Participant consent

Last updated on April 23rd, 2021

This Privacy Policy is designed to provide information to a natural person (data subject) about the purpose, scope and protection of personal data processing performed by SIA "Longenesis", when it processes data subject's personal data.

With regard to personal data protection, the Privacy Policy relies on Regulation (EU) No 2016/679 of the European Parliament and of the Council (27 April 2016).

1. Information about the controller

Your data controller is SIA Longenesis, company registration no. 40203211852, legal address: Zaubes Street 9A - 23, Riga, LV-1013, Latvia. Email:

2. Contact information for communication regarding matters on personal data protection

If you have any questions regarding the Service's Privacy Policy or the processing of your personal data, you may contact us through our communications channels above or by emailing

3. General description of our personal data processing

Personal data can be collected from the customer, from use of the customer services and external sources, for example, public and private registers and third parties.

We assume that, before using our website, you have read this statement and accepted its terms by accepting it with the "I agree" button. This is the current version of the consent form. We reserve the right to make changes and to update this statement as necessary. In this case, you will be requested again for consent provision.

When you visit, the user is presented with a window stating that the website is using cookies.

Cookies store information about your visit to the website. The data stored is anonymous and helps our team improve the quality of the website.

The categories of personal data we collect and process are:

● Identification Information: name, User Profile Identifier from "Google Auth" Authorization Service (obtained from a third party service through user authentication using Auth0, Inc.);

● contact information: email address;

● data collected and processed through the use of risk calculation modules by the user: the risk calculation module uses and requests the following data: age, weight and height (for calculating BMI), number of hours of exercise, daily volume of alcoholic use, oral contraceptive use, family history data (anonymous information) - prevalence among the first degree of relatives, breast tissue density and structure, whether a breast tissue biopsy was performed or a benign lesion was found during biopsy examination, age at the time of the benign lesion, age of the start of periods, or age of the beginning of menopause , amount of children, age the duration of breastfeeding, amount of the prophylactic mammography of the breast performed during the last 2 years, declared place of residence by the user (country and Latvian municipality);

● user consent data: we keep your consent data, including the time stamp - the exact time you made / revoked / renewed your consent, along with the consent form (document text). This helps us to ensure transparency in the processing and storage of data, to give you the ability to manage your consent data at any time, and to provide you with mechanisms for deleting data upon request as described below (see paragraph 9);

● communication data: data collected when a user communicates with us via email, telephone, social networks, or any other available form of digital communication that includes the content of the message (including visual and / or audio recordings, etc.), mail, news and other communication media such as social media, data obtained from a customer's visit to our website or through other channels of ours, data on devices used;

We reserve the right to make changes and updates to this Privacy Policy as necessary, by notifying you of such changes and by making subsequent requests for consent.

We are aware that personal data is your property and value and will process it subject to the requirements of confidentiality and the security of your personal data held by us. All data is collected voluntarily, and the user has the ability to manage his or her data and consent at any time, manipulate the data, and request the deletion of data.

4. For what purpose we process your personal data and what is the legal basis for processing the personal data?

We will process your personal data only for the legitimate purposes defined above, including:

- Starting and providing service - Breast Cancer Risk Calculation and Personalized Reports Generation: voluntary data entered and obtained is used for informational purposes only - generating a personalized report for the user using risk data input.

- Calls for research projects focused on the research, diagnosis and prevention of breast cancer: the data set metrics (see point 3) are placed in an anonymized form within the framework of data collection available to breast cancer research and research organizations research. Data is anonymised - it is not linked in any way to the individual (s) of the sample. Anonymization as well as deployment is separate from data storage and processing servers and data warehouses, which means that there is no risk of personalized selection. This feature helps to jointly fight breast cancer and enables research teams to work on new approaches to breast cancer diagnosis and prevention, to select potential cohorts, and to prepare and send invitations to such user groups.

How are invitations sent when querying through anonymous data? The framework is not interconnected with service, which ensures security and data privacy. When you make a selection, querying parameters are created and forwarded to the service. This invitation is sent to users as a new form of consent. In the event that the user does not approve it, the system will not add the user to a specific study. If the user agrees to the terms and conditions that will be described in the individual consent forms, then the user is added to a specific research project and the user is provided with research project specific data entry modules, etc. (which will be described in the individual consent forms). The User has the right to withdraw consent at any time, subject to the terms of the project-specific consent requirements.

- ensuring the proper provision of services and cooperation with service providers and other partners.

For this purpose, we need to maintain and develop technical systems and IT infrastructure, use technical and organizational solutions that may also use your personal data (for example, through the use of cookies) to ensure the proper provision of services.

The third party systems we use to ensure the proper provision of services:

- Google, Inc. Google Analytics Tool - This tool stores information about your website visit. The data stored is anonymous and helps our team improve the quality of the website. You can read more about the terms of service provided by these tools and their privacy policies HERE and HERE.

