Data Protection Notice/Privacy Policy of the Website of the Company IQ Genomix

The protection of your personal data is important to us. This Privacy Notice (the “Notice”) is intended to inform you about the terms and conditions concerning the collection, storage, and use of your personal information when you visit the IQ Genomix Company Website (the “Website“) or register and use the Colon AiQ molecular test ordering Platform available on this website (the “Platform“) provided that you are a natural person.

The Company with the name ” IQ GENOMIX MEDICAL TECHNOLOGY PRODUCTS SOCIETE ANONYME.” and the distinctive title: “IQ GENOMIX” (Business Registry Number (GEMH):. 177750601000, VAT Number. 802511100, Tax Office: KEFODE Attica), acts as the Data Controller of the Data entered on our Website.

The registered office of our company is located in in Pallini, Attica, Greece, on 46 Marathonos av., P.C.: 15351.

If you wish to contact us regarding any matter related to the processing of your data or the exercise of your rights, please reach out to the Data Protection Officer appointed by our Company at dataprotection@iqgenomix.com or by post at the Company’s address provided above.

1. A few words about https://iqgenomix.com/

This Website serves as the official website and online platform for ordering molecular tests provided by our company (hereinafter the “Company”).

The personal data you provide when browsing our Website or registering as a user (e.g., creating a user account) to access our digital services, including the test ordering platform, are subject to processing and will be stored under the Company’s responsibility.

2. What is Personal Data?

The term “personal data”, as used in this Notice, refers to any information relating to you as a natural person, either as an individual or as a professional, that can be linked to you and/or can identify you, directly or indirectly, such as, for example: full name, , email address, contact telephone number, payment account details, etc. (hereinafter referred to as “Personal Data or Data”)

3. What is Personal Data processing ?

Processing of Personal Data refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Persona Data.

4. Which types of Data are we collecting about you?

  • 4.1.  As a rule, we only collect the personal data that you choose to provide to us with directly when you browse our Website and use the services provided on it. This may occur when you complete the following forms or use the following services:
    • Α) When you fill in our Website Contact Form “How to contact us”
      Data collected : full name, email, telephone number
    • Β)When you register as a member/create an account on our Website and use the registered member services.Data collected: full name, email, username, username, password, date of birth, gender, social security number, home address, mobile phone number, landline phone number,Your password is stored in encrypted form solely for access control purposes. The Company cannot access the digits that make up your password.
    • C)When placing and fulfilling an order for the Colon AIQ test via our Order PlatformData collected: medical history, shipping address of the sampling kit, home sampling address (if not the same as your contact address), billing information, specific order ID/barcode, ACS tracking number of the test kit (if applicable), any additional information you provide to us via the “Additional Information” field, Colon AiQ test results/report of Colon AiQ test results.
    • D)Data that we collect outside the Website for the purposes of conducting the tests:Data collected: Sample data (blood) collected from you.
    • E)Data Collected at a Later Time for Quality Control (With Your Consent)Data that can be collected: Information about any future tests you may have undergone, including the results of those tests, which are related to the services/tests provided by the Company.
  • 4.2. In addition to the above cases, the following personal data are also collected for the purposes of the Website:
    • Α) Website usage data and metadata through the use of cookies. For more details on how this data is collected and used, please refer to our website’s Cookies Policy, and
    • Β) Confirmation of Transaction Success or Failure when processing payments via debit or credit card for purchases made from your shopping cart or through available electronic payment methods. This confirmation is automatically provided to us by the National Bank of Greece (our primary online payment provider) or any other online payment providers used for transaction processing by our Company. The Company does not have access to or store your card details under any circumstances. The Bank and the respective online payment provider you choose act as independent controllers of your personal data processed during the use of their payment services, which operate under their sole responsibility.
    • Γ) Metadata from website security logs related to your activity on the Website.

