GENEYX ANALYSIS PLATFORM

PRIVACY POLICY

Last Modified: August 2021

This Privacy Policy (“Privacy Policy”) applies to Geneyx Genomex Ltd. (the “Company” “we,” or “us”), which operates, develops, and markets software products and systems (“Services”) such as the Geneyx Analysis Platform (“GAP”).

This Privacy Policy describes our practices of collecting and processing personal data (as defined below) from users who access and use GAP (“user”) and acting under the management and permission of our customers (“Account Owner”).  We respect the privacy of our users and believe that it is of utmost importance. Therefore we encourage you to read this Privacy Policy carefully before accessing and using GAP and Services.

This Privacy Policy explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your personal data (as defined below) under the EU General Data Protection Regulation (“GDPR” or “Regulation”), which shall apply to you in the event you are present inside the European Economic Area (“EEA“), or other applicable regulation.

This Privacy Policy is an integral part of any other agreement between you and the Company,. Any defined terms that are used herein but not defined herein shall have the meaning ascribed to them in our EULA.

YOU HEREBY ACKNOLWEDGES AND AGREES THAT THIS PRIVACY POLICY SHALL GOVERN SOLELY THE INFORMATION AND DATA DETAILED THEREIN AND SHALL NOT GOVERN ANY DATA OR INFORAMTION YOU, THE ACCOUNT OWNER OR ANY OTHER USER SHALL UPLOAD TO GAP WHICH INCLUDEs DATA OR INFORMATION RELATED TO DATA SUBJECTS OF THE USERS OR ACCOUNT OWNER. SUCH DATA AND INFORMATION SHALL BE SUBJECT TO OUR ENGAGEMENT WITH THE SAID CUSTOMER AND ACOOUNT OWNER INCLUDING ANY DPA OR BAA SIGNED WITH SUCH ACCOUNT OWNER. any inquiry regarding the DATA processed in the GAP by and on behalf OF the account owner should be refERred to the Account Owner.

 

  1. AMENDMENTS

We reserve the right to periodically amend or revise this Privacy Policy which will go into effect immediately upon the implementation of the revised Privacy Policy published on the GAP website. The last revision date will be reflected in the “Last Modified” heading located at the top of the Privacy Policy. We will make a reasonable effort to notify you if we implement any changes that substantially change our privacy practices. We recommend that you periodically review this Privacy Policy to ensure that you understand our privacy practices and check for any amendments.

 

  1. Who are we and Contacting Us

Geneyx Genomex Ltd.

22 Maskit St.Hertzliya, Israel

Email: DPO@Geneyx.com

 

The Data Protection Representative (DPR) under Article 27 to the GDPR:

GDPR-Rep.eu

Maetzler Rechtsanwalts GmbH & Co KG

Attorneys at Law

c/o Geneyx genomex LTD

Schellinggasse 3/10, 1010 Vienna, Austria

 

Questions, comments, requests, and complaints regarding this Privacy Policy and the information we hold are welcome and should be addressed by using the contact details above. All requests will be dealt with promptly and efficiently.

 

  1. Data Controller / Data Processor for GDPR purposes

Under the GDPR we act as the “Data Controller” of our users’ Personal Data. The Data of which we are deemed as a Controller, consists of profile and contact details, as well as usage, preferences, engagement, and analytics data. As explained above, we are not the owner or controller of any data managed within the system, by or on behalf of our customers (the Account Owners_.

 

Other identified data managed in the GAP on behalf of the Account owner is being processed by us as a “Data Processor” on behalf of the Account Owner. In those cases, the Account Owner is deemed as the Controller of the identified data, and is solely responsible for the lawfulness of its collection and use, including any consent or disclosure required for that.  

