The purpose of this Privacy Policy is to provide users (“User/Users”) who access the website https://www.novusgenomics.com/ (“Website”) and interact with the Website and with the services offered through the same, with information on the processing of their personal data, in accordance with Article 13 of EU Regulation no. 679/2016 (“Regulation” or “GDPR”), Legislative Decree no. 196/2003 (the “Privacy Code”) and the applicable privacy regulations.

The data controller is Novus Genomics with registered office in Squashstraat 2, 2492 VL, the Hague, the Netherlands, email: info@novusgenomics.com (“Data Controller” or “Company”).

A. Personal details
B. Samples and data
C. Website cookies

A. Personal details

1. For what purposes does the Data Controller process Users’ personal data?

• To allow Users to create an account and log in to the Website, to ask the Company for a quotation for the services offered on the Website, manage orders and send complaints to the Data Controller. Legal basis for the processing of personal data: handling and proper management of the User’s requests.
• To process the orders and/or the purchase of services made by the User and to allow the User to see and download the results of the tests. Legal basis for the processing of personal data: conclusion and correct execution of the contract between the Data Controller and the User (please refer to the General Terms & Conditions of the Website).
• For administrative and accounting purposes (organizational, financial and internal controls), including verification of the customer’s solvency by consulting public lists and/or authorized suppliers, for purposes related to the protection of legal rights, the management of complaints and litigation, recovery of debts, the prevention of frauds, including computer frauds and/or illegal activities against Data Controller and/or Website. Legal basis for the processing of personal data: pursuit of a legitimate interest of Data Controller and/or third parties which, according to the evaluations of Data Controller, does not prevail over the fundamental rights and freedoms of the User.
• For purposes connected with the fulfilment of legal obligations, regulations, national and/or EU legislation as well as provisions issued by authorities empowered to do so by law. Legal basis for the processing of personal data: fulfilment of a legal obligation and/or an order issued by an authority under the law.

2. Is the provision of personal data by the User mandatory?

Yes, it is mandatory and failure by the User to provide the data will not allow the User to create an account, make use of the services offered by the Data Controller through the Website nor to purchase the Company’s services.

3. To whom are the User’s personal data communicated?

The Data Controller may communicate the User’s data, for the purposes indicated in paragraph 1, to the following subjects/entities:

• Companies, consultants and/or freelance professionals entrusted by the Data Controller to carry out tasks of a technical or organizational nature relating to the Website or with which the Controller collaborates, for the purposes of the proper provision and operation of its services.
• Bank institutions, to process orders of payments.
• Persons, companies or professional firms that provide assistance and consultancy to Data Controller, with particular but not exclusive reference to accounting, IT, administrative, marketing, legal, tax and financial issues.
• Subjects whose right to access data is recognized by law or by orders of the authorities.

The subjects belonging to the above categories will use the User’s personal data as independent data controllers or, alternatively, may have access to it as data processors, duly appointed by the Data Controller pursuant to article 28 of the Regulation. These subjects may be established in EU and non-EU countries: in the latter case, the Data Controller guarantees that any transfers of personal data to the Republic of Korea will be carried out on the basis of the adequacy decision of the European Commission (or through the so-called “Standard Contractual Clauses” approved by the European Commission if to countries other than the Republic of Korea). User’s data may also be brought to the attention of employees of the Company who will process them in their capacity as persons in charge of processing.

4. How long are personal data stored?

• Data provided by the User when registering on the Website: they will be stored as long as the User is registered on the Website.
• Data provided by the User in the event of communications and/or requests for information addressed to the Data Controller: they will be stored for 12 months, except for complaints which will be stored for 5 years to enable the Data Controller to defend itself before the Court.
• Data provided by the User when concluding a contract with the Data Controller and in the course of the execution of such contract (including payment data): they will be stored for the entire duration of the contract and for the following 5 years, only for internal administrative purposes and in the event of pending or emerging legal disputes.