5. Are we processing personal data belonging to minors?

In general, we do not process data concerning children under the age of 18, as the services of our Platform are addressed to persons over the age of 18 who have legal capacity to perform a purchase contract  (see also the Terms of Use). If we discover that we have collected Data of a minor under 18 years of age, without a legal basis for this, we will proceed to the immediate deletion of the data. In any case, the provisions of chapters 6 and 7 of this policy shall also apply to minors.

6. For what purposes is your data processed?

We collect your data solely for the purpose of providing our Company’s services and ensuring the smooth operation of our Platform and our Website.

More Specifically, your data is processed for the following purposes:

  • a) Providing you with the electronic services available to registered users of our website (e.g., Test Order, Purchase History, Test Results);
  • b) Ensuring the smooth processing and execution of your order, including billing and addressing any issues related to the services provided;
  • c) Communicating with you using the information provided through the contact form;
  • d) Monitoring website traffic;
  • e) Ensuring the security of website information;
  • f) If you are a registered user, sending newsletters and promotional content related to our Company;
  • g) If you have ordered specific tests that require periodic repeat testing, sending notifications when the recommended retesting period approaches;
  • h) Complying with legal obligations imposed by applicable laws and regulations.
  • i) Conducting customer satisfaction surveys to improve our services.
  • j) Quality control of services and examinations, as well as the generation of anonymous statistical reports for internal analysis.

7. What is the legal basis for the processing of your Data by our Platform?

According to the applicable legislation, the processing of your personal data, for any intent and purpose, must be based on specific legal grounds.

The processing of website users’ data for the abovementioned purposes (chapter 6 of this Notice) is carried out on the following legal bases:

  • A)In order to provide you with electronic services through the website (purpose “a”), and for the smooth completion and execution of your order and the settlement of issues related to the services provided (purpose “b”), the processing is carried out because it is necessary for taking preliminary measures (at the order stage) and the execution and monitoring of the contract for the provision of services (user services) and/or sale of products which is concluded between you and our Company.
  • B) For the purposes of monitoring website traffic (purpose “d”), communicating with you after submitting the contact form (purpose “c”), ensuring website security (purpose “e”), and conducting customer satisfaction surveys (purpose “i”), the legal basis for processing is the pursuit of our Company’s legitimate interests. Specifically, purpose “d” aims to increase the effectiveness and reach of our website, purpose “c” ensures effective communication with our customers and partners, enhancing overall satisfaction, purpose “e” safeguards the data and intellectual property of both our Company and website visitors, purpose “i” focuses on improving service quality and enhancing customer satisfaction.
  • C) For the sending of newsletters and promotional content from our Company (purpose “f”), processing is conducted in accordance with Article 11(3) of Law 3471/2006, unless you have expressed your objection to receiving such messages. You can opt out of receiving these messages at any time by selecting the “unsubscribe” option included at the end of each message, adjusting the privacy settings in your registered user profile on our website and sending an email to dataprotection@iqgenomix.com to inform us of your objection.
  • E) For the sending of notifications regarding the recommended time for repeating a test previously ordered from our platform (purpose “g”), processing is based on your explicit consent, which you can provide at the time of ordering the test in question.
  • F) For quality control of the Company’s services/examinations and the production of related anonymous statistics (purpose “j”), processing is based on your explicit consent, which you can provide when ordering the relevant examination. As part of this process, we may contact you to ask whether you have undergone additional related tests and request information on their results. This data is used solely to conduct further quality assessments of our tests and services and produce aggregated and anonymized statistics on test performance and success rates.If you do not provide consent for this processing, you may proceed with your examinations as usual, and you will not receive any communication regarding the quality control of our examinations.
  • G) For the use of cookies on our website, except for strictly necessary cookies, the processing of your data is based on your explicit consent, which you provide by configuring your preferences through the “cookie banner” on our website.
  • For more information about our use of cookies, see here.

