  • The password you enter when you create your account
  • Your billing and shipping address(es) in case of purchase

 

  • Information about activating a DNA assembly

When activating a DNA assembly, we collect:

  • DNA test kit code
  • Name surname
  • Address
  • E-mail
  • Telephone number
  • Gender
  • Year of birth
  • Height
  • Weight
  • Genetic information

We obtain DNA from your saliva after you send it to us in the test tube supplied with the DNA testing kit.

We will convert your DNA into a machine-readable code ("DNA data") that is used to provide your genetic information.

A note about your saliva and DNA: After our partner generates DNA data, the DNA and saliva (hereafter referred to as "biological samples") stored with that partner will be destroyed after a period of 90 days. 

 

  • Additional information about the user

Information you provide to us when you respond to an email survey or online questionnaires offered as part of our services.

 

  • Your communication

Information that you provide to us as part of your communication with us.

 

  • Competitions and promotion

Personal data that you provide to us during your voluntary participation in competitions and special promotions organized within the services.

 

What information do we collect when you use our services?

 

  • Computer and mobile device information

Information about how you gain access to our services, defined in the rules for the use of cookies.

 

  • Information obtained using cookies and other technologies

Cookies and similar technologies described in the rules for the use of cookies. If you want to get more information about our practices and options for managing them, read our policy for the use of cookies.

 

  • Information shared through social media tools

If you engage in interaction with the Services through social media, e.g. by using "Like" or "Follow us" links on sites such as Facebook, Twitter, Instagram and YouTube, we will record these interactions and collect information that these services provide to us. Your interactions with these elements are governed by the privacy statement of the applicable third party.

 

  • Information about your use of services

Information about your use of the Services, such as when you access your profile and related services. 

 

  1. For what purposes do we process your personal data and what is the legal basis for their processing?
  2. a) The processing of your personal data is necessary for the performance of the contract to which you are a party, or it is necessary for measures to be taken based on your request before the conclusion of the contract (Article 6 paragraph 1 letter b) GDPR)
    • for the purpose of registering your user account on our website dna4fit.com and website for subscription kit registration www.my.dna4fit.com

In this case, the processing is necessary in order to take measures based on your request before concluding the contract (pre-contractual relations) and the processing is also necessary for the performance of the contract to which the person concerned is a party.

    • for the purpose of implementing existing contractual relationships with customers, j. for the purpose of providing services based on the contract concluded with you as a customer, including records of existing contractual relationships (contracts, orders) with customers

This purpose includes activities related to the fulfillment of the operator's obligations from the contract that we concluded with you as our customer, as well as administrative actions related to the concluded contract, e.g. monitoring of agreed dates. At the same time, in connection with the conclusion of the contract for the supply of our services, we keep records of existing contracts with customers.

In this case, the processing is necessary for the performance of the contract to which the affected person is a party.

 

  1. b) Processing of personal data based on the legitimate interest of the operator (Article 6(1)(f) GDPR)
    • for the purpose of ensuring network security and information security

In this case, the legal basis for the processing of your personal data located in electronic form in the operator's information systems is the operator's legitimate interest in preventing unauthorized access to electronic communication networks, preventing damage to computer and electronic communication systems, and protecting data located in the operator's IT technologies and systems.

    • for the purpose of keeping an agenda related to ongoing disputes and executions and an agenda for the recovery of receivables and other claims of the operator within the framework of judicial, extrajudicial, execution or bankruptcy proceedings, including legal representation in these proceedings

In the event that we process your personal data for this purpose, the legal basis for the processing is the legitimate interest of the operator, namely the exercise or defense of the operator's legal claims, the prevention of damages and the fulfillment of claims and other legal claims of the operator. Within this purpose, the operator may provide personal data to a lawyer who processes personal data of clients and other natural persons to the extent necessary for the purpose of practicing law.

    • for the purpose of legal representation (outside of proceedings)

In the event that we process your personal data for this purpose, it involves the use of legal services of lawyers in the form of commenting on contracts and their amendments (including attachments) concluded with the persons concerned or participation in meetings and other communication with the persons concerned. Within this purpose, the operator provides personal data to the lawyer, who processes personal data of clients and other natural persons to the extent necessary for the purposes of practicing law in accordance with Act no. 586/2003 Coll. on Advocacy and on Amendments to Act No. 455/1991 Coll. on trade entrepreneurship (Trade Act) as amended and GDPR.

