Privacy Policy for the Processing and Protection of Personal Data
Moscow, “01” January 2016
1. General Provisions
1.1. This Privacy Policy for the Processing and Protection of Personal Data (hereinafter referred to as the “Policy”) is developed in accordance with Federal Law No. 152-FZ “On Personal Data,” as well as other regulatory legal acts governing the protection of personal data.
1.2. The purpose of this Policy is to ensure proper protection of the personal data of users of the website https://dnk-otcovstvo.ru (hereinafter referred to as the “Site”), as well as individuals ordering DNA testing services (hereinafter referred to as “Users”), from unauthorized access, disclosure, destruction, alteration, and other unlawful actions.
1.3. The personal data operator is the Limited Liability Company «BIOVARA»,
TIN: 4632305710, KPP: 463201001, OGRN: 1254600001765, phone: +7 (499) 490-28-01, email: info@dnk-otcovstvo.ru.
2. Personal Data Collected and Processed
2.1. The Operator may process the following categories of personal data:
- Surname, first name, patronymic;
- Date of birth;
- Contact details (phone number, email address, postal address);
- Passport details (if identification is required);
- Data contained in biological samples (including DNA);
- Medical information provided voluntarily;
- Technical information (IP address, cookies, browser and device data).
2.2. Processing of special categories of personal data (including biological and medical data) is carried out only with the written consent of the personal data subject.
3. Purposes of Personal Data Processing
3.1. Personal data is processed for the following purposes:
- Conclusion and execution of the contract for DNA testing;
- Organization of logistics for the delivery and storage of biological samples;
- Preparation and transfer of testing results;
- Informing about the progress of the order;
- Compliance with legal requirements;
- Improvement of the Site and services provided;
- Compliance with medical confidentiality and privacy.
4. Legal Grounds for Processing
4.1. Personal data processing is carried out based on:
- Voluntary consent of the personal data subject;
- Conclusion and execution of the contract;
- Fulfillment of obligations stipulated by the legislation of the Russian Federation.
5. Terms of Processing and Storage of Personal Data
5.1. Personal data is stored until the purposes of its processing are achieved or until the expiration of storage periods established by the current legislation of the Russian Federation.
5.2. Upon expiration of the storage period, personal data shall be destroyed or anonymized in accordance with established procedures.
6. Transfer of Personal Data to Third Parties
6.1. The Operator may transfer personal data only in the following cases:
- With the consent of the personal data subject;
- Transfer to accredited partner laboratories for DNA testing;
- Fulfillment of contractual obligations to the User;
- Provision of information upon lawful requests of government authorities.
6.2. Cross-border transfer of personal data is not carried out without separate consent of the User.
7. Cookie Processing
The following types of cookies are used by the Operator on the Site:
| Name | Provider | Purpose | Retention Period |
| _gcl_au | Improving user experience | 3 months | |
| _ga_C0JCK5QCRL | Improving user experience | 1 year | |
| _ga | Registers a unique identifier used to generate statistical data on how the visitor uses the website | 2 years | |
| _ym_uid | For differentiating visitors | Until disabled | |
| _gid | Registers a unique identifier used to generate statistical data on how the visitor uses the website | 1 day | |
| _ym_visorc | Used for proper operation of the webvisor | 1 day | |
| _ym_d | Contains the date of the first visit to the site | 1 year | |
| _ym_isad | Used to determine whether the visitor has any ad-blocking software in their browser — this information may be used to make website content inaccessible to visitors if the website is funded by third-party advertising | 1 day |
You can refuse the processing of cookies by adjusting the settings of your browser accordingly.
In addition to cookies, we use tracking technologies such as tags and scripts on websites to collect and store information about you. When you use our services, we gain access to the following information about you: your IP address, location (country or city), type and version of your device’s operating system, type and version of your browser, device type and screen resolution, source of your traffic, language of the operating system and browser, details about age, gender, user ID, as well as data about your online activities.
