Privacy Policy
This document describes how the personal data of users (“User/Users”) who visit the website https://genogra.com/ (“Website”) are processed.
This privacy notice is provided pursuant to Art. 13 et seq. of Regulation (UE) 679/2016 GDPR (“GDPR”) to all those who visit the Website and/or communicate with GenoGra S.r.l. (“GenoGra”).
The following privacy notice is provided solely for the Website and not for any other websites that may be accessed via links on the Website.
1. Data Controller
The data controller is GenoGra S.r.l., with registered office at via Giorgio Chavez no. 4 – 20131 Milan, Italy, Tax Code and VAT no. 12995970964, Business Register no. MI-2697589; email: info@genogra.com (“Data Controller”).
2. Categories of personal data processed
2.1 Navigation data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified persons, but by its very nature could allow users to be identified. This category of data includes: (i) IP addresses or domain names of the computers used by Users who connect to the Website; (ii) URI (Uniform Resource Identifier) addresses of the requested resources; (iii) the time of the request; (iv) the method used to submit the request to the server; (v) the size of the file returned in response; (vi) the numerical code indicating the status of the server’s response (successful, error) and (vii) other parameters related to the User’s operating system and IT environment.
This data is used solely for the purpose of obtaining anonymous statistical information on the use of the Website and to ensure its proper functioning and are deleted immediately after processing.
2.2 Cookie
For more information about the use of cookies on the Website, please visit the cookie policy (click here).
2.3 Data provided voluntarily by the User
Any optional, explicit and voluntary sending of email to the addresses indicated on the Website entails the subsequent collection and processing by the Data Controller of such data and any other information contained in those communications for the purposes described in paragraph 3.2 below.
The completion of the online form for information requests, available in the “Contact us” section of the Website, entails the collection and processing by the Data Controller of the User’s personal data (first and last name, affiliated company, job title, genomic analysis focus), as well as any other information contained in those communications, for the purposes described in paragraph 3.2 below.
2.4 Data published on social media
The Data Controller process the data that the User posts on the Data Controller’s social media pages (such as LinkedIn and Instagram) through the functionalities of the social media platforms that the User has enabled when registering on those platforms, for the purposes described in paragraph 3.3 below.
3. Purposes and legal basis for the processing
The processing of the User’s personal data by the Data Controller is carried out for the following purposes:
to manage interactions with Users (comments, posts) on the Data Controller’s social media pages, pursuant to Art. 6.1 (f) GDPR. Regarding the processing of personal data carried out by the administrators of the social media platforms used by the Data Controller, please refer to the information provided by those administrators through their respective privacy notices.
to pursue, in accordance with Art. 6.1 (f) GDPR, its own legitimate interest, consisting in ensuring the security of the Website and the information exchanged through it, i.e., the ability of the Website to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity, and confidentiality of the personal data stored or transmitted, as well as the security of the related services offered or made accessible;
to respond to requests submitted by the User via email to the Data Controller’s email addresses indicated on the Website or through the contact form available on the Website, pursuant to Art. 6.1 (b) GDPR;
4. Consequences of any refusal to provide data
Providing personal data for the purposes described in the previous paragraph is optional. However, failure to provide such data would make it impossible for the User to communicate with the Controller and for the Controller to fulfil the User’s requests, as well as to ensure the security of the Website and the information exchanged through it.
5. Methods of data processing
The processing of personal data is carried out using electronic or, in any case, automated, IT or telematic tools, with logic strictly related to the purposes described above and, in any case, in a manner that ensures the security of the data.
Specifically, the User’s personal data is processed by individuals who have been duly authorized to carry out such tasks, who are consistently identified and/or appointed, appropriately trained, and made aware of the legal obligations imposed by applicable law. The data is also protected using security measures designed to safeguard the User’s privacy and to prevent the risks of loss or destruction, unauthorized access, and processing that is either unlawful or not in line with the aforementioned purposes. Security measures are continuously improved in accordance with technological developments.
6. Recipients of data
Personal data collected through the Website shall not be disclosed, sold, or transferred to third parties, except in cases provided for by law.
Without prejudice to the foregoing, data may be communicated to companies expressly appointed to carry out specific services within the Data Controller’s activities and/or, more generally, on its behalf. Such entities will act as independent data controllers and/or data processors, as appropriate. Furthermore, data may be disclosed and/or communicated, in accordance with the law, to law enforcement authorities, judicial authorities, intelligence and security agencies, or other public entities for purposes related to national defence or security, or for the prevention, investigation, or prosecution of criminal offenses.
7. Data retention period
The User’s personal data will be processed by the Controller only for the time strictly necessary to achieve the purposes set out in paragraph 3 above. Thereafter, the data will be retained solely for compliance with applicable legal obligations, for administrative purposes, and/or for the establishment, exercise, or defence of legal claims in the event of disputes or pre-litigation proceedings.
8. Transfer of data outside the EU
User data may be transferred to countries outside the European Union, in accordance with Art. 44 et seq. GDPR. Such transfers may take place based on an adequacy decision adopted by the European Commission (Article 45 GDPR) or, for countries where no such decision exists, based on appropriate safeguards such as standard contractual clauses or other suitable instruments pursuant to Article 46 GDPR.
9. Data subjects’ rights
The User, as the data subject (i.e., the individual to whom the data refers), holds the rights granted by the GDPR. In particular, pursuant to Articles 15 et seq. GDPR, the User has the right, at any time and free of charge, to request information regarding the existence of any processing of their data, the retention period, to obtain a copy, and to request the rectification, supplementation, update, or erasure of such data. The User also has the right to request the restriction of the processing and to receive a copy of the Data in a commonly used format readable by an automated device. Furthermore, the User has the right to object to the processing and to lodge a complaint with the competent supervisory authority.
To exercise these rights, Users may submit a written request to the following email address: privacy@genogra.com.
*** *** ***
This privacy policy was last updated on 22/12/2025. Any updates will always be published on this page.