Special Categories Data
The processing of special categories of data (health data) is carried out only in exceptional cases and is based on the following legal grounds:

  • I) For purposes related to ordering and conducting services/examinations provided by our Company (purposes “a” and “b”), processing is necessary for preventive or professional medical purposes.
  • II) For the purposes of sending notifications when the recommended time to repeat a test you previously ordered is approaching (purpose “g”) and for quality control of services/examinations and the generation of anonymous statistical data (purpose “j”), processing is based on your explicit consent.

8. Who are the recipients of your Data?

The recipients of your data are, in general, the necessary personnel of our Company, who have been appropriately trained to ensure the secure processing of your personal data.

Additionally, your data may be shared with:

  • 1) Natural and legal persons entrusted by our Company with the performance of specific tasks on its behalf, such as: our external partner responsible for in-house blood collection in the context of our examinations, the external partner providing storage infrastructure and supporting the operation of our Company’s systems (including servers, ERP, eInvoicing, etc.), our newsletter management company, and the external accountant with whom our Company cooperates. These collaborating entities, acting as Processors of personal data, have been duly informed and have contractually committed to maintaining the confidentiality of your data. They are aware of and adhere to our instructions on personal data processing and implement all necessary measures to ensure its protection.
  • 2) Partner courier companies, banks, or electronic payment service providers through whose systems your electronic transactions are processed, as well as the partner medical company responsible for the Colon AIQ test. These entities operate under specific legal and regulatory frameworks that govern their activities and act as independent Data Controllers in relation to your data within the scope of their cooperation with us.
  • 3) Supervisory, auditing, independent, judicial, public, and/or other authorities and bodies, within the framework of their statutory powers, duties, and responsibilities (e.g., the Consumer Ombudsman, tax authorities, etc.), when the transmission of data is either legally required or explicitly provided for by law.For more information about how our partners process your data, please refer to the respective Privacy Policies of each partner.

Lawyers, law firms, bailiffs, experts, and appraisers, in cases of legal proceedings, where necessary, to safeguard and protect our rights and interests.

9. How do we ensure that our Processors respect your Personal Data?

The Processors, who process your data on our behalf, have agreed and contractually bound themselves to:

  • Processing your personal data solely in accordance with our instructions,
  • Maintaining strict confidentiality,
  • Not disclosing data to third parties without our permission,
  • Undertake appropriate security measures to protect your data.
  • Complying with the legal framework for the protection of personal data, including the European GDPR Regulation.

10. Is your data being processed outside the European Union?

We do not transfer your data outside the European Union. Your personal data is stored and processed exclusively within the EU.

If, in the future, the transfer of your data outside the EU becomes necessary to achieve the processing purposes outlined above, our Company will ensure that adequate safeguards are in place in accordance with Chapter V of the GDPR. In such cases, we will either inform you directly or update this section of the Privacy Notice to provide you with the necessary information regarding such transfers.

11. When do we delete your Data?

As a general rule, we delete your data once processing is no longer necessary to fulfill the purpose for which it was collected or to comply with legal obligations. In any case, your data will not be retained for more than 20 years.

We delete the Data you have entered in your user account as soon as you delete your account. In addition, If your account remains inactive for five (5) years, we will deactivate it and retain only the essential information required for reactivation should you choose to use it again in the future. All account-related data, including reactivation information, will be completely deleted after ten (10) years from your last activity.

Data related to your orders is retained for five (5) years after the completion of each order.

Due to tax legislation, billing and invoicing data are stored for eleven (11) years from the issuance of each document.

Your health-related data (e.g., medical history, test results) is stored for ten (10) years from the date of your last test.

Biological samples collected for testing are deleted immediately after the test is performed, as the sample is fully consumed in the process of generating the test results.

Primary data related to future tests you may have undergone, which are associated with the Company’s tests/services and used exclusively for quality control and the production of anonymous/aggregated quality control statistics, will be deleted immediately after the generation of these statistics.

Data used for sending newsletters will be deleted as soon as you indicate that you no longer wish to receive them, following the methods outlined in Chapter 7 of this Notice. If you remain inactive on our Website for five (5) years, this data will also be deleted.