These technologies are used to track your behavior on the site and to collect demographic information about our client base as a whole in order to improve the services we provide. Like most other information resources of organizations, our web servers and security systems store some temporary technical data in their log files.
Our websites use cookies and retargeting pixels from the analytics service Yandex.Metrica. Cookies not related to technical necessities are processed only after obtaining consent via the cookie banner. Cookies from such third-party services are used by us for statistical, analytical, and marketing purposes. Personal data collected by web analytics services is processed only after prior consent to the processing of personal data, which is provided by the User through the cookie banner. The specified cookie banner also contains a hyperlink to this Policy. The personal data processed within this purpose do not belong to special categories or biometric data according to Articles 10–11 of Federal Law 152-FZ and are processed in an automated manner. You can refuse the installation of cookies from third-party analytics services by adjusting your browser settings accordingly.
8. Personal Data Protection Measures
The main personal data protection measures used by the Operator are:
8.1. Appointment of a person responsible for personal data processing, who organizes the processing, conducts training and instruction, and performs internal control to ensure compliance with personal data protection requirements by the organization and its employees.
8.2. Identification of current threats to personal data security during processing in the personal data information system (PDIS) and development of measures and actions to protect personal data.
8.3. Development of a policy regarding personal data processing.
8.4. Establishment of access rules to personal data processed in the PDIS, as well as ensuring registration and accounting of all actions performed with personal data in the PDIS.
8.5. Setting individual access passwords for employees to the information system according to their job responsibilities.
8.6. Use of information security tools that have passed the conformity assessment procedure in the prescribed manner.
8.7. Certified antivirus software with regularly updated databases.
8.8. Compliance with conditions that ensure the preservation of personal data and prevent unauthorized access to them.
8.9. Detection of unauthorized access to personal data and taking measures.
8.10. Restoration of personal data modified or destroyed as a result of unauthorized access.
8.11. Training of Operator’s employees directly involved in personal data processing on the provisions of the Russian Federation legislation on personal data, including personal data protection requirements, Operator’s policy documents regarding personal data processing, and local regulations on personal data processing.
8.12. Conducting internal control and audits.
9. Personal Data Security
9.1. To ensure the safety of personal data, the Operator implements a set of administrative, technical, and physical measures aimed at preventing loss, improper use, unauthorized access, disclosure, alteration, or destruction of information.
9.2. The Operator applies information security measures that comply with applicable legislation and recognized industry standards. Such measures include, in particular, access control, use of passwords, encryption, and regular security audits.
9.3. In the event of an incident related to a personal data breach, including a security breach that has led or may lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data, the Operator will take the following actions:
- Conduct an internal investigation and analysis of the incident to assess its consequences, including determining the risk of violation of the rights and freedoms of personal data subjects;
- If a risk to the rights and freedoms of the subjects is identified, notify the authorized supervisory authority, and in the case of a high risk, inform the relevant data subjects;
- Immediately take all necessary measures to eliminate the consequences of the incident and minimize possible harm;
- Document the violation to ensure its subsequent analysis and control.
9.4. The applied measures and response procedures may vary depending on jurisdiction, nature of the breach, and requirements of the relevant legislation.
10. Rights of the Personal Data Subject
The User has the right to:
- receive information about their personal data;
- request correction, blocking, or deletion of their data;
- withdraw consent for data processing;
- appeal the Operator’s actions to authorized bodies or through the court;
- receive DNA test results upon confirmed identification.
11. Contact Information
Operator: LLC «BIOVARA»
TIN: 4632305710
KPP: 463201001
OGRN: 1254600001765
Address: 305018, Kursk, Gagarin str., 28
Phone: +7 (499) 490-28-01
E-mail: info@dnk-otcovstvo.ru
12. Final Provisions
12.1. The Operator reserves the right to make changes to this Policy. The updated version comes into effect from the moment of its publication on the Site.
12.2. By continuing to use the Site, the User confirms their consent to the terms of this Policy.