This Privacy Policy applies to the personal data collected through Platform Longenesis.Engage (thereafter – "Platform"), email, phone, website "www.longenesis.com" or any other medium, developed or provided and maintained by Longenesis, company Reg. No. 40203211852, the address of which is Zaubes Street 9A-23, Riga, Latvia (thereafter – "Us", "We").

References to data, information, personal data in this Privacy Policy means information which alone or in conjunction with other accessible information can be used to identify a natural person.

This Policy informs you of Our practices regarding the safe and lawful processing of personal data when you access the Platform, website or contact us by any means mentioned above.

IN MOST CASES WE ARE THE DATA PROCESSOR/SERVICE PROVIDER FOR OUR CLIENTS.

In such cases our Clients determine the categories of data collected and purposes of use. In respect to such data we are a "Data Processor" under the General Data Protection Regulation (GDPR) and are operating at the direction of such customers.

This Policy describes how we act as a processor of the data for the purpose of providing service to our Clients.

We use your personal data for providing and improving the Platform. By using the Platform, you agree to the collection and processing of personal data and information in accordance with this Policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions available here.


When processing personal data, Longenesis complies with the laws and regulations enforced in the Republic of Latvia, the binding instructions and regulations issued by the regulatory authorities, as well as the European Union legislation, in particular the General Data Protection Regulation (GDPR).


1. Personal Data Collection

We collect data only to the extent necessary for fulfilling our purposes set out in this policy. In other cases, we act as a data processor on behalf of the data controller.


1.1. We collect information about Our:

Clients: institutions and their employees, agents, vendors we have entered into a Service Agreement with and have formalized our data processing relationship by signing a Data Processing Agreement.

Admins: employees or people in some kind of contractual relationship with the Client, accessing our website or granted full access to our Platform.

Users: survey, research, screening activity participants and patients who have filled out the form received from Admin in the Platform.

Potential Clients: institutions and their employees, agents, vendors who have expressed interest in becoming Clients and shared personal data by any means available.

Subscribers: data subjects subscribed to our Newsletter/ social media.


1.2. We collect the following categories of personal data:

• Personal information (name, surname);
  
  
• Contact info (email, address, phone No);
  
  
• Analytical data from third party service provider tools about your usage and actions on the Platform and our website;
  
  
• Visual image (if uploaded on the Platform);
  
  
• Other information that may contain personal data (information about Users collected through the Platform by the Admins).
  
  

1.3. Obtaining the Data

The data about you is collected as directly provided to us, collected and sent to us by any third party service providers, or when automatically collected in connection with your use of the Platform or our website.

• We collect and process personal data you provide directly before creating a profile or when signing up to launch a new project activity or participate in one.
  
  
• We obtain identifiers from third party services. For example, identifiers from "Google Auth" or "Eparaksts.lv" used for authentication;
  
  
• We also collect information that your browser sends whenever you visit the Platform ("Log Data"). This Log Data may include information about your device and about your visits to and use of the Platform (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation).
  
  
• We also collect and process information that you provide us for the purpose of subscribing to our website services, email notifications and/or newsletters and any other information that you choose to send us.
  
  

2. Use of personal data

We use the data only for the set of purposes laid down below. If any dispute shall arise on the other data processing activities, please contact us via privacy@longenesis.com. In cases where we act as a processor, please contact the data controller (contact info available in the consent form on the Platform).


2.1. We use the personal data and information we collect to:

• Create and maintain User or Admin profile on the Platform;
  
  
• Provide, maintain, and improve the Platform;
  
  
• To provide information on available research projects and other healthcare initiatives for which you can manage your participation, agree, withdraw or renew your participation;
  
  
• To contact Potential Clients with Platform license agreement offers;
  
  
• To keep the Platform operating and updated;
  
  
• To ensure the operation of various questionnaire modules - for example, the determination of disease risks and generation of personalized reports. Voluntarily entered and obtained data is used for informational purposes only - generation of a personalized report to the User by performing a risk calculation using the entered data.
  