 

  1. Collection of Non-Personal Data
    • We may collect aggregated, non-personal and non-identifiable information which may be made available or gathered through your access to GAP or use of our Services. Such data will include but shall not be limited to your aggregated usage and technical information transmitted or automatically collected, such as, among other things, your access time and date, and your actions while accessing and using GAP (“Non-Personal Data“).
    • Also, we may sometimes process and anonymize or aggregate personal data and identifiable information in a manner that shall create a new set of data that will be Non-Personal Data. Such a new data set can no longer be associated with any identified person.
    • Non-Personal Data may be used by us without limitation and for any purpose, including for commercial, research, or statistical purposes, without further notice to you. For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be considered Personal Data for as long as such connection or linkage exists.
  2. Collection of Personal Data
    • Personal Data”/”personal information”, means any information about an individual from which that person can be identified. We collect Personal Data from you voluntarily when you provide such Personal Data to us, when you register or use GAP, or via your interaction with GAP and our Services. We may also obtain such Personal Data about you as may be provided to us in the course of our legitimate business activities.
    • You do not have to provide us with your information, but in some cases, if you do not, it may mean that you are unable to use our services. For example, we cannot allow you the use of GAP unless you will use and sign in with your access information, such as username and password.
    • When you use GAP and choose voluntarily to provide us with your information, we might collect and process your Personal Data. in the table below, we have included information about the data that is collected, how we process and use such data, and the lawful basis for such use under the GDPR.

 

Type of Data

Purpose of Processing

Lawful Basis

Registration information

1.      If you wish to be granted with access to GAP and to use our Services, you will have to sign in and provide us with your first name; last name; email address and country.

2.      Note that you may be eligible to register and use the Services only subject to the Account Owner registration and following the Account Owner approval.

We will use this information solely for the purpose performing our contract with you as well fulfilling our legitimate interests.

We use this information to provide you with the Services you have requested.

Also, we may use your email address, in order to send you information related to the Services.

 

 

Such processing is part of our legitimate interests as a commercial business.

Contact details

If you voluntarily contact us in any manner, whether for support, to submit a request or for other inquiries, whether by sending us a direct email or through other means of communications, you may be asked to provide us with your contact information such as your full name, email address, phone number, and any other optional contact details you will provide us voluntarily.

We will process your contact details solely to contact you, responding to your inquiries, and providing you with the support or information that you requested.

We may process the contents of our correspondence with you to improve our Services, as well as to resolve any disputes with you (if applicable).

The lawful basis for processing your information will be to perform the contract between you and us, meaning we will use the data for addressing your requests and inquiries.

After completing any such request, we will retain your information as part of our business records under our legitimate interest.

Some of the Personal Data might be processed under our legal obligation, such as tax law.

 

 

Usage Data

Includes information about how you use our website, System, and services, including a record of your use in some cases.

We process this data under our legitimate interests of (i) operating, providing, maintaining, protecting, managing, customizing, and improving GAP, and how we offer it; (ii) enhancing your experience with GAP; (iii) auditing and tracking usage statistics and traffic flow.

We will share such Usage Data with your Account Owner which shall be considered as the Controller of such transferred usage data

 

 

Such processing is part of our legitimate interests as a commercial business.

Online identifiers and other Technical Data

includes internet protocol (IP) address, the device you are using, browser type and version, screen resolution, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access GAP

We process this data under our legitimate interests of (i) operating, providing, maintaining, protecting, managing, customizing, and improving GAP, and how we offer it; (ii) enhancing your experience with GAP; (iii) auditing and tracking usage statistics and traffic flow.

In the event required under the Regulation, we will obtain your consent to gather such information, for example through the use of cookies.

Such processing is part of our legitimate interests as a commercial business.

 

  1. How We Collect Information

We may collect information as follows:

  • Automatically– we may use cookies (as elaborated in the section below) or similar tracking technologies to gather some information automatically.
  • Provided by you voluntarily– we will collect information if and when you choose to provide us with the information, such as your communications with us etc., all as detailed in this Privacy Policy.