In this case, we provide your personal data to the lawyer on the basis of our legitimate interest: to validly enter into contractual relations by complying with the statutory requirements of concluded contracts and to prevent potential damages by using professional legal services.

    • for direct marketing purposes

If you are already our customer, we will send you e-mail messages with the presentation of our products and services. For this purpose, your personal data is processed on the legal basis of the operator's legitimate interest in presenting customers with news in the area of products and services provided by us. E-mail messages will be sent to you in accordance with Act No. 147/2001 Coll. on advertising and with Act no. 351/2011 Coll. on electronic communications.

As a data subject, you have, in accordance with Art. 21 par. 2 GDPR the right to object at any time to the processing of your personal data for the purposes of such marketing, including profiling to the extent related to this direct marketing. If the data subject objects to processing for direct marketing purposes, personal data may no longer be processed for such purposes.

    • for the purpose of business communication with customers and suppliers

In this case, the legal basis for processing your personal data is the legitimate interest of the operator. This legitimate interest of the operator is the necessity of communication with customers and suppliers when carrying out the operator's business activities. 

    • for the purposes of concluding contracts

We have a legitimate interest in processing the contact personal data of the person authorized to act on behalf of the contractual partner (customer), as well as the contact personal data of the employee of the contractual partner, which are stated in the contracts that we conclude as part of supplier-customer relations (or in drafts of these contracts).

We process the data of these affected persons for these purposes based on the legitimate interest of the operator to ensure the valid conclusion of contracts and their effective performance.

The person concerned has the right at any time to object for reasons related to her specific situation against the processing of her personal data in the case, if the processing takes place on the legal basis of legitimate interests or according to Art. 6 par. 1 letter f) GDPR (processing is necessary for the purposes of legitimate interests pursued by the operator) including objection to profiling based on the stated interests, under the conditions specified in Art. 21 GDPR. Operator in this case, it may not process personal data further, unless he demonstrates necessary legitimate reasons that outweigh the interests, rights and freedoms of the person concerned, or reasons for demonstrating, exercising or defending legal claims.

 

  1. c) Processing of personal data based on the fulfillment of a legal obligation (Article 6, paragraph 1, letter c) GDPR)
    • for the purpose of accounting, processing of accounting and tax documents, invoicing and cash register records

Processing for this purpose is necessary for the fulfillment of the legal obligations of the operator, especially in accordance with Act no. 431/2002 Coll. on accounting, Act no. 222/2004 Coll. on value added tax, Act no. 595/2003 Coll. on income tax.

    • for the purpose of fulfilling obligations in the field of consumer protection

Processing for this purpose is necessary for the fulfillment of the legal obligations of the operator, especially in accordance with Act no. 250/2007 Coll. on consumer protection and on the amendment of Act of the Slovak National Council no. 372/1990 Coll. on offenses as amended, especially in relation to the handling of complaints.   

    • for the purpose of processing the rights of the affected persons

For this purpose, your personal data is processed on a legal basis: the processing is necessary for the fulfillment of the legal obligations of the operator according to the legal regulations on the protection of personal data (GDPR), which the operator has in connection with the exercise of the rights of the persons concerned pursuant to Art. 15 to 22 GDPR.

    • for the purpose of properly identifying the disputing party/debtor in the execution proposal

If we process your personal data for this purpose, we do so for the reason that it is our legal obligation to properly mark (identify) the person of the debtor in the application for enforcement (especially the Civil Code, Enforcement Procedure) as well as to properly identify the person of the plaintiff or defendant in a lawsuit ( especially the Civil Dispute Procedure, the Civil Non-Dispute Procedure, the Administrative Court Procedure).

    • for the purpose of recording and processing the suggestions of the persons concerned in connection with the notification of anti-social activity

For this purpose, we process personal data because it is necessary to fulfill our legal obligation in accordance with Act No. 307/2014 Coll. on certain measures related to the reporting of anti-social activity, in the event that an initiative has been submitted to the operator in accordance with the provisions of this law.

