DNAtest.cz - Genetická laboratoř Your future is in your... cells

Privacy Policy

Your privacy is our priority. Below you will find complete information about how we process your personal and genetic data in accordance with the GDPR regulation.

Last updated: 1 January 2025

1 1. Data Controller

The data controller is DNAtest.cz s.r.o., Registration No.: 00000000, registered in Prague, Czech Republic. The controller processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Czech Act No. 110/2019 Coll. on personal data processing.

2 2. Data we collect

Depending on the service ordered, we process the following categories of data:

  • Identification and contact data: name, surname, email address, phone number, postal address.
  • Payment data: order number, payment method (actual payment data is processed by the payment gateway).
  • Genetic data: DNA profile (STR markers or haplogroups) derived from a biological sample. This is a special category of personal data under Art. 9 GDPR.
  • Technical data: IP address, cookies, browser data and website traffic data.

3 3. Purpose and legal basis of processing

Účel Právní základ
Order fulfilment and service provision Performance of contract (Art. 6(1)(b) GDPR)
Processing of genetic samples Explicit consent of the data subject (Art. 9(2)(a) GDPR)
Sending order-related communications Performance of contract / legitimate interest
Bookkeeping and fulfilment of legal obligations Legal obligation (Art. 6(1)(c) GDPR)
Website analytics and improvement (cookies) Consent (Art. 6(1)(a) GDPR)

4 4. Retention periods

We retain personal data only for as long as necessary to fulfil the purpose of processing:

  • Order data: 10 years (statutory obligation for VAT and accounting purposes).
  • Genetic samples (physical): biological samples are destroyed after results are issued. DNA profile is retained for the duration of consent, maximum 5 years.
  • Cookies and analytical data: according to the validity of individual cookies, maximum 2 years.

5 5. Data security

Genetic data is stored on encrypted servers within the EU. Access to sensitive data is restricted to authorised laboratory staff. Customer communication is via encrypted channel (TLS 1.3). We regularly conduct security audits and system resilience testing.

6 6. Your rights

Under GDPR, you have the following rights:

  • Right of access to the personal data we process about you.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — where the purpose of processing has ceased.
  • Right to restriction of processing.
  • Right to data portability in a machine-readable format.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent for genetic data processing at any time without detriment.
  • Right to lodge a complaint with the Office for Personal Data Protection (ÚOOÚ), www.uoou.cz.

7 7. Cookies

We use necessary cookies for website operation and analytical cookies (Google Analytics, own analytics) only with your consent. You may withdraw your consent at any time via cookie settings. For details see our Cookie Policy available in the website footer.

8 8. Data Protection Officer (DPO) contact

To exercise your rights or with questions about personal data processing, please contact our Data Protection Officer:

E-mail: gdpr@dnatest.cz

Postal address: DNAtest.cz s.r.o., Attn: DPO, Prague, Czech Republic

We will respond to your request within 30 days of receipt, in accordance with Art. 12 GDPR.