 

 

  1. Cookies Policy and Tracking Technologies
    • We or our third party service providers may use cookies and other similar tracking technologies or methods of web and mobile analysis to gather, store, and track certain information related to your access of, activity, and interaction with our Services and Website, as applicable.
    • A “cookie” is a small piece of information that a website assigns to your device while you access such website. Cookies are very helpful and may be used for a variety of different purposes. These purposes include, among other things, allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences, and making the interaction between you and the Website quicker, easier and smoother. Cookies are also used to help customize your experience and for advertising purposes (including personalized advertising). You can find out more information about cookies at allaboutcookies.org.
    • Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may remove cookies by following the instructions in your device preferences. However, please note that if you choose to disable cookies, some features of our Website and Services may not operate properly and your online experience may be limited.
    • We may use various types of Cookies and Pixels:
  • Essential – which are necessary for the site to work properly (usually appears under our name/cookie tag);
  • Functional – designated to save your settings on the Website – your language preference or other view preferences;
  • Targeting – used to collect information from you to help us improve our Services and serve you with targeted advertisements that we believe will be relevant to you (e.g., Google’s Cookies).
  • Social networks – Social Plug-In Cookies (e.g., Facebook, Twitter, LinkedIn Cookies, or pixels, etc.) enable sharing your usage information with your social network’s accounts.
  • Analytics – give us aggregated and statistical information to improve the Website and further developing it e.g., Google analytics, Google Firebase Crashlytics, etc.
  • Third-party services used by us – for example, to build a profile of your interests and show you personalized content and advertisements. They work by uniquely identifying your browser and device.
    • Please note that the data collected by the use of Cookies may be linked to and combined with any other data, including Personal Data. Also note, that Cookies and Pixels data is usually collected through third-party services, like Google, Facebook, etc. In those cases, your Personal Data might be transferred to those third parties, which might use it, as a “joint controller” of the data, or on other cases as the “Sub-Processor” of the data, meaning that the data is also “owned” and processed by them under their terms and conditions. Under those terms and conditions and the direct accounts or subscriptions you have with those third parties, your Personal Data might be linked to other data collected by the relevant third party and processed in its systems, for its purposes, and under its management.

 

  1. SHARING DATA WITH THIRD PARTIES

We do not share any Personal Data collected from you with third parties except in the following events:

  • Legal Requirement:We will share your information in this situation only if we are required to do so to comply with any applicable law, regulation, legal process, or governmental request (e.g., to comply with a court injunction, comply with tax authorities, etc.);
  • Policy Enforcement: We will share your information, solely to the extent needed to (i) enforce our policies and agreements; or (ii) to investigate any potential violations thereof, including without limitations, detect, prevent, or take action regarding illegal activities or other wrongdoings, suspected fraud or security issues, solely to the extent required;
  • Company’s Rights: We will share your information to establish or exercise our rights, to prevent harm to our rights, property, or safety, and to defend ourselves against legal claims when necessary, subject to applicable law;
  • Third Party Rights: We will share your information, solely to the extent needed to prevent harm to the rights of our Users, yourself, or any third party’s rights, property, or safety; we shall share your information with your Account Owner which is our customer and has provided you with the access grant to GAP.
  • Service Providers: we share your information with third parties that perform services on our behalf (e.g. customer service, tracking, servers, service functionality, marketing, and support, etc.), as reasonable for our business purposes. These third parties may be located in different jurisdictions.
  • Corporate Transaction: we may share your information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy;
  • Authorized Disclosures: we may disclose your information to third parties when you consent to a particular disclosure. Please note that once we share your information with another company, that information becomes subject to the other company’s privacy practices.

Also, Please note that if you act under an Account Owner, your data will be shared with, and managed by, the Account Owner. Such data may include log files and screen recordings of your use of GAP.  We do not supervise and are not responsible for the use of that data by the Account Owner.