    • for the purpose of controls carried out by public authorities

Based on the provisions of special legal regulations, we may be obliged to submit your personal data to public authorities as part of their control activities.

We would like to inform you that the person concerned is obliged to provide his personal data if the processing of personal data is necessary in connection with the fulfillment of the legal obligation of the operator.

 

  1. d) Processing of personal data with your consent (Article 6(1)(a) GDPR)
    • for direct marketing purposes

Based on your consent, we will contact you in connection with the offer of our services even if you are not yet our customer. Giving your consent is voluntary, and you can give it by filling in your e-mail address on our website, in the newsletter section. Unfortunately, we cannot contact you in this regard without granting it.

You have the right to withdraw your consent at any time by clicking on the relevant link in the e-mail message or by sending an e-mail to the address support@dna4fit.sk or by delivering a written notification to the address of the operator's headquarters. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

 

  1. e) Processing of a special category of personal data with your consent (Article 9(2)(a) GDPR)
    • in connection with the fulfillment of our contractual obligations

Since you contacted us as an interested party in using our services, consisting in the provision of genetic analysis, we would like to inform you that the provision of the service you requested will not be objectively possible on our part, unless you give us your consent to process your personal data to the extent necessary , regarding your health and your genetic data.

You can refuse consent to the processing of a special category of your personal data. In that case, however, we will not be able to provide you with the requested service for objective reasons.

 

  • for the purpose of the legitimate interests of the operator

We use your genetic information for the following main purposes:

  • delivery of results of genetic analyses;
  • furthermore, we can offer you participation in surveys and questionnaire forms (completely voluntarily) based on your DNA data;
  • examining aggregate genetic information to better understand the health, well-being, aging or physical fitness of a population;
  • carrying out scientific, statistical and historical research;
  • improving the features and functionality of our existing DNA products, improving the customer experience for all of our products, improving the quality of our laboratory procedures and technologies, and creating new products and services, including personal health and wellness services.

You have the right to withdraw your consent at any time by sending an e-mail to the address support@dna4fit.sk or by delivering a written notification to the address of the operator's headquarters. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

 

  1. Recipients of personal data

In connection with the fulfillment of the legal obligations of the operator are, respectively. the recipients of your personal data may be entities designated by legal regulations, bodies of state administration and public power for the exercise of control and supervision, courts and law enforcement authorities.

Depending on the purpose of processing and specific circumstances, the recipients of your personal data may also include other persons (in the position of intermediary or independent operator), in particular:

  • lawyer,
  • executor,
  • responsible person in the sense of GDPR,
  • provider of postal and courier services,
  • external service providers in the field of marketing activities,
  • a company performing external website support and operation,
  • external suppliers of programming work and system and implementation work,
  • suppliers of installation, integration, migration, configuration, customization, custom development, reporting and training services for software products,
  • a company performing a certification audit of an integrated management system, namely a quality management system and an information security management system,
  • a company performing design, development, implementation and other related services in the field of information systems and software,
  • an external service provider for operating SW applications in the cloud,
  • a company providing services related to the connection of telecommunications lines,
  • a company providing telecommunication services,
  • a company providing electronic communication services,
  • a company that is an external supplier of accounting services,
  • company providing auditing services,
  • a company providing archiving services,
  • company providing printing services,
  • supplier of the Data Loss Prevention System,
  • external security service,
  • accredited laboratories and other service providers in the field of DNA analysis.

In cases where the operator processes your personal data through intermediaries as a special category of recipients of personal data, we ensure that they proceed in accordance with applicable legal regulations and the conditions agreed in the contract on the processing of personal data, that they are bound by confidentiality and protect your data in accordance with GDPR requirements. The intermediary is the company genEplanet doo with registered office at Cesta na Poljane 24, 1210 Ljubljana, Slovenia, ID number: 3857115000, represented by: Matjaž Petrovič, which processes personal data on behalf of the operator when registering the subscription kit on the website www.my.dna4fit.com.

