(thereafter – "Longenesis", "us", "we", or "our").
When processing personal data, Longenesis complies with the laws and regulations in force in the Republic of Latvia, the binding instructions and regulations issued by the responsible authorities, as well as the European Union legislation in general, and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [..] in particular. 1. Personal Data Collection
We collect personal data about you when you provide such personal data directly to us, when third parties such as our service providers provide us with personal data about you, or when personal data about you is automatically collected in connection with your use of the Themis.
2. Use of personal data
- We collect and process personal data you provide directly to us. For example, you share personal data directly with us when you create a user profile. The types of personal data we may collect include your name, email address, phone number, email, date of birth, represented organization, and any other information you choose to provide.
- We also keep your consent data, including the time stamp - the exact time you made / revoked / renewed your consent, along with the consent form (document text). This helps us to ensure transparency in the processing and storage of data, to give you the ability to manage your consent data at any time, and to provide you with mechanisms for deleting data upon request as described in the section 6. "Access and Your rights".
- We may collect identifiers obtained from a third party service, for example, identifiers from "Google Auth" obtained through user authentication using Auth0, Inc.;
- We also collect information that your browser sends whenever you visit the Themis ("Log Data"). This Log Data may include information about your device and about your visits to and use of the Themis (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation). In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this type of information in order to increase our Service's functionality. These third party service providers have their own privacy policies addressing how they use such information.
- We also may collect and store information that you provide us for the purpose of subscribing to our website services, email notifications and/or newsletters and any other information that you choose to send us.
We use the personal data and information we collect to provide, maintain, and improve the Themis:
- Create and maintain your Themis user profile;
- Send you technical notices, security alerts, and support and administrative messages;
- Respond to your comments and questions and provide customer service;
- Communicate with you about new content, products, services, and features offered by Longenesis and provide other news and information we think will interest you (you can contact us to opt out of these communications at any time);
- Process transactions and send related information, such as confirmations, receipts, and user experience surveys;
- Monitor and analyse trends, usage, and activities in connection with the Themis;
- Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Themis and others;
- Debug to identify and repair errors in the Themis;
- Comply with our legal and financial obligations; and
- Carry out any other purpose described to you at the time the information was collected.
We share personal data in the following circumstances or as otherwise described in this policy:
- To ensure the full cycle of consent registration and management that allows proactive patients onboarding to the research studies, as well as biomedical/clinical data processing, based on the extent of the consent. The functionality of data processing is provided in accordance to the Terms and Conditions;
- We share personal data with vendors, service providers, and consultants that need access to personal information in order to perform services for us, such as companies that assist us with web hosting, storage, and other infrastructure, analytics, payment processing, fraud prevention and security, customer service, communications, and marketing. Personal data is shared to a third party in a minimized manner to the extent necessary for the Themis and according to the agreement concluded with them.
- We may disclose personal data with legal, governmental, and institutional authorities if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements. If we are going to disclose your personal information in response to a legal process, we will give you notice so you can challenge it (for example by seeking court intervention), unless we are prohibited by law or believe doing so may endanger others or cause illegal conduct. We will object to legal requests for information about users of the Themis that we believe are improper.
- We may share personal data with legal, governmental, and institutional authorities if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of the Themis, our users, the public, or others.
- We share personal data with our lawyers and other professional advisors in connection with agreed services they provide to us and where it is necessary to obtain advice or otherwise protect and manage our business interests.
- Personal data is shared between and among Longenesis and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.
- We share personal data with your consent or at your direction.
- We also might share aggregated or de-identified information that you have submitted to Themis. In such situations the information cannot reasonably be used to identify you.
A cookie consists of information sent by a web server to a web browser, and it is stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both "session" cookies and "persistent" cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website and persistent cookies to enable our website to recognize you when you visit our website again. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiration date.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provides information on how to accept cookies, disable cookies or to notify you when receiving a new cookie.
If you do not accept cookies, you may not be able to use some features of the Themis and we recommend that you leave them turned on. 4. Service Providers
We may employ third party companies and individuals to ensure proper provision of the Themis, to provide and perform services on our behalf, and/or to assist us in analysing how the Themis is used.
The specific tasks where we use service provider to facilitate may include:
- Providing customer service;
- Sending marketing communications;
- Conducting research and analysis.
These third parties have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose. Third party services have access only to those data identifiers, such as name, identification number, location, that are required to perform their tasks.
The third party systems we use to ensure the proper provision of services:
- Google, Inc. Google Analytics Tool - This tool stores information about your website visit. The data stored is anonymous and helps our team improve the quality of the website. You can read more about the terms of service provided by these tools and their privacy policies here and here.
- Auth0, Inc. tool for authorization. We use this tool to provide registration and/or authorization functionality, taking care of the accessibility, security, privacy and convenience of the service (the tool also allows authorization through popular platforms such as Google user accounts). Read more about this tool here.
- Amazon Web Services, Inc. products and tools for server and database deployment - we use this to ensure Skrinings.lv service is available online, risk estimation and personalized reporting, data storage and encryption algorithms are implemented to protect and minimize the risks of unauthorized access. Read more here.
The security of your Personal data is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the personal data we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.
However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal data we have collected from you.
You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the Themis).
Your personal data will be kept for as long as it is required for the purposes for which the personal data are processed and in accordance with the laws of the Republic of Latvia.
After the retention period expires, all documents containing personal data will be permanently deleted, destroyed or made anonymous in a form which does not permit identification of data subjects. Longenesis will not notify you about the deletion, destruction or making anonymous of your personal data nor ask your permission to delete or destroy personal data after the retention period.
Please note that certain personal data retained on computer files may be available after the retention period for a certain time period in data backup systems until those files in the data backup system are overwritten. Usually, files in the data backup systems are not overwritten at once, leaving an appropriate margin for the possibility of restoring data at the needed time. 6. Access and Your rights
If at any time you wish to know whether we have any of your personal data, you may send a request to us (see section "11. Contact Us") and we will respond to your request within a reasonable timeframe. You can also access, correct, or request deletion of your personal data and information by logging into your account or contacting us.
Further to that, you have the following rights under data protection laws:
- to correct and update your information;
- to request information concerning processing of your personal data;
- to have your information erased (if there exist no lawful reason for keeping it);
- to restrict further processing of your information;
- to withdraw previous consent for data processing
- to request a copy of your personal data;
- to transfer your information in a machine-readable format to you or to another controller;
- to object to the use of your information processed on the basis of legitimate interests (unless we have an overriding lawful reason) or for direct marketing.
We may withhold personal information to the extent and manner permitted by law. 7. International Transfer
A transfer of personal data to a third country within European Union is performed according to the principles and norms stated by the GDPR and national law. A transfer of personal data outside European Union can take place when the European Commission has recognized this third country as offering an adequate level of protection or when a transfer is compliant with regulations stated in the Chapter V of the GDPR.
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services. 9. Business Transaction
If you have any enquiries relating to this policy, our handling of your personal information generally or in relation your data protection rights, please contact us at firstname.lastname@example.org
or Zaubes Street 9A-23, Riga, Latvia, LV-1013.
In any case, any natural person always has the right to submit a complaint to the Data State Inspectorate of Latvia, address: Blaumana Street 11/13-11, Riga, LV-1011, Latvia.