Privacy Policy
Last updated on 28 August 2024
This privacy policy applies to the platform "Skrinings.lv, provided and maintained by the Data controller:
Longenesis, Llc.
Reg. No. 40203211852
Address Zaubes str.9A-23, Riga, Latvia
Thereafter – "Longenesis", "us", "we", or "our".
By using the Platform, you agree to the collection and processing of personal data and information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which are available here.
Definitions
Personal data - information relating to a living individual who is, or can be, reasonably identified from the information, either alone or in conjunction with other information.
Data Subject - individuals who can be reasonably identified using solely the information collected by the Controller via the Platform or its parts in combination with other data.
Platform/Service - information technology service provided through the digital population engagement platform skrinings.lv operated by Longenesis, which is used for purposes described in its terms of use.
Processor/ Data processor- a legal entity or natural person who has entered into a data processing agreement with Us or has any other legal basis to receive the data collected on the Platform and process it on our behalf.
Users - private persons who have created a personalized account or without it are accessing and using the Platform engaging with its features to participate in the female population health exploration initiatives.
1. Personal Data Collection
1.1. We collect the personal data of our:
Users: participants of screening events who have filled out at least one form on the Platform.
Subscribers: Data subjects who have subscribed to our newsletter sent by email or/or on any of our social networks and have agreed to share their data with us.
Website Visitors: Data subjects who have visited our Platform or any other website provided by us and have consented to the use of cookies.
1.2. Types of personal data that we collect:
Identifiers obtained from a third party service, for example, identifiers from "Google Auth" obtained through user authentication using Auth0, Inc.
2. Use of personal data
We process your data on the following legal bases:
To ensure the operation of the questionnaire module - to determine the disease risks and generate personalized reports. The voluntarily entered and received data is used only for informational purposes - the formation of a personalized report for the User by performing a risk calculation using the entered data.
The contact information and Personal data of Users is processed to create and maintain User accounts on the Platform.
To send you technical notifications, security alerts and administrative messages.
To answer your comments and questions and provide user support.
To track and analyze trends, usage, and other activities related to the Platform.
To detect, investigate and prevent security breaches and other malicious, deceptive, fraudulent or illegal activities, as well as to protect the rights and property of the Platform.
Identify and fix platform errors.
To fulfill our legal and financial obligations; and achieve any other goal that will be described to you when receiving information.
Detect, investigate and prevent security incidents and other malicious, misleading, fraudulent or illegal activities, inform the security incident response team and authorities, protect the rights and property of the Platform and others;
Debug, identify and fix errors on the Platform;
Improve, develop and maintain our Platform functionality and create new products.
Monitor and analyze trends, usage, and actions within the framework of the Platform.
We can use the data collected from Users to ensure the Platform functioning, identify disease risks and create personalized reports.
the use of cookies;
marketing emails, as well as inform you about research and other available health initiatives;
To communicate with you about new materials, products, services and features offered by the Platform, and to provide other news and information that we believe may be of interest to you (contact us to opt out, see section 11 - "Contacts and Disputes");
To provide information about available research projects in which you can manage your participation, agree, refuse or extend your participation in research.
The User has the right to withdraw consent at any time in the relevant section on the Platform or by contacting us in accordance with the terms of this Policy.
If your personal data is collected for any other purposes not specified above, we will inform you of any new purposes before data collection begins.
3. Subprocessors
Personal data is transferred to the Subprocessor only to the extent necessary to complete the task and in accordance with a legally concluded cooperation agreement.
The features we use to provide third-party service providers may include:
These Subprocessors have access to your personal data solely for the purpose of performing certain tasks on our behalf and are required not to disclose or use your information for any other purpose. Subprocessors have access only to those data identifiers, such as identification number, location, that are necessary to perform their tasks.
Anonymization of Personal data
Anonymization, as well as deployment, take place separately from data storage and processing servers and data warehouses, which means there is no risk of personalized selection. This feature helps research groups select potential cohorts, as well as prepare and send invitations to the appropriate user groups. This feature helps research teams to select potential cohorts, and to prepare and send invitations to such user groups.
The data set metrics are placed in an anonymized form within the framework of data collection available to verified and authorized scientific and research organizations. Data is anonymised - it is not linked in any way to the individual(s) of the sample. Anonymization as well as deployment is separate from data storage and processing servers and data warehouses, which means that there is no risk of personalized selection.
The third party systems we use to ensure the proper provision of services:
We share personal data in the following circumstances or as otherwise described in this policy:
4. Cookies
A cookie consists of information sent by a web server to a web browser, and it is stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both "session" cookies and "persistent" cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website and persistent cookies to enable our website to recognize you when you visit our website again. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiration date.