 

  1. Will your personal data be provided outside the European Union?

Data is not transferred to a third country or international organization.

 

  1. Will your personal data be used for automated individual decision-making?

Your personal data will not be used for automated individual decision-making.

 

  1. Cookies

Our website uses cookies that help us provide you with better services. They are small text files that are stored by the browser on the visitor's computer or device when visiting a website. Cookies allow the website to recognize the user's device and remember certain information about your sessions during your connection. More detailed information about cookies is published on our website.

 

  1. How long will we store your personal data?

If your personal data is processed within the framework of fulfilling the legal obligations of the operator and the legal regulation determines the retention period, we will keep the personal data and related documentation for the period required by the relevant legal regulation.

Personal data processed for the purpose of accounting and tax agenda are kept for 10 years.

We keep personal data in the records of sent and received postal items for a period of 5 years.

We will keep your personal data obtained within the framework of pre-contractual relations for a period of one year.

We will keep personal data processed on the legal basis of the necessity of processing for the performance of the contract, to which the affected person is a party, for the duration of the contractual relationship until the settlement of mutual rights and obligations arising from them, but at least for a period of 10 years. For the same period, we also keep the personal data of the person concerned - a person authorized to act on behalf of the contractual partner (customer) or an employee of the contractual partner, which is specified in the contracts.

We will keep your personal data processed for the purpose of fulfilling the rights of the affected persons for a period of 5 years from the date of processing the request, but at least until the legal end of the administrative procedure, which was initiated in connection with this purpose at the initiative of the concerned person.

Personal data processed for the purpose of maintaining an agenda related to ongoing disputes and foreclosures and an agenda for the recovery of receivables and other claims of the operator within the framework of judicial, extrajudicial, enforcement or bankruptcy proceedings will be kept for the duration of the statutory limitation and preclusion periods, or until the settlement of the legal claim enforced in relevant judicial, extrajudicial, enforcement or bankruptcy proceedings. If we process your personal data for the purpose of legal representation (outside of proceedings), we store this data for a period of 5 years.

Personal data processed for the purpose of ensuring network security and information security are kept during the retention periods established by special laws.

We will keep personal data processed for direct marketing purposes for a period of 5 years (or until processing is objected to).

We will keep personal data processed on the basis of consent for a maximum of 5 years (or until it is revoked).

 

  1. What rights do you have as a data subject in connection with the processing of your personal data?
  2. a) The right to access personal data according to Art. 15 GDPR:

You have the right to obtain access to your personal data and information within the scope of Article 15 of the GDPR. You have the right to receive a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, personal data will be provided to you in written document form, unless you have requested another way of providing them. If you have requested the provision of this information by electronic means, it will be provided to you electronically if it is technically possible.

 

  1. b) The right to correct personal data according to Art. 16 GDPR:

We have taken, and will continuously update, reasonable measures to ensure the accuracy, completeness and timeliness of the information we have about you. If you believe that the personal data we have is inaccurate, incomplete or out of date, please do not hesitate to ask us to correct, update or supplement this information. we are obliged to comply with the addition of personal data without unnecessary delay.

 

  1. c) The right to erasure (the right to be "forgotten") according to Art. 17 GDPR:

You have the right to ask us to delete your personal data if any of the reasons listed in Art. 17 par. 1 GDPR. You can do so, for example, if the personal data we have obtained about you is no longer necessary to fulfill the original purpose of processing. We will assess your right from the point of view of all relevant circumstances. In the event that the processing of your personal data is necessary, for example, to fulfill our legal obligation or to demonstrate, exercise or defend legal claims, we will not be able to comply with your request. 

 

  1. d) The right to limit the processing of personal data according to Art. 18 GDPR:

If any of the cases mentioned in Art. 18 par. 1 GDPR, you are entitled to ask us to stop using your personal data. These are, for example, cases when you think that the personal data we have about you may be inaccurate or when you think that we no longer need to use your personal data. If the processing was limited in accordance with Art. 18 par. 1 GDPR, such personal data are processed, with the exception of storage: a) only with your consent, or b) to prove, exercise or defend legal claims, or c) to protect the rights of another natural or legal person, or d) for reasons of important public interest of the Union or a Member State.

