1. Data controller

Evogenom Oy

Ahlmaninkatu 2 E, 40100 Jyväskylä, (2nd floor, mailbox 5), Finland

+358 45 323 6199

2. Data protection officer

Hannu Tolvanen

CEO, sales and marketing

+358 40 064 2569

3. Register name

Customer register of Evogenom Oy


4. Purpose of data processing

Personal data is stored in customer register of Evogenom Oy for the purposes of delivering ordered analyses, managing customer relationship, carrying out and following up customer service, including customer feedback.


5. Data content of register

Register may obtain basic information and order information concerning customer, including:

  • First and family name
  • Customer number
  • Address
  • Email address
  • Phone number
  • Follow-up data of order (if any)
  • Date of order
  • Method of payment
  • Content of order
  • Consents


6. Samples, insulation and DNA

On customer’s consent, DNA is isolated from the customer’s saliva sample which is interpreted for the performance of analysis ordered by the customer. For the isolation, the customer’s sample is processed pseudonymized, i.e. customer’s personal data is not delivered with the sample. Remainder DNA (if any) and customer’s saliva sample shall be exterminated after the customer has received the analysis and informs Evogenom that sample and remainder DNA may be exterminated, or at the latest 4 months from the date that the customer has delivered his/her sample kit to Evogenom Oy and has not informed of receiving analysis.


7. Genome data

Genome data shall be stored at separate computer in guarded space. Genome data is pseudonymized and thus cannot be connected with individualized person.


8. Data retention period

After the analysis is delivered to the customer, data that can identify a customer shall be stored in maximum for 4 months. This is to ensure that the customer receives his/her analysis even in the events of conceivable delays or redelivering that are not result of action of Evogenom Oy. At the latest after 4 months, the analysis and customer’s unique barcode which identifies the customer with his/her raw data, shall be exterminated even if the customer has not informed us of receiving analysis. Thereafter, Evogenom Oy stores raw data only in an anonymized form, i.e. in a form in which identifiability of data is deleted and the data may no longer identify you. Hence, the customer cannot request us to provide his/her raw data after the retention period described in this section.

Data concerning customer relationship may be stored in customer register by Evogenom Oy during the customer relationship period and will be deleted as soon as practically feasible after expiry of customer relationship. The personal data may be used after the termination of the customer relationship if the legislation in effect so requires.


9. Regular data sources

Evogenom Oy processes personal data of the customer which is collected only directly from the data subject himself/herself. Personal data is not collected from any public or other sources.


10. Transfer of data outside the EU/EEA

Personal data will not be transferred outside Evogenom Oy unless based on an agreement, customer’s separate consent or if we are required to do so by law. Evogenom Oy may transfer anonymized raw data for the purposes of medical research, medicine development in any field of therapy or in connection with the business transitions of Evogenom Oy.

Evogenom Oy does not transfer personal data outside the EU/EEA.


11. Data security

Any paper documents shall be stored in guarded and locked space of Evogenom Oy which are available only for the persons that have right to access to personal data. Only pseudonymized data is stored in a digitized form and shall be stored confidential. We endeavor to deploy appropriate measures to secure the confidentiality of your data, and access to data is limited to only authorized personnel. Our IT systems are protected, and we have taken appropriate technical measures to protect any data security such as encryption. Any access to our systems requires individual user IDs and passwords. Data is stored on private computer of Evogenom Oy in a guarded and locked space.


12. Data subject’s rights


12.1 Right to access to the personal data

Customer has right to inspect which of his/her personal data we have stored. Inspection request shall be made in accordance with section 14 “Contacts”. Principally, use of inspection right is free of charge. Inspection right may be rejected on grounds set forth in the applicable legislation.


12.2 Right to rectify data or restrict data processing

Customer may update his/her personal data by contacting to customer service via . If possible, customer shall without undue delay after being informed or becoming aware of an error, on his/her own initiative rectify, erase or complete wrong, unnecessary, defective or outdated personal data. If customer is not able to correct personal data by himself/herself, correction request shall be made in accordance with section 14. Furthermore, the customer may have a right to request Evogenom Oy to restrict the processing of personal data in accordance with law.


12.3 Right to request transfer of personal data to another controller

If customer has delivered personal data to customer register of Evogenom Oy, and processing is based on customer’s consent or to perform a contract, customer has right to receive personal data, in general, in a machine-readable form and right to transfer them to another data controller.


12.4 Right to complain to the data protection ombudsman

Customer has the right to make a complaint to a supervisory authority for data protection issues, when data controller has not acted according with the applicable privacy legislation.


12.5 Other Rights / Right to erasure

When Evogenom Oy processes personal data based on customer’s consent, customer has right to cancel the consent by informing to Evogenom Oy in accordance with section 14. Customer may also be entitled to request Evogenom to delete or remove personal data Evogenom holds about customer. Right to erasure is limited to specific legal reasons as regulated in the applicable legislation.


13. Lawful basis for processing

Customer relationship and consent. Furthermore, data processing may be based on our need to comply with a legal or regulatory obligation such as accounting legislation.


14. Contacts

Should you have any questions regarding data processing and any situations that concerns customer’s rights, we kindly ask you to contact the data protection officer of Evogenom Oy via email: , by visiting in office or via post to address: Evogenom Oy / Tietosuoja, Ahlamaninkatu 2 E, 40100 Jyväskylä (2nd floor, mailbox 5), Finland. Evogenom may ask you to clarify your request in written form, if necessary. Evogenom may also need to request specific information from you to help us confirm your identity.

This privacy policy has been updated on 4 April 2019. Evogenom Oy reserves the right to update the Privacy Policy from time to time in response to changing legal, technical or business developments. Changes are effective when they are published. You are kindly advised to review this Privacy Policy periodically for any changes.