This Privacy Policy applies to the personal data collected through Platform Longenesis.Engage (thereafter – "Platform"), email, phone, website “www.longenesis.com” or any other services, developed, provided and operated by Longenesis, company Reg. No. 40203211852, the address of which is Zaubes Street 9A-23, Riga, Latvia (thereafter – "Us", "We”).


Definitions

Controller / data controller - a legal person who has entered into a service agreement with us aiming to receive the services provided by Longenesis and transferring the categories of personal data collected on the platform for processing.
Data Subject - individuals who can be reasonably identified using solely the information collected by the Controller via the Platform or its parts in combination with other data.
Personal data - information relating to a living individual who is, or can be, reasonably identified from the information, either alone or in conjunction with other information.
Platform/Service - information technology service provided through the digital data collection and analysis platform Longenesis.Engage.com or any other platform operated by Longenesis, which can be used for research, data collection or any other purpose described in its terms of use.
Clients - legal entities, independent researchers and other entities, who have entered into an agreement on service provision with Us.
Administrators - Clients or designated employees of the Client, who have the appropriate authority to access the Platform and its functionality for creating projects and activities within them via digital means.
Users - private persons who have participated as respondents in Projects created by Administrators of the organization, or have registered a profile on the Platform and have shared their Personal Data.
Projects - personal and other data or consent collection, knowledge sharing initiatives conducted in healthcare settings by the Customer via the Platform for the purposes outlined by the Customer.
Activities - User consent forms, any type of questionnaires requiring responses from Users, including other digital initiatives involving Users which are created within the Projects.

When processing personal data, Longenesis complies with the laws and regulations enforced in the Republic of Latvia, the binding instructions and regulations issued by the regulatory authorities, as well as the European Union legislation, in particular the General Data Protection Regulation (GDPR).


1. Personal Data Collection and Sources

We process User data to provide service to our Clients pursuant to the applicable contract and data processing terms. In cases, where we are the data controller, we may apply only the set of processing purposes mentioned in this policy.

1.1. We collect Personal Data of Our:

Clients: private persons and legal entities (including their employees, agents, consultants, suppliers, customers, vendors, affiliates and others (bound by a contract with the Client) which hold an account and are using any of our Services for its designated purpose.
Platform Administrators/Admins: employees or people in some kind of contractual relationship with the Client, granted full access to our Platform.
Users: survey, research, screening activity participants and patients who have filled out the form received from Admin in the Platform.
Potential Clients: private persons and legal entities (including their employees, agents, vendors, consultants, suppliers, customers, affiliates and others bound by contract with the entity), who have expressed interest in becoming Clients and shared any category of Personal Data by accessing our services or by any other means available.
Subscribers: data subjects subscribed to our Newsletter delivered via email or any of our social media, and have consented to share their data with us.
Website visitors: Data Subjects who have visited our website www.longenesis.com or any other website provided by us and have consented to use of cookies.

1.2. Types of personal data we collect:

• Personal information (e.g. name, surname, age)

When you register an account and use the Platform as a User or Admin, register to use any other of our services, we receive this data from a third party provider (Google Auth, eParaksts) or you directly, if you choose to register by email.

• Contact info (email, address, phone No)

We might receive this information when you decide to connect with us, decide to negotiate terms of a contract, fill out a form on our Platform as a respondent or share this Personal Data with us by any other means.

• Analytical data from third party service provider tools about your usage and actions on the Platform and any of our services

This Personal Data is collected when you visit our Platform or any of our services, and consent to cookies. This mainly means your IP address, operating system version, device type, system and performance information and browser type. If you are on a mobile device we also collect information specific to that device.

• Visual image (if uploaded on the Platform)

If you make a decision to enhance your account by uploading a visual image or upload it in any other section on the platform allowing to perform such action, we will store it in our database.

• Form/survey/questionnaire responses

Information collected by our Clients in their Projects and Activities. Questions and responses are stored in our database and we provide analysis tools to use with respect to this data.

• Log data

Log Data may include information about your device and about your visits to and use of the Platform (including your IP address, geographical location, referral source, length of visit, page views and website navigation).

• Information provided to us via Contact Us form or any other means of communication

We also collect and process information that you provide us for the purpose of contacting us, subscribing to newsletters and any other information that you choose to send us.


