GDPR Compliance
General Data Protection Regulation
🛡️ Our Commitment to Data Protection
Explore Your DNA is fully committed to complying with the EU General Data Protection Regulation (GDPR). We handle genetic data—among the most sensitive types of personal data—with the utmost care and transparency.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It gives EU residents greater control over their personal data and standardizes data protection laws across Europe.
GDPR classifies genetic data as a "special category" of personal data, requiring additional protections—which we fully implement.
2. Your Rights Under GDPR
As a user of our services, you have the following rights:
📋 Right to Access
Request a copy of all personal data we hold about you, including how it's being used.
✏️ Right to Rectification
Request correction of any inaccurate or incomplete personal data.
🗑️ Right to Erasure
Request deletion of your personal data (the "right to be forgotten").
⏸️ Right to Restriction
Request that we limit how we use your data in certain circumstances.
📦 Right to Portability
Receive your data in a structured, machine-readable format.
🚫 Right to Object
Object to processing of your data for certain purposes.
3. Legal Basis for Processing
We process your data under the following legal bases:
Explicit Consent (Article 6(1)(a) & Article 9(2)(a))
Before uploading your DNA data, you explicitly consent to its processing. You can withdraw consent at any time.
Contractual Necessity (Article 6(1)(b))
Processing is necessary to fulfill your order and deliver the services you purchased.
Legal Obligations (Article 6(1)(c))
We may retain certain data to comply with accounting and tax regulations.
4. Special Category Data
Genetic data is classified as "special category" data under GDPR Article 9. We implement additional safeguards:
- Explicit Consent: We obtain clear, affirmative consent before processing
- Data Minimization: We only process data necessary for the requested service
- Immediate Deletion: Raw DNA files are deleted immediately after processing
- No Secondary Use: We never use your genetic data for purposes beyond your request
- No Third-Party Sharing: Genetic data is never shared with third parties
5. How We Protect Your Data
Upload
Data transmitted via TLS 1.3 encryption
Processing
Processed on secure, encrypted servers within the EU
Deletion
Raw DNA files permanently deleted immediately after processing
Report Delivery
Generated report available for limited time, then deleted
6. Data Processing Agreement
We have Data Processing Agreements (DPAs) in place with all our sub-processors, including:
- Stripe: Payment processing (PCI-DSS compliant)
- PayPal: Alternative payment processing
- Cloud Hosting: EU-based servers with GDPR-compliant providers
- Email Service: For transactional emails only
7. International Transfers
We primarily process data within the European Economic Area (EEA). When transfers outside the EEA are necessary (e.g., certain payment processing), we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the EU Commission
- Binding Corporate Rules where applicable
8. Data Protection Officer
For data protection inquiries, you can contact our Data Protection team:
Email: dpo@exploreyourdna.com
9. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In France, this is:
CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
Website: www.cnil.fr
Exercise Your Rights
To exercise any of your GDPR rights, submit a request using the button below or email us directly.
Submit GDPR RequestWe will respond to your request within 30 days.