GENINCODE PLC takes the privacy of personal data from its website users very seriously and undertakes to implement all the required measures and policies to protect and grant such privacy to any personal data controlled and/or processed by GENinCode.

GENinCode (includes either GENinCode Plc and its affiliates GENinCode S.L.U and GEN inCode US Inc, which ever entity you are contracting with) is a “controller” for the purposes of the the Data Protection Act 2018, EU General Data Protection Regulation 2016/679, and, Health Insurance Portability and Accountability Act of 1996 (HIPAA) (together the “Data Protection Legislation”) of your personal data. Therefore, any Personal Data collected from the GENinCode website or from any other domain or subdomain owned and controlled by GENinCode, including the SITAB platform for Health Care Professionals (“Website”) and/or its social media profiles (LinkedIn, Twitter, Facebook etc.), will be handled and processed in accordance with this legislation.

GENinCode Plc is registered with the Information Commissioner’s Office, or ICO, under registration number ZB080422.

If you have any question about how GENinCode uses your personal information, please contact our Data Protection Officer/HIPAA Privacy Officer at


“Data Controller”’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Data Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

“Health Care Professionals” means physicians or any other health care professionals such as hospitals, nurses and other professionals offering specialized health care services (e.g., Geneticists, laboratory technicians and medical experts etc.).

“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“User” means any person using and acceding the website and/or the social media profiles pertaining to different subject categories which includes, but it is not limited to general users of the website and social media, Health Care Professionals, patients or consumers, notifying third parties, job applicants, clients, suppliers and collaborators.


In addition to the right to be informed about how we use your personal information (as set out in this privacy notice), you have various other rights in respect of the personal information GENinCode hold about you – these are set out in more detail below. If you wish to exercise any of these rights, please contact

  • Access to your personal information: You can contact us to request the information we hold about you, as well as supplementary information such as why we have that information, who has access to the information and where we got the information
  • Withdrawing consent: If you have given us your consent to use your personal information, you can withdraw your consent at any time.  However, it will have been lawful for us to use the personal information up to the point you withdrew your consent.
  • Correction of your personal information: If the information we hold about you is out of date, incomplete or incorrect, you can ask us to update it.
  • Erasure of your personal information:  You can request that we erase the information we hold. When we receive your request, we will confirm whether the information has been deleted or tell you the reason why it cannot be deleted. For example, we may need to continue to hold your information if we need it for legal reasons or in connection with legal claims.
  • Objection to processing your personal information: You have the right to request that we stop processing your information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us processing the information. Upon receiving the request, we will contact you to tell you if we are able to comply or if there is a compelling reason why we need to continue processing it – for example, we may need to continue holding the information for regulatory or legal reasons.
  • Objection to direct marketing: You have the right to request that we stop contacting you with direct marketing.
  • Portable data: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred. Once we have received your request, we will comply where it is feasible to do so.
  • Automated decision-making:  Automated decision-making takes place when an electronic system uses personal information to decide without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you.

Some of these rights only apply in certain circumstance, so we may not be able to fulfil every request. If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

You can make a complaint to us by contacting us via or to the data protection supervisory authority – in the UK, this is the ICO, at in the in the EU: and in the US the Department of Health and Human Services


GENinCode may collect Personal Data from the following sources:

  • Directly from the User: The User provides the data through the Website (e.g., application/contact forms/e-mail) or through the Social Media Profiles.
  • Cookies and similar technologies: GENinCode uses different technologies to collect information when Users log into the Website. For further information, please see our Cookies Policy section.
  • Directly from Health Care Professionals: Health Care Professionals may provide us with Personal Data on our website, via the SITAB platform or by other means (e.g., e-mail, fax etc.) in connection with the delivery of genetic testing services to their organisation.

Please note that the Health Care Professionals also share Personal Data with us relating to patients. In those cases, GENinCode acts as a Data Processor on behalf of the Health Care Professionals who are the Data Controller. We recommend you review your Health Care Professional’s privacy notice.

In all cases, GENinCode will only process personal and sensitive Personal Data for the intended use, and as expressly instructed by the Health Care Professionals and always following Data Protection Legislation.

The Personal Data used, handled, processed, and stored by GENinCode can be classified in the following general groups or categories:

  • Identification data and contact details: Name, address, date of birth, gender, nationality, [Tax ID number, ID or Passport number,] telephone, fax, e-mail, etc.
  • Health or sensitive data: Clinical data (specifically needed for the provision of the genetic testing services), results of laboratory tests and genetic recommendation reports.
  • Professional/academic data: Profession related data (e.g., position, medical speciality, health institution etc.), academic degrees, spoken languages, CV, etc.
  • Economic data: billing data
  • Technical Data: Log in passwords, IP address, browser type and version number

Please note that in the event a Health Care Professional uploads any patient data to our website or SITAB as part of the services that we provide, that in processing any such patient data, we are acting as a processor on behalf of the relevant Health Care Professional acting as controller. If your personal data has been submitted to our website or SITAB by a Health Care Professional, we would suggest reviewing the applicable Health Care Professional’s privacy notice which they are obliged to provide to you as the controller of your personal data.

