Genetic Data Belong Exclusively to the Customer

There is probably nothing as personal as your own genetic data. As a state-approved human genetic laboratory, we are, of course, aware of this fact.

In order to do justice to the great responsibility that comes with our work, the highest standards of data protection are an integral part of our quality assurance.

Genetic data are unique and belong exclusively to the respective customer. Our strict security measures ensure that this remains so in the future.

 

Our data protection measures at a glance

  • Due to our approval for the performance of medical genetic tests, we have to meet particularly high standards of data protection.
  • The employees of our laboratory are subject to medical confidentiality and receive regular training in data protection issues.
  • In order to prevent unauthorized access to customer data, our systems are equipped with state-of-the-art security measures.
  • To protect the identity of our customers, samples are not given names but an encrypted QR code.
  • After a successful analysis, the DNA on all samples is immediately destroyed.
  • Our customers can instruct us to delete their stored genetic data at any time immediately.
  • We use the data received exclusively for the intended purpose and do not pass them on to third parties at any time.

We Meet the Requirements of Medical Data Protection

Our laboratory is approved by the Austrian Federal Ministry of Health to carry out medical genetic analyses. This certification obliges us to meet the high requirements intended for the protection of medical data.

Within the scope of governmental audits during approval as well as internal and external controls, we check whether we meet the strict requirements of medical data protection. Our customers can, therefore, be sure that we optimally protect their sensitive and medical data at all times.

Medical Confidentiality for Our Employees

As a matter of principle, we only grant access to sensitive data to our employees if it is actually required within the scope of the work processes. In addition, our staff is subject to medical confidentiality.

Every employee has committed himself in writing to observe this at all times. The data of our customers are thus treated with the same discretion as is standard practice in hospitals or medical practices.

Regular Data Protection Training for Employees

Of course, it is not enough to oblige an employee to observe confidentiality if he or she does not know what is actually important in data protection.

For this reason, all employees who work with sensitive customer data are extensively trained and tested on data protection issues. In addition, we provide regular refresher courses to ensure that our staff is always up to date on data protection issues.

Technical Measures to Ensure Data Security

With us, only those employees can technically access data, who have to work with them. Also, every access to sensitive data is stored together with the identity of the respective employee. This ensures that data retrievals can be traced at any time.

To protect our systems from unauthorized access, we have also implemented a two-factor authentication system. This makes it practically impossible to access sensitive data of our customers without authorization.

Separate Data Storage on Independent Servers

As an additional security measure, genetic and personal customer data is split upon receipt and stored separately on two different servers.

Even if hackers should, contrary to expectations, manage to steal the data from one server, they would then have either a simple list of contact details or a worthless jumble of genetic codes without any personal reference.

Encrypted Identification of Samples

To ensure reliable protection of our customers’ sensitive data at all times, we do not rely solely on technical measures. Furthermore, samples are not provided with the name of the customer but with an encrypted QR code.

In this way, neither the courier nor the employee in our laboratory responsible for the analysis knows the identity of the respective customer. If, in exceptional cases, it is not possible to seal a sample before it arrives at our laboratory, this is done immediately upon receipt of the mail.

The Immediate Destruction of the Samples After Analysis

Of course, our customers can rely on the fact that their samples will not be stored against their will. As soon as we have completed the analysis, the samples are rendered unusable. For this purpose, they are removed from the containers and sprayed with a solution that reliably breaks down the DNA.

A more extended storage period is explicitly only carried out if a customer has expressly released his sample for research with his signature. In this case, the sample is used anonymously so that it cannot be assigned to a specific person.

Storage and Destruction of Data

As an approved human genetics laboratory, we follow the standard recommended for medical laboratories and store genetic data for seven years after their last use. This allows us to refer back to our analysis data and recommendations of that time in the event of later queries about the results.

Furthermore, in many cases, we naturally need the analysis results for the production of our personalized food supplements and cosmetics. Of course, the data can also be deleted at any time upon request. Customers who do not wish their data to be stored will find a form under our General Terms and Conditions for this purpose, which they can use to order the deletion.