 

  1. e) The right to portability of personal data according to Art. 20 GDPR:

Under the conditions specified in Art. 20 GDPR, you have the right to ask us to transfer the personal data you have provided to us to another third party of your choice. However, the right to portability only applies to personal data that we have obtained from you on the basis of consent or on the basis of a contract to which you are a party. 

 

  1. f) The right to object according to Art. 21 GDPR:

In specific cases, you have the right to object to data processing that is based on our legitimate legitimate interests (i.e. according to Article 6(1)(f) GDPR), including objecting to profiling based on said interests. In the event that we do not demonstrate a convincing legitimate legitimate reason for processing and you file an objection, we will not process your personal data further. You can also object to data processing according to Art. 6 par. 1 letter e) GDPR (performance of a task in the public interest or in the exercise of public authority).

In accordance with Art. 21 par. 2 GDPR, if personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing, including profiling to the extent that it is related to this direct marketing. If you object to processing for direct marketing purposes, your personal data may no longer be processed for such purposes.

 

  1. g) The right to submit an initiative or complaint to the Office for Personal Data Protection

If you believe that your personal data is being processed incorrectly or illegally, you can at any time submit an initiative or complaint regarding the processing of your personal data to the supervisory authority, i.e. the Personal Data Protection Office of the Slovak Republic, Hraničná 12, 820 07 Bratislava, tel.: +421 2 3231 3220, www.dataprotection.gov.sk, email: statny.dozor@pdp.gov.sk. In the case of submission of the proposal in electronic form, it is necessary that it fulfills the requirements according to § 19 par. 1 of Act no. 71/1967 Coll. on administrative procedure (correct order).

 

  1. Changes to this statement

We may change this privacy policy at any time, but in this case we will give you priority notice of any material changes, for example by posting notices through our services, on our website, in an email sent to your address, to give you an opportunity to review the changes and decide whether you wish to continue using the services.

We will also notify you of non-material changes to this Statement as of their effective date by posting notices within our Services or Websites or by email. If you continue to use our services after minor changes have been posted, it means that you agree to the updated data protection statement.

If you do not agree with the changes, you can contact us with a request to delete the account.

 

  1. Information about children

The operator takes the privacy of both children and adults seriously and none of its services are aimed at or targeted at children under 18 years of age. However, a parent or legal guardian may collect a saliva sample from their child, create an account for their child, or provide information regarding their child. In such a case, the parent or legal representative assumes full responsibility for ensuring that the information about their child provided to the operator is kept confidential and that the information provided is accurate. If you are under the age of 18, we ask that you do not use our services and do not provide us with your personal data without the consent of a parent or legal representative.

 

  1. Legal basis for the processing of personal data of EU citizens according to the general regulation on the protection of personal data of the EU.

If you have agreed to data processing, your consent is the legal basis for the processing of your private data. When processing your genetic information, we rely on your express consent. You have the right to withdraw this consent at any time. Please note that the withdrawal of consent to the collection and processing of your personal data does not affect the legality of the processing of your personal data prior to the withdrawal of this consent.

Furthermore, we can process your personal data based on the necessity to fulfill the contract we concluded with you. You may also process your personal data based on our legitimate interests, which include providing and improving services. For example, the operator has a legitimate interest in knowing your login history so that we can gain access to information about your interaction with the services. Furthermore, we have a legitimate interest in providing and developing interesting features that we then offer to users. We use your personal data to secure our services and do so because it is necessary to pursue your and our legitimate interests, maintain the security of our services and protect them from fraud, spam and abuse.

In cases where we rely on our legitimate interests to process your personal data, you have the right to object to this processing (which means you can ask us to stop processing the data). You can also contact us and object to other forms of data processing using the information provided below.

 

Effective date 07/29/2020

Nákupný košík
Close
Košík
  • No products in the cart.
The shopping cart is empty
Add some products to your shopping cart before proceeding to checkout.
Browse our categories and discover news and special offers.
Return to shop
Most frequent searches:
gout analysis gout tests training according to the bottom diet according to gout consultations