- Auth0, Inc. tool for authorization. We use this tool to provide registration and/or authorization functionality, taking care of the accessibility, security, privacy and convenience of the service (the tool also allows authorization through popular platforms such as Google user accounts). Read more about this tool HERE.

- Amazon Web Services, Inc. products and tools for server and database deployment - we use this to ensure service is available online, risk estimation and personalized reporting, data storage and encryption algorithms are implemented to protect and minimize the risks of unauthorized access. Read more HERE.

Main applicable legal basis to exercise these purposes:

- Controller's legitimate interests (Article 6(1)f of the General Data Protection Regulation)

5. Who could access your personal data?

We take appropriate measures to process your personal data in accordance with applicable law and to ensure that your personal data is not accessible to third parties who do not have an appropriate legal basis for the processing of your personal data (including without your consent to data processing).

Your personal data could be accessed as needed:

1) Our employees or directly authorized persons who need it for the performance of their duties. This is necessary for technical functionality as well as for example data erasure activities;

2) third parties, after carefully assessing whether there is an appropriate legal basis for such a transfer, only where the user has given his consent and consent to such access.

6. What cooperation partners do we choose in personal data processing?

We do not pass your personal data on to third-party partners. All potential activities related to the processing, protection and transfer of data to third party data controllers may only be carried out with your express consent. In this case, you will receive a separate consent request, describing the need to attract partners.

7. Are your personal data sent outside the European Union (EU) or European Economic Area (EEA)?

We do not transfer data to countries that are located outside the European Union or European Economic Area.

8. How long will your personal data be stored?

Your personal data will be kept for as long as it is required for the purposes for which the personal data are processed and in accordance with applicable law (eg accounting, money laundering, statute of limitations, civil law, etc.).

We take into account your instructions (your consent details) when assessing the length of time for which personal data will be stored. Upon receipt of a request from you to delete data (eg by revoking your consent to process data), we undertake to process it and delete data from the system that was mentioned in that request for consent.

We undertake to store your consent data for the purpose of establishing a transparent data processing mechanism. Consent data will be stored until a user profile exists in the system. The user is also entitled to request deletion of the user profile entries as described below (see point 9).

9. What are your rights in relation to processing of your personal data as a data subject?

Personal data update

Each user has the opportunity to re-fill out the questionnaire as well as to update the data in other modules of the web page. Updating your data helps you make the most accurate calculations, resulting in customized reporting for such changes. If you have any questions about how updating your data can contribute to a more accurate calculation, please contact us.

Your right to access and correct your personal data

In accordance with the provisions of the General Data Protection Regulation, you have the right to access, request the rectification, erasure, restriction of processing, opposition to the processing of your personal data held by us and the right to data portability in the cases and according to

You may obtain information about your personal data held by us or exercise your other rights as a data subject by submitting a request to our email address:, preferably signed with a secure electronic signature.

Upon receipt of your Request, we will evaluate its contents and your identifiability and, depending on the circumstances, reserve the ability to ask you to further identify yourself to ensure the security and disclosure of your data to the individual concerned.

Withdrawal of consent

If the processing of your personal data is based on your consent, you have the right to withdraw it at any time and we will no longer process your personal data for which we have consented. However, please be advised that the revocation of consent does not affect the processing of personal data that is required to comply with regulatory requirements or is based on a contract, our legitimate interests, or any other statutory basis for lawful processing.

You may also object to the processing of your personal data if the processing of personal data is based on a legitimate interest or is used for marketing purposes.

10. Where can you complain about personal data processing issues?

If you have any questions or concerns regarding our processing of your personal data, we encourage you to contact us first.

If, however, you believe that we have not been able to resolve the problem with each other and you believe that we are nevertheless in violation of your right to the protection of personal data, you have the right to complain to the Data State Inspectorate. Examples of submissions to the Data State Inspectorate and other related information can be found on the Data State Inspectorate's website. More information is available HERE.

11. Why do you need to give us your personal data?

Most of all, we collect your information to meet the functional requirements of the platform - to calculate the risk of breast cancer and generate a personalized report. In these cases, obtaining certain information from us is necessary for the purposes in question, and failure to provide such information may endanger the functionality of the platform. Data collection is voluntary.

We also process user consent data to make the data collection and processing processes transparent by providing users with control and management mechanisms for data entered into the system.

Providing all requested and entered information is voluntary. In cases where additional information is requested, you will receive an updated version of the consent, which will include any additional data required by the system, as well as the purpose of the collection and the expected processing result (eg improvements in risk calculation logic, etc.).

12. How do we obtain your personal data?

We may collect your personal information in one of the following ways:

● from you if you submit any submissions to us by email;

● from you if you sign up for our services online;

● from you by making an authorization at

● From you when you consent to the Website;

● From you, by completing one of the data entry modules (eg risk calculation survey);

● Cookies on;

13. Is your personal data used for automated decision making?

The resulting data is not used to make automated decisions. Input and output data are used for informational purposes only - generating a personalized report to the user, based on risk calculation using input data.