Special Category Data

Special protection is given to personal information that is particularly sensitive. This is information about your health status and/or genetic data.

We may receive data from our Health Care Professionals. As set out above, we act as processors for certain Health Care Professionals who are controllers of your data, therefore, we recommend you view your Health Care professional’s privacy notice to understand how your personal data will be processed.


Personal Data will be used for the following purposes:

  • Commercial management of our contacts and customers and to ensure the correct management of budgets, offers, promotions, news, billing, payment collection and customer support.
  • User management, to respond to inquiries through the Website and obtain feedback on our services, products and content.
  • General management to improve and personalize the user experience and adjust the content of the Website accordingly.
  • Transmitting information and personalized content that may be of interest to the User (legitimate interests).
  • Management of GENinCode newsletter and other commercial communications
  • Improving the quality of our services and products (legitimate interests).
  • For the prevention of fraud, violation, and any other possible misuses of the website and/or its applications.
  • Management of job applicants and the selection processes of GENinCode.
  • Management of requests from Health Care Professionals for the provision of the genetic test services through the SITAB platform.
  • To respond to the requirements of the public or judicial authorised authorities.


We collect and use personal data directly from you and also from other sources in the manner permitted by Data Protection Legislation.

GENinCode collects personal data on the following lawful basis:

  • to comply with our legal and regulatory obligations;
  • when necessary to enter into a contract or to perform a contract with you;
  • when you have provided your explicit consent;
  • when it is in our legitimate interests, for example to improve the products and services provided to customers and prospective customers.

In the table below we have provided specific examples of what data we collect and our lawful basis for processing that data.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer (a) Identity

(b) Contact

Performance of a contract with you
To process and deliver our service. (a) Identity

(b) Contact

(c) Health

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

User management, to respond to inquiries through the website and obtain feedback on our services, products and content (a) Technical

(b) Identity

Performance of a contract with you.
Management of job applicants and the selection processes of GENinCode. (a) Identity

(b) Contact

(a) Performance of contract with you

(b) Necessary to comply with a legal obligation

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(a) Identity

(b) Contact

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and its website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity

(b) Contact

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity

(b) Contact

(c) Technical

(d) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)


We may share your personal data with the parties set out below for the purposes set out in the table [Purposes for which we will use your personal data] above.

Internal Third Parties which include Directors, managers and employees on a need-to-know basis.

External Third Parties which include our SITAB software provider.

Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.

Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We share your personal data within the GENinCode Group.

Whenever we transfer your personal data out of the UK and/or the EEA and/or US., we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK and/or the EEA and/or US which give personal data the same protection it has in the UK and/or the EEA and/or US.


We will retain your personal data in accordance with our data retention policies, unless we are required to retain your personal information for a longer period to satisfy any legal and accounting or reporting requirements.


The User is entitled to file a complaint with the relevant Data Protection Agency (“DPA”) of your EU country (list of DPA in the EU:, or in the UK, the ICO: and in the US the Department of Health and Human Services

For any questions and requests regarding Data Protection Legislation and Personal Data use and processing within the UK, the EEA or US or related to UK,EEA or US citizens, please contact us at:


According to the Data Protection Legislation GENinCode declares that applies the security technical, administrative, and organisational measures to protect the Personal Data collected against accidental or illicit destruction, alteration, disclosure or unauthorised access, especially when the processing implies the transmission of data over a network and in regard to any other illicit form of processing.


Any modifications or updated to this Privacy Policy Notice will be posted on the Website. Please check the Website and this Privacy Policy Notice regularly for changes and updates.

Last updated: 04April 2024


GENinCode has several profiles on social media platforms, among them Facebook, Twitter, Instagram and LinkedIn. These platforms are used for communication and commercial purposes and to broaden our user contact User interaction with our social media profiles is conducted in-line with the privacy policies of each social media platform. The use of any social media implies data processing and access outside the European Economic Space, including in those countries that do not offer data protection legislation comparable to the European standards. Furthermore, the use and interaction through social media platforms or the GENinCode profiles implies the use of user data under the terms established within this privacy policy or that of the chosen social media platform. This data can be used for the purposes of behavioural advertising by social media platforms, pursuant to their privacy policies. This data processing is performed with the user’s consent when using these platforms for the periods established by each social media group. For further information regarding the processing of your data, please refer to the various privacy policies in: