Dante Labs

Dante Labs
Log In Get Tested — from $449

GDPR

Your genetic data is protected by European law. Not by a promise.

In 2023, a US-based genomics company experienced a data breach that exposed the genetic information of nearly 7 million people. Their data was governed by a privacy policy. Not by law. There is a difference.

THE REGULATION

Genetic data is "special category data."

Under the General Data Protection Regulation (EU 2016/679), genetic data is classified as "special category data" under Article 9. This is the highest classification of personal data in European law. It means genetic data receives protections that go beyond what is available to ordinary personal information.

Special category data cannot be processed without explicit consent. It cannot be used for purposes beyond what was originally agreed. It is subject to mandatory impact assessments, enhanced security requirements, and the appointment of a dedicated Data Protection Officer. Violations carry penalties of up to EUR 20 million or 4% of global annual revenue.

This is not a corporate policy that can be changed with a terms-of-service update. It is a regulation enforced by independent supervisory authorities across the European Union.

JURISDICTION

Italian lab. European law. Structural protection.

Dante Labs processes all genomic data in our ISO 15189 accredited laboratory in Italy, a founding member state of the European Union. This is not a marketing decision. It is a structural one.

When your data is processed in the EU, it is governed by GDPR from the moment it enters our systems. This means enforceable rights, independent oversight, and legal consequences for non-compliance. No US-based genomics company can offer equivalent structural protection because the legal framework does not exist in that jurisdiction.

Italy's data protection authority, the Garante per la protezione dei dati personali, actively enforces GDPR with specific attention to health and genetic data. This is not theoretical oversight.

location_on

Processing location

Italy, European Union

gavel

Governing regulation

GDPR (EU) 2016/679

account_balance

Supervisory authority

Garante per la protezione dei dati personali

warning

Maximum penalty

EUR 20M or 4% global revenue

COMPLIANCE

How Dante implements GDPR.

GDPR is not a checkbox. It is an operational framework that shapes how we collect, process, store, and delete your genetic data at every stage.

how_to_reg

Explicit, informed consent

You provide explicit consent before we process your genetic data. You are told exactly what will happen, why, and what your rights are. Consent can be withdrawn at any time.

assessment

Data Protection Impact Assessments

We conduct mandatory DPIAs for all processing activities involving genetic data. These assess risks, document safeguards, and are reviewed regularly.

support_agent

Dedicated Data Protection Officer

Our DPO oversees all data protection activities, responds to data subject requests, and serves as the point of contact for supervisory authorities.

YOUR RIGHTS UNDER GDPR

Eight enforceable rights.

These are not features we offer. They are rights you hold under European law. We are legally obligated to fulfill them.

visibility

Right of Access

Obtain a copy of all personal and genetic data we hold about you.

edit

Right to Rectification

Correct inaccurate personal data we hold about you.

delete

Right to Erasure

Request complete deletion of your data. Permanent and irreversible.

block

Right to Restriction

Restrict processing of your data while a concern is resolved.

swap_horiz

Right to Portability

Receive your data in a machine-readable format for transfer to another provider.

front_hand

Right to Object

Object to specific types of processing at any time.

undo

Right to Withdraw Consent

Withdraw your consent at any time without affecting the lawfulness of prior processing.

gavel

Right to Lodge a Complaint

File a complaint directly with your national data protection authority.

SAFEGUARDS

Technical measures that back the legal framework.

verified

ISO 15189 Accredited Laboratory

International standard for medical laboratory quality and competence. Covers the entire chain from sample receipt through analysis to report delivery.

enhanced_encryption

Encryption

AES-256 encryption at rest. TLS 1.3 in transit. Pseudonymization separates identifiers from genomic sequences during processing and storage.

manage_search

Access Controls and Audit Trails

Role-based access controls restrict data access to authorized personnel. Every access event is logged with timestamps, user identity, and purpose.

CONTACT

Data Protection Officer.

To exercise any of your GDPR rights, ask a question about how your data is processed, or raise a concern, contact our Data Protection Officer.

dpo@dantelabs.com

All data subject requests are acknowledged within 48 hours and fulfilled within 30 days, as required by GDPR Article 12.

Privacy Policy Data Protection