Personal Data Protection Policy in Compliance with GDPR.

1. General Provisions

This Personal Data Protection Policy ("Policy") defines the principles for processing and protecting personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR") and other applicable legal provisions regarding personal data protection.

2. Data Controller

The data controller is DNA Laboratory, hereinafter referred to as the "Controller". 

3. Principles of Personal Data Processing

The Controller ensures that personal data are: 

  • Processed lawfully, fairly, and transparently.
  • Collected for specific, explicit, and legitimate purposes.
  • Limited to what is necessary.
  • Stored for no longer than necessary.
  • Processed in a manner that ensures their integrity and confidentiality.

4. Purposes of Personal Data Processing

  • Personal data may be processed for the following purposes:  
  • Execution of contracts concluded with clients, contractors, and employees.
  • Handling inquiries and communication with users.
  • Compliance with legal obligations imposed on the Controller.
  • Marketing and promotion of the Controller's activities, provided the user has given consent.

5. Legal Basis for Processing

Data processing is based on: 

  • The consent of the data subject (Article 6(1)(a) GDPR).
  • Performance of a contract or taking steps prior to entering into a contract (Article 6(1)(b) GDPR).
  • Legal obligations imposed on the Controller (Article 6(1)(c) GDPR).
  • The legitimate interests of the Controller (Article 6(1)(f) GDPR).

6. Rights of Data Subjects

Individuals whose data are processed have the right to:  

  • Access their personal data.
  • Rectify inaccurate or incomplete data.
  • Erase their data ("right to be forgotten").
  • Restrict data processing.
  • Transfer their data to another controller.
  • Object to data processing.
  • Lodge a complaint with a supervisory authority.

7. Data Retention Period

Personal data are retained for the period necessary to fulfill the purposes of processing or as required by law.  

8. Data Security

The Controller applies appropriate technical and organizational measures to ensure data protection against unauthorized access, loss, or destruction. 

9. Contact

For matters related to personal data protection, you can contact the Controller via email: This email address is being protected from spambots. You need JavaScript enabled to view it.



Effective date: 01.01.2025
This Policy may be periodically updated. The current version is always available on the Controller’s website.