5. What are the rights granted to the User under the applicable privacy law?

The User may exercise, in the cases expressly provided for by law, the rights under article 15 et seq. of the Regulation. In particular, the User has the right to:

• request confirmation as to whether or not his/her personal data is being processed and ask the Data Controller for access to the information relating to the processing
• request the rectification of inaccurate or incomplete data
• request the cancellation of data
• request the restriction of the processing of personal data
• request to receive, in a structured, commonly used and machine-readable format, the personal data concerning him/her and transmit them to another data controller or request direct transmission from one data controller to another, if technically feasible (so called “data portability”)
• withdraw at any time the consent provided
• object in whole or in part, for legitimate reasons, to the processing of personal data concerning him/her

These rights may be exercised by sending a communication to the following email address: info@novusgenomics.com.com.

B. Samples and data

1. Data security

Novus Genomics takes the confidentiality of client projects and data seriously. Our client data is housed within Novus Genomics’s data system, which is protected by comprehensive security measures. These include multiple firewalls, appliance-based intrusion prevention systems and layered antivirus filtering systems. In addition, client data is stored on servers that are protected by electronic access control and video surveillance.

2. Data confidentiality

To ensure a high level of data confidentiality, all our client projects are encoded and all samples are marked with barcodes. Our scientists and technicians handle client samples only by these codes, and would not be able to obtain identities of clients or the associations with their samples. After completion of a project, we either return unused samples or destroy the samples on-site.

3. Data ownership

We do not seek any ownership of either the samples or the data generated from our clients’ projects. Our clients have full ownership of all samples sent to us and full ownership of the data generated. It is not required to add Novus Genomics employees to the list of authors in publications or share their any intellectual property with us as part of a project.

C. Website cookies

The Company informs Users that, during navigation and interaction with the services offered on the Website, the Data Controller will collect, by means of cookies and similar technologies, some personal data such as, for example, the pages visited, the links or buttons clicked, the date and time of access and the IP address (“browsing data”).

1. What is a cookie and what is it used for?

Cookies are usually strings of text that websites visited by the User (so-called “publishers” or “first parties”) or other websites or web servers (“third parties”) place and store – directly, in the case of publishers, and indirectly, i.e., through publishers, in case of “third parties” – on User’s device. The information encoded in cookies may include personal data, such as an IP address, username, unique identifier or email address, but may also contain non-personal data, such as language settings or information about the type of device a person is using to browse the Website.

2. What cookies are installed on the Website?

This website only uses necessary technical cookies: these cookies contribute to the availability of the Website by enabling basic functionalities, such as navigation on the Website pages and access to protected areas of the Website. The Website cannot operate properly without these cookies; therefore, their use does not require User’s consent. The legal basis of the processing for the use of these cookies is the legitimate interest of the Data Controller to allow Users to correctly browse the Website and to ensure the security of the Website.

3. How to disable cookies?

In addition to being able to choose to accept or reject all or part of cookies used by the Website through the mechanisms outlined in this Cookie Policy, you may also delete cookies from the Website through your browser settings.

Most browsers are set up to accept cookies. However, you can configure your browser to restrict the number of cookies accepted or block all cookies by changing your browser settings as follows:

• Microsoft Edge – Click on the “three dots” icon in the top right-hand corner and select “Settings”. In the pop-up window, select “Cookies and site permissions”.
• Google Chrome – Click on the “three dots” icon in the top right-hand corner and select “Settings”. Then select ‘Privacy and Security’ and change ‘Privacy’ settings.
• Mozilla Firefox – From the drop-down menu in the top left-hand corner select ‘Options’. In the pop-up window select “Privacy”.
• Safari – From the drop-down menu in the top right corner select “Preferences” and then “Security”.

Please note, however, that disabling the use of all cookies on the Website (including technical cookies) will affect some of its functionalities. The website www.allaboutcookie.org contains instructions on how to manage cookies on the most popular browsers.

This Privacy Policy can be amended at any time, in a visible way to users and data subjects by publishing the change on the Website. We therefore invite you to check these updates through the appropriate section of the Website. If the changes are particularly significant and/or have a high impact on the rights of data subjects, they may be communicated to data subjects also through a different method (e.g. by sending an email to the data subjects).