Menü

Privacy Policy Genetic Data

Last updated: 07.01.2026

1. Introduction

This Privacy Policy – Genetic Data explains how Intellektist OÜ processes genetic data and other health-related data. Genetic data is considered a special category of personal data and is subject to enhanced protection under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Estonian Human Genes Research Act.

This policy supplements the general Privacy Policy and applies specifically where genetic data or biological samples are involved.

2. Data Controller

The data controller responsible for processing genetic data is:

Intellektist OÜ 
Registry code: 16563656 
Registered address: Juhkentali tn 8, Kesklinna linnaosa, 10132 Tallinn, Estonia 
Email: info@intellektist.com

3. Definition of Genetic Data

Genetic data refers to personal data relating to inherited or acquired genetic characteristics of an individual which provide unique information about that individual’s physiology or health, including data obtained from the analysis of biological samples such as DNA or RNA.

4. Categories of Genetic Data Processed

Depending on the specific project or service, I may process:

  • Raw genetic data derived from biological samples 
  • Processed or interpreted genetic information
  • Metadata associated with samples (e.g. sample ID, collection date)
  • Related health or lifestyle information provided voluntarily by the data subject 

5. Lawful Basis for Processing

Genetic data is processed only where one or more of the following lawful bases apply:

  • Explicit consent of the data subject (GDPR Article 9(2)(a))
  • Scientific research purposes in accordance with applicable law and safeguards
  • Other lawful grounds expressly permitted by EU or Estonian law 

Consent is always informed, specific, freely given, and documented. Withdrawal of consent does not affect processing lawfully carried out prior to withdrawal.

6. Purpose Limitation

Genetic data is processed solely for the specific purposes clearly described at the time consent is obtained, including:

  • Research and development activities
  • Scientific analysis and algorithm development
  • Generation of non-clinical, non-diagnostic insights 

Genetic data is not used for medical diagnosis, treatment, or disease prevention unless explicitly stated and legally authorised.

7. Voluntary Participation

Participation in genetic data processing activities is voluntary. Refusal to provide genetic data or withdrawal of consent will not affect access to non-genetic services, unless genetic data is strictly necessary for the requested service.

8. Storage, Coding, and Security

Genetic data and biological samples are:

  • Coded or pseudonymised
  • Stored separately from direct identifiers
  • Protected by technical and organisational measures in accordance with GDPR Article 32 

Access is restricted to authorised personnel only.

9. Retention Period

Genetic data is retained only for as long as necessary to fulfil the stated research purpose or as required by law. As a general principle:

  • Genetic data is retained for a maximum of 5 years after completion of the relevant project, unless earlier deletion is requested or a longer period is required by law
  • Biological samples are destroyed or irreversibly anonymised after use 

10. Data Sharing and Third Parties

Genetic data is not sold or shared for commercial purposes. Data may be shared only:

  • With research partners or processors under strict contractual safeguards
  • Where required by law or regulatory authorities 

Any sharing is limited to the minimum necessary and covered by data processing agreements.

11. International Transfers

Genetic data is processed within the EU/EEA. If transfer outside the EU/EEA becomes necessary, appropriate safeguards will be implemented in accordance with GDPR Chapter V.

12. Automated Processing and Profiling

Genetic data may be subject to automated analysis for research purposes. No decisions producing legal or similarly significant effects on individuals are made solely by automated means.

13. Rights of the Data Subject

You have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right not to be subject to automated decision-making
  • Right to withdraw consent at any time 

Requests can be submitted to: info@intellektist.com

14. Right to Lodge a Complaint

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate or any other competent supervisory authority in the EU.

15. Changes to This Policy

This policy may be updated from time to time. Any changes will be published on the website and apply prospectively only.

16. Contact

For questions regarding genetic data processing, please contact:

Intellektist OÜ 
Email: info@intellektist.com

Nach oben scrollen