DATA PROTECTION
Your genome deserves the strongest protection in the world. It already has it.
Genetic data is the most sensitive information a person can generate. It cannot be changed. It identifies you permanently. It reveals information about your family. We treat it accordingly.
GDPR FRAMEWORK
Four principles that govern everything we do.
The General Data Protection Regulation provides a legal framework with enforceable obligations. These are not policies we chose. They are requirements we are bound by.
Explicit Consent
Your genetic data is only processed with your explicit, informed consent. You decide what happens. You can withdraw at any time.
Purpose Limitation
Data is collected for a specific, stated purpose: generating your genomic reports. It cannot be repurposed without your explicit agreement.
Right to Erasure
You can request complete deletion of your data at any time. When we delete, we delete. No backups retained, no shadow copies, no exceptions.
Enforcement
GDPR violations carry penalties of up to 4% of global revenue or EUR 20 million. These are not guidelines. They are laws with real consequences.
DATA LIFECYCLE
From sample to deletion. Every step protected.
Sample
Saliva collection kit shipped to your home. Chain of custody documented from the moment you seal the tube.
Sequencing
Processed in our ISO 15189 accredited lab in Italy. 30X whole genome coverage. Physical sample destroyed after sequencing.
Storage
Encrypted at rest (AES-256) on EU servers. Role-based access controls. Comprehensive audit trails on every data access event.
Delivery
Reports delivered through your secure Genome Manager portal. TLS 1.3 encryption in transit. Two-factor authentication.
Deletion
Request deletion at any time. Complete erasure within 30 days. Confirmation provided. Irreversible by design.
TECHNICAL SAFEGUARDS
Infrastructure-level protection.
AES-256 Encryption
All genomic data encrypted at rest using AES-256, the same standard used by governments and financial institutions for classified information.
Role-Based Access
Access to genomic data is restricted by role. Only authorized personnel with a documented need can access specific data categories.
Pseudonymization
Personal identifiers are separated from genomic data during processing. Your DNA sequence is not stored alongside your name or contact information.
Breach Notification
In the event of a data breach, GDPR requires notification to the supervisory authority within 72 hours and to affected individuals without undue delay.
CERTIFICATIONS
Independently verified. Continuously audited.
ISO 15189
International standard for medical laboratory quality and competence. Covers sample handling, testing procedures, and data management.
GDPR
Full compliance with the European Union General Data Protection Regulation. Genetic data classified and protected as special category data.
CLIA
Clinical Laboratory Improvement Amendments certification for clinical testing standards recognized by healthcare systems worldwide.
HIPAA
Health Insurance Portability and Accountability Act compliance for protected health information. Additional layer of protection for US-based users.
JURISDICTION
Processing location matters.
Not all data protection frameworks are equal. The European Union's GDPR is the most comprehensive data protection regulation in the world. By processing your data within the EU, in our Italian laboratory, your genetic information receives the highest level of legal protection available.
Companies that process genetic data in jurisdictions without equivalent regulation expose their users to risks that no privacy policy can mitigate. Where your data is processed determines which laws protect it. We chose the strongest jurisdiction on Earth.
CONTACT
Data Protection Officer.
For questions about data protection, to exercise your rights under GDPR, or to report a concern, contact our Data Protection Officer directly.
dpo@dantelabs.com