We use cookies to collect information in order to improve our services for you.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provides information on how to accept cookies, disable cookies or to notify you when receiving a new cookie.
If you do not accept cookies, you may not be able to use some features of the Platform and we recommend that you leave them turned on.
5. Data Retention
The security of your Personal data is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the personal data we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.
Your personal data will be kept for as long as it is required for the purposes for which the personal data are processed under data processing terms in accordance with the laws of the Republic of Latvia.
After the retention period expires, all documents containing personal data will be permanently deleted, destroyed or made anonymous in a form which does not permit identification of data subjects. Longenesis will not notify you about the deletion, destruction or making anonymous of your personal data nor ask your permission to delete or destroy personal data after the retention period.
Please note that certain personal data retained on computer files may be available after the retention period for a certain time period in data backup systems until those files in the data backup system are overwritten. Usually, files in the data backup systems are not overwritten at once, leaving an appropriate margin for the possibility of restoring data at the needed time.
6. Access and Your rights
You can send us a reasonable request (Section 11 "Contacts and Disputes"), and we will respond to it no later than one month after receipt. You can also manage your Personal data by logging into your User account or contacting us.
You have the following rights under the GDPR:
In cases of consent withdrawal processing of all personal data is stopped instantly and shall not be restored, unless there is sufficient legal basis for it. We have the right to continue processing anonymized information or permanently delete it.
7. Links to Other Sites
The Platform may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
8. Business Transactions
If the Platform is involved in a merger, acquisition or asset sale, your Personal data may be transferred as a business asset. In such cases, we will provide notice before your Personal Information is transferred and/or becomes subject to a different Privacy Policy.
9. Data used for decision making
The resulting data is not used to make automated decisions. Input and output data are used for informational purposes only - generating a personalized report to the user, based on risk calculation using input data, as well as sending invitations to participate in research activities.
10. Policy Amendments
This Privacy Policy is effective as from the publishing date and any changes to it will be in effect immediately after being posted on the Platform.
We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Platform after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.
If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.
11. Contacts and Disputes
When processing personal data, Longenesis complies with the laws and regulations in force in the Republic of Latvia, the binding instructions and regulations issued by the responsible authorities, as well as the European Union legislation in general, and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [..] in particular.
This Privacy Policy shall be interpreted in accordance with the laws and regulations in force in the Republic of Latvia.
All disputes arising from this Privacy Policy are resolved through negotiations, if an agreement cannot be reached within 30 days, both the User and the Data controller have the right to apply to the binding court of the Republic of Latvia.
If you have any enquiries relating to this policy, our handling of your personal information generally or in relation to your data protection rights, please contact us by email at privacy@longenesis.com or office address: Dzirnavu str. 41A-5, Riga, Latvia, LV-1010.
In any case, any natural person always has the right to submit a complaint to the Data State Inspectorate of Latvia by email at pasts@dvi.gov.lv or office address: Elijas str.17, Riga, LV-1050, Latvia.
This privacy policy applies to the platform "Skrinings.lv, provided and maintained by the Data controller:
Longenesis, Llc.
Reg. No. 40203211852
Address Zaubes str.9A-23, Riga, Latvia
Thereafter – "Longenesis", "us", "we", or "our".
By using the Platform, you agree to the collection and processing of personal data and information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which are available here.
Definitions
Personal data - information relating to a living individual who is, or can be, reasonably identified from the information, either alone or in conjunction with other information.
Data Subject - individuals who can be reasonably identified using solely the information collected by the Controller via the Platform or its parts in combination with other data.
Platform/Service - information technology service provided through the digital population engagement platform skrinings.lv operated by Longenesis, which is used for purposes described in its terms of use.
Processor/ Data processor- a legal entity or natural person who has entered into a data processing agreement with Us or has any other legal basis to receive the data collected on the Platform and process it on our behalf.
Users - private persons who have created a personalized account or without it are accessing and using the Platform engaging with its features to participate in the female population health exploration initiatives.
1. Personal Data Collection
1.1. We collect the personal data of our:
Users: participants of screening events who have filled out at least one form on the Platform.
Subscribers: Data subjects who have subscribed to our newsletter sent by email or/or on any of our social networks and have agreed to share their data with us.
Website Visitors: Data subjects who have visited our Platform or any other website provided by us and have consented to the use of cookies.
1.2. Types of personal data that we collect:
- Personal information (e.g., first name, last name, age);
- Contact information (email address, phone number);
- Analytical data from third-party service providers about your use and activities on the Platform;
Identifiers obtained from a third party service, for example, identifiers from "Google Auth" obtained through user authentication using Auth0, Inc.