2. Use of personal data

We process your data for:

Contractual obligations

• We process data collected from Users (whether its response data, Log or Analytical data) to perform a contract between us and the Client.
• The Potential Client’s Contact information and Personal information is processed to enter into a contract and maintain the Client and connected accounts within the Platform.
• Admin and User Personal information is used to create and maintain User or Admin profile on the Platform within the scope of a contract.

Legal obligation

• We may use Personal Data to fulfill our legal obligations as set out by national and international binding laws regulating patient rights, information and communication systems, research, archiving and commercial activity.
• We may use Contact information to send out technical notices, security alerts, and support and administrative messages.

Legitimate interest
We may use your Contact information in our legitimate interests to:

• send you marketing emails (as long as you don’t opt out), as well as inform on available research projects and other healthcare initiatives;
• respond to comments and inquiries and provide customer service;
• send you Platform purchase offers (as long as you don’t opt out).

Analytical data, Log data can be used to:

• prevent and investigate information security incidents or respond to emergency situations;
• Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity, inform the security incident response team and authorities, protect the rights and property of the Platform and others;
• Debug to identify and repair errors in the Platform;
• Improve, develop and maintain our existing Platform and create new products.
• Monitor and analyze trends, usage, and activities within the Platform.
• We may use the data collected from Users to ensure the operation of Projects, determination of disease risks and generation of personalized reports.

Consent
Where you have consented to:

• use of cookies;
• Receipt if our marketing communication;
• explicit freely given consent is required to process your data, we collect consent to process your data. The User has the right to withdraw consent at any time, subject to the terms of the activity-specific consent requirements.

If your personal data will be collected for any other purpose not identified above, we will inform you upon any new purposes before the data collection.


3. Personal Data Sharing and Purposes

We collect, use and process personal data solely for the purposes written thereto. In cases, when we are obliged to share personal data with third parties, we share only anonymized or aggregated data.

Third parties
We may share minimal anonymized or aggregated Personal Data with parties that need access to it in order to perform services for us, such as companies that assist us with:

• vendors, service providers and consultants;
• web hosting, storage, and other infrastructure;
• Program development service providers;
• Fraud prevention and security;
• Customer service and marketing communications;
• Legal support, accounting and business interest protection;
• Conducting research and analysis.

Data may be shared between and among Longenesis and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.

To fulfill our legal obligations, we may share your data with public authorities, if:

• We believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests to meet national security or law enforcement requirements. If we are going to disclose any personal information in response to a legal process, we will give you notice so you can challenge it (for example by seeking court intervention), unless we are prohibited by law or believe doing so may endanger others or cause illegal conduct. We will object to legal requests for information about Users and Platform Administrators that we believe are improper.
• We believe that your actions are inconsistent with our agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of the Platform, our Users and Admins, the public, or others.
• We may share personal data with your consent or at your direction.
• We also might share aggregated or de-identified information that you have submitted to the Platform. In such situations the information cannot reasonably be linked back to you.

4. Cookies

A cookie is a piece of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. We use cookies to collect information and improve our services for you.

We use:

• "Technical" cookies for normal performance of our website and Platform. They help us maintain operations and deliver adequate user-experience.
• "Session" cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website. Session cookies will be deleted from your computer when you close your browser.
• "Persistent" cookies to enable our website to recognize you when you visit our website again. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiration date

If you do not accept cookies, you may not be able to use some features of the website or Platform and we recommend that you leave them turned on.


5. Subprocessors

We may employ third party companies and individuals (subprocessors) to ensure proper provision of the Platform, to provide and perform services on our behalf, and/or to assist us in analyzing the Platform usage.

These third parties have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose. Third party services have access only to those data categories, such as name, identification number, location that are required to perform their tasks.

If you decide to use the artificial intelligence (AI) assistant available on our Platform, please read the AI Use Guidelines before enabling it for any purpose. By enabling the AI system, you acknowledge and accept our terms. In case you decide to employ AI, please consider not inserting any personal data in the AI prompt. Even though any information you enter will be sent to our local cloud servers on AWS platform, the AI system is not intended for personal data processing. It is an optional tool, you can opt out of using it at any time. Please note, that we are not liable for any information you decide to enter, or any AI generated output you decide to publish.