  
• Send out technical notices, security alerts, and support and administrative messages;
  
  
• Respond to comments and inquiries and provide customer service;
  
  
• Communicate about new content, products, services, and features offered by Longenesis and provide other news and information we think will interest you (you can contact us to opt out of these communications at any time - please see section "12. Contacts and Disputes");
  
  
• Monitor and analyze trends, usage, and activities in connection with the Platform;
  
  
• Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity, inform the security incident response team and authorities, protect the rights and property of the Platform and others;
  
  
• Debug to identify and repair errors in the Platform;
  
  
• Comply with our legal and financial obligations;
  
  
• Carry out any other purpose described to you at the time of collection.
  
  

2.2. Use of Data Collected by the Admin

All information entered by Users in the Platform is controlled by the Client and Admins. In these cases, Longenesis acts as a processor of such data.

We have entered into a Data Processing Agreement with our Clients. It sets out the exact purposes of processing and limits our actions to what is dictated by the Client.

Admins have access to Users' personal data only to the extent specified in the voluntarily signed consent document and our contract with the Client.

In some cases we may use the data collected by the Client to protect our legitimate interest.


3. Personal Data Sharing and Purposes

We collect, use and process personal data solely for the purposes written thereto. In cases, when we are obliged to share personal data with third parties, it is done in an anonymized manner where possible.


3.1. How and why Users are contacted?

• Users receive an invitation to participate in a project or activity via email, social media post, QR code available at healthcare institution premises, invitation from a healthcare provider or Platform as a new form of consent or using other methods.
  
  
• If the User approves participation that may include agreeing to the terms described in individual consent forms, then the User is added to that project and the User is provided with activity specific data entry modules, etc. (which will be described in the individual consent forms or this Privacy policy).
  
  

The User has the right to withdraw consent at any time, subject to the terms of the activity-specific consent requirements.


3.2. Third parties

We may share minimal or anonymized personal data with parties that need access to it in order to perform services for us, such as companies that assist us with:

• vendors, service providers and consultants;
  
  
• web hosting, storage, and other infrastructure;
  
  
• Program development service providers;
  
  
• Payment processing, fraud prevention and security;
  
  
• Customer service and marketing communications;
  
  
• Legal support and business interest protection;
  
  
• Conducting research and analysis.
  
  

Data may be shared between and among Longenesis and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.

To fulfill our legal obligations, we may share your data with public authorities, if:

• We believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests to meet national security or law enforcement requirements. If we are going to disclose any personal information in response to a legal process, we will give you notice so you can challenge it (for example by seeking court intervention), unless we are prohibited by law or believe doing so may endanger others or cause illegal conduct. We will object to legal requests for information about Users of the Platform that we believe are improper.
  
  
• We believe that your actions are inconsistent with our agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of the Platform, our Users and Admins, the public, or others.
  
  
• We may share personal data with your consent or at your direction.
  
  
• We also might share aggregated or de-identified information that you have submitted to the Platform. In such situations the information cannot reasonably be linked back to you.
  
  

Only minimal amounts of data are shared to a third party to the extent necessary for the Platform and according to the agreement concluded with our Clients.


4. Cookies

A cookie is a piece of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. We use cookies to collect information and improve our services for you.

We use:

• "Technical" cookies for normal performance of our website and Platform. They help us maintain operations and deliver adequate user-experience.
  
  
• "Session" cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website. Session cookies will be deleted from your computer when you close your browser.
  
  
• "Persistent" cookies to enable our website to recognize you when you visit our website again. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiration date.
  
  

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provides information on how to accept cookies, disable cookies or to notify you when receiving a new cookie.

If you do not accept cookies, you may not be able to use some features of the website or Platform and we recommend that you leave them turned on.


5. Service Providers

We may employ third party companies and individuals (subprocessors) to ensure proper provision of the Platform, to provide and perform services on our behalf, and/or to assist us in analyzing how the Platform is used.

These third parties have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose. Third party services have access only to those data identifiers, such as name, identification number, location that are required to perform their tasks.

If you use the AI assistant on our Platform, please read the OpenAI L.L.C. Privacy Policy, before creating a project content with our third party OpenAI artificial intelligence API. You acknowledge and accept their terms by enabling the AI assistant for your project. In case you decide to employ this integration, any information you enter will be sent to a processor outside of the EU and EEA, stored and processed in the OpenAI facilities and servers in the United States. It is an optional tool, you can opt out of using it at any time. Please note, that we are not liable for any information you decide to enter.