- The image (if it is uploaded to the Platform);
- Responses to forms/surveys / questionnaires
- Log Data
- Information provided to us through the feedback form or any other means of communication
- We also collect and process the information that you provide to us in order to contact us, subscribe to the newsletter and any other information that you choose to send to us.
2. Use of personal data
We process your data on the following legal bases:
- Contractual obligations
To ensure the operation of the questionnaire module - to determine the disease risks and generate personalized reports. The voluntarily entered and received data is used only for informational purposes - the formation of a personalized report for the User by performing a risk calculation using the entered data.
The contact information and Personal data of Users is processed to create and maintain User accounts on the Platform.
- Legal obligations
- Legitimate interest
To send you technical notifications, security alerts and administrative messages.
To answer your comments and questions and provide user support.
To track and analyze trends, usage, and other activities related to the Platform.
To detect, investigate and prevent security breaches and other malicious, deceptive, fraudulent or illegal activities, as well as to protect the rights and property of the Platform.
Identify and fix platform errors.
To fulfill our legal and financial obligations; and achieve any other goal that will be described to you when receiving information.
- Analytical data, log data can be used to:
Detect, investigate and prevent security incidents and other malicious, misleading, fraudulent or illegal activities, inform the security incident response team and authorities, protect the rights and property of the Platform and others;
Debug, identify and fix errors on the Platform;
Improve, develop and maintain our Platform functionality and create new products.
Monitor and analyze trends, usage, and actions within the framework of the Platform.
We can use the data collected from Users to ensure the Platform functioning, identify disease risks and create personalized reports.
- Consent
the use of cookies;
marketing emails, as well as inform you about research and other available health initiatives;
To communicate with you about new materials, products, services and features offered by the Platform, and to provide other news and information that we believe may be of interest to you (contact us to opt out, see section 11 - "Contacts and Disputes");
To provide information about available research projects in which you can manage your participation, agree, refuse or extend your participation in research.
The User has the right to withdraw consent at any time in the relevant section on the Platform or by contacting us in accordance with the terms of this Policy.
If your personal data is collected for any other purposes not specified above, we will inform you of any new purposes before data collection begins.
3. Subprocessors
Personal data is transferred to the Subprocessor only to the extent necessary to complete the task and in accordance with a legally concluded cooperation agreement.
The features we use to provide third-party service providers may include:
- User support and service;
- Marketing communication;
- vendors, service providers, and consultants;
- companies that provide us with web hosting, data storage and other infrastructure;
- Conducting research and analysis.
These Subprocessors have access to your personal data solely for the purpose of performing certain tasks on our behalf and are required not to disclose or use your information for any other purpose. Subprocessors have access only to those data identifiers, such as identification number, location, that are necessary to perform their tasks.
Anonymization of Personal data
Anonymization, as well as deployment, take place separately from data storage and processing servers and data warehouses, which means there is no risk of personalized selection. This feature helps research groups select potential cohorts, as well as prepare and send invitations to the appropriate user groups. This feature helps research teams to select potential cohorts, and to prepare and send invitations to such user groups.
The data set metrics are placed in an anonymized form within the framework of data collection available to verified and authorized scientific and research organizations. Data is anonymised - it is not linked in any way to the individual(s) of the sample. Anonymization as well as deployment is separate from data storage and processing servers and data warehouses, which means that there is no risk of personalized selection.
The third party systems we use to ensure the proper provision of services:
- Google, Inc. Google Analytics Tool - This tool stores information about your website visit. The data stored is anonymous and helps our team improve the quality of the website. You can read more about the terms of service provided by these tools and their privacy policies here and here.
- Auth0, Inc. tool for authorization. We use this tool to provide registration and/or authorization functionality, taking care of the accessibility, security, privacy and convenience of the service (the tool also allows authorization through popular platforms such as Google user accounts). Read more about this tool here.
- Amazon Web Services, Inc. products and tools for server and database deployment - we use this to ensure the service of the Platform is available online, risk estimation and personalized reporting, data storage and encryption algorithms are implemented to protect and minimize the risks of unauthorized access. Read more here.
We share personal data in the following circumstances or as otherwise described in this policy:
- Certain groups of researchers are granted access to users' personal data only to the extent needed to perform their duties in the Platform.
- The metrics of the entered dataset are anonymously placed in a data selection structure available to various scientific and research organizations. The data is anonymous - within the sample it is not related to a person (groups of people) in any way.
