Privacy Policy

COMPLETE PRIVACY POLICY OF REVEAL GENOMICS, S.L.

In compliance with Regulation (EU) 2016/679 ofthe European Parliament and of the Council, of 27 April 2016 (GDPR), and with Organic Law 3/2018, of 5 December (LOPDGDD), REVEAL GENOMICS, S.L., holder of CIF (Tax ID Code) B67416034 and with its registered office at Calle Villarroel,170, 2º 5ª, 08036 Barcelona, email: info@reveal-genomics.com, as the data controller, hereby reports its privacy and data protection policy.

Data Protection Officer (DPO)

Reveal Genomics has appointed Yolanda Adsuar as its Data Protection Officer, who can be contacted at: yadsuar@reveal-genomics.com.

Principles applied in data processing

The processing of personal data by REVEAL GENOMICS is governed by the principles set forth in Article 5 of Regulation (EU) 2016/679, which constitutes the essential basis for guaranteeing lawful, fair, and transparent processing. In compliance with this legislation, personal data will only be processed for specified, explicit, and legitimate purposes,and they will not be further processed in a way that is incompatible with those purposes.

The company undertakes to only process personal data that are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimization), while ensuring that they are accurate and permanently kept up to date. Likewise, technical and organizational measures are taken to ensure that personal data are kept for no longer than necessary (storage limitation principle), and the integrity and confidentiality thereof is protected through appropriate security systems (principle of integrity and confidentiality).

Finally, REVEAL GENOMICS acts in accordance with the principle of accountability, which means not only formal compliance with regulations, but also the implementation of effective mechanisms for demonstrating said compliance to supervisory authorities and to data subjects themselves.

Purposesof the processing, legal basis, and storage period

The lawfulness of personal data processingrequires that the purposes be clearly defined, which must have a valid legalbasis, and that the data not be stored for a period that is longer thannecessary. In compliance with these legal requirements, Reveal Genomics, S.L.details below the different purposes of the processing that it carries out,thereby distinguishing between those purposes that are linked to the capture ofdata through browsing and the use of forms on its website and those that arederived from contractual, employment, or professional relationships:

 

1. Data obtained through the website

  • Consultations through forms or via email
       
    • Processed data: Name, surnames, email, content of the message.
      •  
    • Legal basis: Consent of the data subject (Art. 6.1.a GDPR).
      •  
    • Storage period: Until resolution of the consultation or the withdrawal of consent.
    •  
  • Subscriptions to the newsletter or informative communications
       
    • Processed data: Name, email address.
      •  
    • Legal basis: Consent of the data subject (Art. 6.1.a GDPR).
      •  
    • Storage period: Until the revocation  of consent.
    •  
  • Registration and  participation in online events (webinars)
       
    • Processed data: Identification, email, image/voice (if recorded), professional specialty.
      •  
    • Legal basis: Express consent of thedata subject (Art. 6.1.a GDPR).
      •  
    • Storage period: Until the revocation of consent or a maximum of 5 years.

2. Data obtained outside the website environment

  • Administrative management and billing
       
    • Processed data: Identification, banking, tax.
      •  
    • Legal basis: Performance of the contract and legal compliance (Art. 6.1.b and c GDPR).
      •  
    • Storage period: 5 years as from the end of the contractual relationship.
  • Selection of personnel
       
    • Processed data: Identification data, résumé, interviews.
      •  
    • Legal basis: Consent of the data subject (Art. 6.1.a GDPR).
      •  
    • Storage period: 2 years after the end of the process.
    •  
  • Employment relationship and HR management
       
    • Processed data: Identification, banking, health, and training data.
      •  
    • Legal basis: Performance of the employment contract (Art. 6.1.b GDPR).
      •  
    • Storage period: During the employment period and subsequently for the mandatory legal periods.
  • Outside professional collaborators
       
    • Processed data: Identification, tax, and professional contact data.
      •  
    • Legal basis: Performance of the contract (Art. 6.1.b GDPR).
      •  
    • Storage period: During the period when the relationship is in force and subsequently for the applicable legal      periods.
    •  
  • Request for and  processing of the HER2DX® test
       
    • Processed data: Name, surnames, email, telephone, professional association number, hospital/clinic, patient      data.
      •  
    • Legal basis: Consent of the health professional and performance of the contract (Art. 6.1.a and b GDPR). In  the case of the patient, explicit consent.
      •  
    • Storage period: According to health regulations in force.

Data processors and transfers

REVEAL GENOMICS contracts suppliers for required services:

  • Computer and maintenance services (ISO/IEC 27001 certification)
  • Administrative, tax, and accounting management
  • Support  for digital platforms (webinars, forms, storage)
  • Marketing and website design agencies
  • Newsletter delivery and CRM systems services

Data processing agreements are formally executed with them in accordance with Art. 28 GDPR. They are selected considering their professional competence and regulatory compliance. Data will only be disclosed to third parties in the event of legal obligation to do so.

International transfers of data

REVEAL GENOMICS may make international transfers with essential technology providers, such as email, marketing, or cloud storage platforms. These suppliers must offer adequate guarantees in accordance with the GDPR, including ISO/IEC 27001 certifications, standard contractual clauses, and adequacy decisions. For more information, contact the DPO.

Rights of users

The right to personal data protection includes a set of fundamental rights that allow persons to have control over the use that is made of their information. The exercise of these rights not only guarantees transparency and respect for the privacy of data subject, it also constitutes an essential tool for verifying that processing is performed in accordance with the law.

Any person has the right to:

  • Access their personal data.
  • Rectify the data if they are inaccurate or incomplete.
  • Request the erasure of their data if they are no longer  necessary or if consent has been withdrawn.
  • Object to processing in certain circumstances.
  • Restrict the processing of their data when legal requirements are not complied with.
  • Request the portability of data to another data controller.
  • Revoke  their consent at any time.

 

These rights can be exercised free of charge by making written request sent to Calle Villarroel, 170, 2º 5ª, 08036 Barcelona, or by sending an email to info@reveal-genomics.com, therefore including a copy of the person’s identity document. REVEAL GENOMICS provides data subjects with official forms for the exercise of rights, if a form is requested.

In the event of disagreement, a complaint can be lodged with the Spanish Data Protection Agency (www.aepd.es) or other competent authority according to the country of residence.

 

Security measures

REVEAL GENOMICS applies appropriate technical and organizational measures for guaranteeing the security, confidentiality, and integrity of personal data, in accordance with the provisions of Article 32 of the GDPR. These measures include physical and logical access controls, the encryption of communications, password management, internal audits, and specific training for personnel with access to data. Likewise, risk is continuously assessed, therefore periodically reviewing and updating the implemented measures according to the evolution of technology and the nature of the processing, thereby ensuring the confidentiality, availability, and resilience of processing systems at all times. All the aforementioned takes place under an approach of continuous improvement and accountability, with the objective of preventing unauthorized accesses to, accidental or unlawful losses, destruction, or the alteration of data.

Moreover, REVEAL GENOMICS has an internal Systems and Information Technologies (IT) Manager who is in charge of directly supervising compliance with the implemented security measures, as well as coordinating and controlling the actions of the technology providers involved in data processing.

 

Date of last update: 1 August 2025.