 

  1. Your user rights under Privacy Protection laws
    • The data protection applicable regulation provides you with the ability to exercise some rights regarding your Personal Data that we hold such as:
  • Right to access your Personal Data – you can ask us to confirm whether or not we have and use your Personal Data, and if so, you can ask for a copy of your data;
  • Right to correct your Personal Data – you can ask us to correct any of your Personal Data that is incorrect, after verifying the accuracy of the data first;
  • Right to erase your Personal Data – you can ask us to erase your Personal Data if you think we no longer need to use it for the purpose we collected it from you. You can also ask for such erasure in any case in which the process of your data was based on your consent, or where we have used it unlawfully, or where we are subject to a legal obligation to erase your Personal Data. any request for such erasure will be subject to our obligations under the law (e.g., our obligation to keep some records for tax or customs purposes);
  • Right to restrict our use in your Personal Data – you can ask us to restrict our use of your Personal Data in certain circumstances;
  • Right to object to how we use your Personal Data – you can object to any use of your Personal Data which we have justified by our legitimate interest if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information;
  • You can always require us to refrain from using your data for direct marketing purposes;
  • You can ask us to transfer your information to another organization or provide you with a copy of your Personal Data (Portability Right);
  • Right to file a complaint to a supervisory authority for data protection issues. However, we will appreciate the chance to deal with your concerns before you approach the authorities, so please feel free to contact us in the first instance.
    • We may not always be able to do what you have asked. Also, not all those rights apply in every jurisdiction. Yet, we encourage you to contact us with any such request, and we will be happy to assist you.
    • You have the right to lodge a complaint at any time before the relevant supervisory authority for data protection issues. However, we will appreciate the chance to deal with your concerns before you approach the authorities, so please feel free to contact us in the first instance.
    • Though those rights principally apply under the GDPR towards EU residents, similar rights may apply in other jurisdictions, to some extent, in accordance with the relevant jurisdiction. Thus, if you are not an EU resident but still have any such request, we encourage you to contact us with any such inquiry. We will do our best to assist you, according to the applicable law and our legitimate and lawful interests.
    • Please note that, as explained above, we are not the owner or the controller of any genetic or personal data managed in the GAP. Any inquiry regarding that data should be addressed to the owner and controller of such data – the relevant account owner.

 

  1. data retention

Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. We may keep some of your Personal Data as a user for more extended periods to protect our legal interests or under any safety or other legal requirements.

 

  1. SECURITY

We use physical, technical, and administrative security measures for the Services that we believe comply with applicable laws and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed or accidentally lost.

However, unfortunately, the transmission of information via the internet and online data processing cannot be 100% secure. As such, although we will do our best to protect your Personal Data, we cannot guarantee the security of data transmitted via the Website and any transmission of your data shall be done at your own risk.  

If you feel that your privacy was not dealt with properly, or in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data, Please contact us at our email. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) if we discover a security incident related to your Personal Data.

 

 

  1. Data Processing Location

We may store or process your Personal Data in a variety of countries, including the United States. Further, certain processing activities are conducted in Israel, a country that the European Data Protection Board considers offering an adequate level of Personal Data protection regulation, or other countries.

Any transfer of personal data that originates in the European Union (“EU“) to a country outside of the European Economic Area (EEA), shall be made in compliance with the provisions of chapter 5 of the GDPR, e.g.:

  • transfer to a country that is recognized as providing an adequate level of legal protection;
  • transfer under a proper agreement containing the Standard Contractual Clauses published and authorized by the relevant EU authorities;
  • where we can be satisfied those alternative arrangements are in place to protect your privacy rights through the use of any other mechanism under the GDPR.

Suppose you are a resident of a jurisdiction where the transferring of your Personal Data requires your consent, your consent to this Privacy Policy includes your express consent for such transfer of your data.

 

 

  1. CHILDREN

Our Website are not directed, nor is it intended for use by children (the phrase “child” shall mean an individual that is under age defined by applicable law which concerning the European Economic Area (“EEA“) is under the age of 16 and with respect to the U.S.A, under the age of 13) and we do not knowingly process a child’s information. We will discard any information that we receive from a User who is considered a “child” immediately upon discovering that such User shared information. Please contact us if you have reason to believe that a child has shared any information with us.

.