Personal data recorded in our server security logs for information security purposes (e.g., IP addresses) will be deleted within 2 years.

We delete the Data collected by Cookies in accordance with the Cookies Policy.

At the end of these retention periods, your data will be completely deleted.

12. Is your Data safe?

We are committed to safeguarding your Personal Data. We have taken appropriate organizational and technical measures to ensure the security and protection of your Data from any form of accidental or unlawful processing. These measures are reviewed and modified at regular intervals and also on an ad-hoc basis when necessary.

13. Which rights do you possess in regard to your personal data?

You have the right to access your personal data.

This means that you have the right to be informed by us on whether we are processing your Data. If we are processing your Data, you can request to be informed about the purpose of the processing, the type of your Data we hold, who we give it to, how long we store it for, whether automated decision-making is taking place, and on how to exercise your remaining data protection rights, such as the right to rectification, the right of erasure, and the right of restriction of processing and the right to file a complaint with the Data Protection Authority.

You have the right to rectify inaccurate personal data.

If you find that there is an error in your Data, you may submit a request for us to correct it (e.g., correcting your name or updating a change of telephone number).

You have the right ask for the deletion of your personal data/right to be forgotten.

You may ask us to delete your Data if it is no longer necessary for the processing purposes listed above or if you wish to withdraw your consent, where your consent is used as the sole legal basis for the processing.

You have the right to portability of your Data.

You may ask us to receive in a readable form the Data you have provided or ask us to transfer it to another controller where the processing is based on your consent or is necessary for the performance of a contract between us.

You have the right to restrict the processing.

You may ask us to restrict the processing of your Data for as long as your objections to the processing are pending or if part of the processing is no longer necessary to fulfil the purposes for which your Data was collected.

You have the right to object to the processing of your Data.

You may object to the processing of your Data where it is carried out in the pursuit of our legitimate interests, and we will stop processing your Data if there are no other compelling and legitimate grounds that override your rights and interests.

Right to withdraw your consent

In cases where the processing of your data, for a specific purpose, is based solely on your prior consent to the processing, you have the right to withdraw your consent at any time.

Please note that your above rights cannot be exercised in relation to the data of your sample taken for the “Colon AiQ” test after the completion of the above test, as the entire sample is consumed during the test.

14. How can you exercise your rights?

To exercise your rights, you can send us a request either through the contact form of the website, or to the email address (dataprotection@iqgenomix.com ) with the title “Exercise of the right of access/ correction/ deletion/ portability/ restriction/ objection/ consent withdrawal” and the description of your request and we will take care to examine it and reply to you as soon as possible.

15. When do we respond to your requests?

We will respond to your Requests free of charge and without delay. We aim to always respond to your requests within one (1) month of receiving them. However, if your Request is complex or there is a large number of pending Requests, we will let you know within the first month if we need an extension of two (2) additional months within which to respond to you.

If your Requests are manifestly unfounded or excessive, in particular because of their repetitive nature, our Platform may impose a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action, or refuse to follow up on your request.

16. Right to lodge a complaint

If you believe that: a) your request has not been adequately and/or lawfully fulfilled, or b) your personal data protection rights are being violated by any processing carried out by us, you have the right to lodge a complaint with the Hellenic Data Protection Authority-HDPA (postal address: 1-3 Kifisias Ave,P.C. 115 23, Athens, website: https://www.dpa.gr/, tel: 210 6475600, e-mail: contact@dpa.gr) or the competent data protection authority of your country of residence (within the EU).

17. How will you be informed about potential updates to this Data Protection Notice?

We will update this Data Protection Notice whenever necessary. If there are significant changes to this Notice or to the way we use your Personal Data, we will notify you either by posting an announcement in a prominent place within our website before the changes take effect or by any other appropriate means. We encourage you to periodically read this Notice to keep updated on how your Data is being protected.

Publication date Update: 31/1/2025