For User mobile number storage and notification delivery we use a subprocessor - API platform Plivo - operated by Plivo Inc., a Delaware corporation which operates under the EU-US Privacy Framework. The subprocessor is engaged by the Admin to provide SMS notifications to Users about updates in the project they participate in. If you are using or are planning to use SMS notification functionality for your Users, please revise Plivo Privacy Policy.

Service providers we use to ensure proper operations of the Platform:

• Amazon Web Services, Inc. products and tools for server and database deployment - we use this to ensure the service of the Platform is available online, risk estimation and personalized reporting, data storage and encryption algorithms are implemented to protect and minimize the risks of unauthorized access. Read more here.

6. Determining your data controller

If you have provided responses in any Activities of the Projects created by Platform Admins of a specific Client, using the Platform, that Client is the controller of your data, and we are the processor of that data.

Client organization’s primary Platform Administrator may access some basic account information like name, contact data, email address and any other data on your User account.

If you are a Platform Admin, in regards to the Personal Data processed to maintain your account, we are the controller over it until that Personal Data is deleted in accordance with our Terms and Conditions or per the terms of your negotiated contract.

We are a controller for the account-level data provided by its Platform Admins and Users.


7. Data Security and Retention

The security of your Personal data is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the personal data we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.


The data retention periods are determined within contract and data processing terms between us and the Client.

After the retention period, all documents containing personal data will be handed over to the Client, then permanently deleted, destroyed or made anonymous in a form which does not permit natural person identification. Only in certain situations will we notify you about the deletion, destruction or anonymization of your personal data. We will not ask your permission to delete or destroy personal data after the retention period.

Please note that certain personal data retained on computer files may be available after the retention period for a certain time period in data backup systems until those files in the data backup system are overwritten. Usually, files in the data backup systems are not overwritten at once, leaving an appropriate margin for the possibility of restoring data at the needed time.

Certain datasets might be stored in anonymized or pseudonymized form for a longer period of time to comply with applicable legislation, legal obligations or protect our legal rights.


8. Access and Your rights

You may send us a reasonable request (section "13. Contacts and Disputes") and we will respond to it no later than within one month upon receipt. You can also manage your personal data by logging into your account or contacting us via the Platform.

You have the following rights under the GDPR:

• to revoke the permission for our use of cookies;
• to correct and update your information at any time - we will take reasonable measures to help our Clients rectify any information indicated as inaccurate;
• to request information concerning processing of your personal data;
• to have your information erased (if there is no legal or contractual obligation to store it) - we will forward all such requests to our Clients and respond within a reasonable timeframe;
• to withdraw previously given consent for, or restrict further, data processing - all withdrawals will be handled by the Controller;
• to request a copy of your personal data;
• to transfer your information in a machine-readable format to you or to another controller - before any data transfers we must inform the Controller;
• to object to the use of your information processed for direct marketing.

We may retain some personal information to the extent and manner permitted by law.
In cases of consent withdrawal processing of all personal data is stopped instantly and shall not be restored, unless there is sufficient legal basis for it. The data Controller has the right to continue processing anonymized information or permanently delete it.


9. Links to Other Sites

The Platform may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party website. We strongly advise you to review their Privacy Policy upon your visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.


10. Business Transaction

If the Platform is involved in a merger, acquisition or asset sale, your Personal data may be transferred as a business asset. In such cases, we will provide notice before your Personal Information is transferred and/or becomes subject to a different Privacy Policy.


11. Data used for decision making

The resulting data is not used to make automated decisions. Input and output data are to be used for informational purposes only.


12. Policy Amendments

This Privacy Policy is effective as of the date of publishing indicated at the start, and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on the Platform.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Platform after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.


13. Contacts and Disputes

This Privacy Policy and any dispute or claim arising in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the Republic of Latvia and the European Union.

If you have any enquiries relating to this policy, our handling of your personal information generally or in relation to your data protection rights, please contact us at privacy@longenesis.com or Dzirnavu Street 41A, Riga, Latvia, LV-1010.

In any case, any natural person always has the right to submit a complaint to the Data State Inspectorate of Latvia, address: Elijas Street 17, Riga, Latvia, LV-1050.