The third party service providers we use to ensure proper operations:

• Amazon Web Services, Inc. products and tools for server and database deployment - we use this to ensure the service of the Platform is available online, risk estimation and personalized reporting, data storage and encryption algorithms are implemented to protect and minimize the risks of unauthorized access. Read more here.
  
  

6. Processing Purposes, Data Security and Retention

We process User data to provide service to our Clients pursuant to the applicable contract and data processing terms with them. In cases, where we are the data controller, we may apply only the set of processing purposes mentioned hitherto.

We process your data for:

• Contractual obligations - we process data of our Users to perform the contract signed between us and the Client;
  
  
• Legal obligation - we process your data to fulfill our legal obligations set out by national and international binding laws regulating patient's rights, archiving and commercial activity;
  
  
• Pursuing our legitimate interests - we may collect data or disclose it to a third party in cases of - information security incidents or emergency situations; operating, improving and maintaining our existing and creating new products; marketing and information on our services;
  
  
• Your consent - where no other legal ground applies, we collect consent to process your data.

The security of your Personal data is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the personal data we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.

However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of your data.

The data retention periods are determined within contract and data processing terms between us and the Client.

After the retention period, all documents containing personal data will be handed over to the Client, then permanently deleted, destroyed or made anonymous in a form which does not permit natural person identification. Only in certain situations will we notify you about the deletion, destruction or anonymization of your personal data. We will not ask your permission to delete or destroy personal data after the retention period.

Please note that certain personal data retained on computer files may be available after the retention period for a certain time period in data backup systems until those files in the data backup system are overwritten. Usually, files in the data backup systems are not overwritten at once, leaving an appropriate margin for the possibility of restoring data at the needed time.

Certain datasets might be stored in anonymized or pseudonymized form for a longer period of time to comply with applicable legislation, legal obligations or protect our legal rights.


7. Access and Your rights

You may send us a reasonable request (section "12. Contacts and Disputes") and we will respond to it no later than within one month upon receipt. You can also manage your personal data by logging into your account or contacting us.

Further to that, you have the following rights under data protection laws:

• to revoke the permission for our use of cookies;
  
  
• to correct and update your information at any time - we will take reasonable measures to help our Clients rectify any information indicated as inaccurate;
  
  
• to request information concerning processing of your personal data;
  
  
• to have your information erased (if there is no legal or contractual obligation to store it) - we will forward all such requests to our Clients and respond within a reasonable timeframe;
  
  
• to withdraw previously given consent for, or restrict further, data processing - all withdrawals will be handled by the Controller;
  
  
• to request a copy of your personal data;
  
  
• to transfer your information in a machine-readable format to you or to another controller - before any data transfers we must inform the Controller;
  
  
• to object to the use of your information processed for direct marketing.
  
  

We may retain some personal information to the extent and manner permitted by law.

In cases of consent withdrawal processing of all personal data is stopped instantly and shall not be restored, unless there is sufficient legal basis for it. The data Controller has the right to continue processing anonymized information or permanently delete it.


8. Links to Other Sites

The Platform may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party website. We strongly advise you to review their Privacy Policy upon your visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.


9. Business Transaction

If the Platform is involved in a merger, acquisition or asset sale, your Personal data may be transferred as a business asset. In such cases, we will provide notice before your Personal Information is transferred and/or becomes subject to a different Privacy Policy.


10. Data used for decision making

The resulting data is not used to make automated decisions. Input and output data are used for informational purposes only.


11. Policy Amendments

This Privacy Policy is effective as of the date of publishing indicated at the start, and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on the Platform.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Platform after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.


12. Contacts and Disputes

This Privacy Policy and any dispute or claim arising in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the Republic of Latvia and the European Union.

If you have any enquiries relating to this policy, our handling of your personal information generally or in relation to your data protection rights, please contact us at privacy@longenesis.com or Dzirnavu Street 41A, Riga, Latvia, LV-1010.

In any case, any natural person always has the right to submit a complaint to the Data State Inspectorate of Latvia, address: Elijas Street 17, Riga, Latvia, LV-1050.