- Starting and providing the functionality of the Platform - to engage society into research initiatives and to help teams of researchers gather information of study participants, including the questionnaires completed by the participants. Certain groups of researchers shall have access to users' personal data only to the extent specified in the consent document voluntarily signed by participants. The participant has the right to withdraw consent to the use of his / her data in the specific study at any time.
- We may disclose personal data with legal, governmental, and institutional authorities if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements. If we are going to disclose your personal information in response to a legal process, we will give you notice so you can challenge it (for example by seeking court intervention), unless we are prohibited by law or believe doing so may endanger others or cause illegal conduct. We will object to legal requests for information about users of the Platform that we believe are improper.
- We may share personal data with legal, governmental, and institutional authorities if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of the Platform, our users, the public, or others.
- We share personal data with your consent or at your direction.
- We also might share aggregated or de-identified information that you have submitted to the Platform. In such situations the information cannot reasonably be used to identify you.
- Personal data is shared between and among Longenesis and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.
4. Cookies
A cookie consists of information sent by a web server to a web browser, and it is stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both "session" cookies and "persistent" cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website and persistent cookies to enable our website to recognize you when you visit our website again. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiration date.
We use cookies to collect information in order to improve our services for you.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provides information on how to accept cookies, disable cookies or to notify you when receiving a new cookie.
If you do not accept cookies, you may not be able to use some features of the Platform and we recommend that you leave them turned on.
5. Data Retention
The security of your Personal data is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the personal data we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.
Your personal data will be kept for as long as it is required for the purposes for which the personal data are processed under data processing terms in accordance with the laws of the Republic of Latvia.
After the retention period expires, all documents containing personal data will be permanently deleted, destroyed or made anonymous in a form which does not permit identification of data subjects. Longenesis will not notify you about the deletion, destruction or making anonymous of your personal data nor ask your permission to delete or destroy personal data after the retention period.
Please note that certain personal data retained on computer files may be available after the retention period for a certain time period in data backup systems until those files in the data backup system are overwritten. Usually, files in the data backup systems are not overwritten at once, leaving an appropriate margin for the possibility of restoring data at the needed time.
6. Access and Your rights
You can send us a reasonable request (Section 11 "Contacts and Disputes"), and we will respond to it no later than one month after receipt. You can also manage your Personal data by logging into your User account or contacting us.
You have the following rights under the GDPR:
- to revoke the permission for our use of data where consent was the basis for processing;
- to correct and update your information in your User account or by contacting us. We will take reasonable measures to rectify any information indicated as inaccurate;
- to request information concerning processing of your personal data;
- to have your information erased (if there is no legal or contractual obligation to store it) - we will respond to all such requests within a reasonable timeframe not exceeding 30 days;
- to withdraw previously given consent for, or restrict further, data processing - all withdrawals will be handled within a reasonable timeframe;
- to request a copy of your personal data, all such requests will be handled within a reasonable timeframe;
- to transfer your information in a machine-readable format to you or to another controller;
- to object to the use of your information processed for direct marketing.
In cases of consent withdrawal processing of all personal data is stopped instantly and shall not be restored, unless there is sufficient legal basis for it. We have the right to continue processing anonymized information or permanently delete it.
7. Links to Other Sites
The Platform may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
8. Business Transactions
If the Platform is involved in a merger, acquisition or asset sale, your Personal data may be transferred as a business asset. In such cases, we will provide notice before your Personal Information is transferred and/or becomes subject to a different Privacy Policy.
9. Data used for decision making
The resulting data is not used to make automated decisions. Input and output data are used for informational purposes only - generating a personalized report to the user, based on risk calculation using input data, as well as sending invitations to participate in research activities.
10. Policy Amendments
This Privacy Policy is effective as from the publishing date and any changes to it will be in effect immediately after being posted on the Platform.
We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Platform after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.
If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.
11. Contacts and Disputes
When processing personal data, Longenesis complies with the laws and regulations in force in the Republic of Latvia, the binding instructions and regulations issued by the responsible authorities, as well as the European Union legislation in general, and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [..] in particular.
This Privacy Policy shall be interpreted in accordance with the laws and regulations in force in the Republic of Latvia.
All disputes arising from this Privacy Policy are resolved through negotiations, if an agreement cannot be reached within 30 days, both the User and the Data controller have the right to apply to the binding court of the Republic of Latvia.
If you have any enquiries relating to this policy, our handling of your personal information generally or in relation to your data protection rights, please contact us by email at privacy@longenesis.com or office address: Dzirnavu str. 41A-5, Riga, Latvia, LV-1010.
In any case, any natural person always has the right to submit a complaint to the Data State Inspectorate of Latvia by email at pasts@dvi.gov.lv or office address: Elijas str.17, Riga, LV-1050, Latvia.