Privacy Policy
MedBioinformatic Solutions SL (“MedBio”, the “Company”, or “we/us”), is committed to protecting the privacy of all users (“You/r” or “User”) of our website and services. This Privacy Policy, and in compliance with Articles 12 and 13 of Regulation (EU) 2016/679 (hereinafter “GDPR“) and Article 11 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (“LOPDPGDD“), explains our practices regarding the use of personal data collected and processed through our website https://www.disgenet.com/ and the DISGENET platform for registered users(“Website”), as well as our subdomains https://blog.disgenet.com and https://casestudies.disgenet.com (“Subdomain Website”).
1. DATA CONTROLLER
The entity responsible for Your personal data is MedBioinformatics Solutions S.L, located at Rambla de Catalunya, 14, 7º, 1ª, 08007 Barcelona and with Tax ID (NIF): ES B67590950. All communications regarding the processing of Your personal data must be directed to the following email address: dataprotection@disgenet.com
2. DATA PROCESSED, LEGAL BASIS, PURPOSES AND STORAGE PERIOD
A. We collect and process the following data in our Website:
| Data processed | Legal Basis | Purposes | Conservation period |
|---|---|---|---|
| Navigation data. Due to the standards of communications on the Internet, when You visit our Website we automatically receive the URL of the site from which You come and the site You visit when You leave our Website, as well as your device information. We also receive the internet protocol (“IP”) address of Your computer and the type of browser You are using. Except for the above, and what is stated in our Cookies Policy, we do not collect any additional personal data while browsing the Website. | Legitimate interest (necessary cookies) or consent of the person concerned (the rest of the cookies) | Analysis of browsing behavior and statistics: The information collected through cookies and other similar tracking technologies allow an analysis of the navigation made by Users. | The retention periods depend on each specific cookie. For more information on the information retention periods for each type of cookie, please consult the Cookies Policy |
| Registration data (trial version or full version). When registering for our services, we will collect the following personal data: name, surnames, company and email address. | Execution of the contractual relationship to which the interested party is a party. | Creation of a user account: This data will be processed in order to create a user account for you so that you can use all the functionalities of the Web Site. Without this data, we cannot create a user account for you. | Personal data will be processed by MedBio during the contractual relationship between MedBio and the User. Said data will be blocked in order to comply with MedBio’s legal obligations and, once this period has elapsed, will be definitively deleted. |
| Contact Form. If You complete any web form in order to contact us, we collect the following personal data: Your name and surname, the company where You work and Your email address. | Consent | To attend and respond to requests, comments, suggestions. As well as providing support to the User during the use of the Website. | The personal data will be processed by MedBio for the period necessary to answer the question and/or resolve the incident indicated by the User. Said data will be blocked in order to comply with MedBio’s legal obligations and, once this period has elapsed, will be definitively deleted. |
| Commercial communications. The User, if he/she so wishes, may subscribe to our Newsletter. For this purpose, the User’s e-mail address will be processed. | Consent of the interested party. | If you have consented to receive commercial communications, this data is used to send you commercial information about MedBio. | The data will be processed by MedBio until the User withdraws his/her consent. Once consent has been withdrawn, MedBio will block your data for the time necessary to comply with legal obligations. At the end of this period, the data will be definitively deleted. |
| Support communications data. We collect and process the personal data, about You or a third party, you provide us during any communications via electronic means, such us emails, account data, billing information any personal data provided by the User for the purpose of seeking technical support of MedBio. | Legitimate interest | Solely to manage and resolve your technical requests. | Personal data will be processed by MedBio during the contractual relationship between MedBio and the User. Said data will be blocked in order to comply with MedBio’s legal obligations and, once this period has elapsed, will be definitively deleted. |
| Policy acceptance records. When you log in or register, we keep an internal record noting that you accepted the current version of this Privacy Policy and the date of that acceptance | Legal obligation | This record is used only to demonstrate compliance with data-protection obligations | Personal data will be processed by MedBio during the contractual relationship between MedBio and the User. Said data will be blocked in order to comply with MedBio’s legal obligations and, once this period has elapsed, will be definitively deleted. |
| Feedback and user messages. If you send us feedback, comments, or suggestions through the platform, we process the content of your message and your contact details (such as name, company and email) | Consent | Improve our services and respond to Your request. | Personal data will be processed by MedBio during the contractual relationship between MedBio and the User. Said data will be blocked in order to comply with MedBio’s legal obligations and, once this period has elapsed, will be definitively deleted. |
| Payment data. When you make a payment for our services, Stripe Payments Europe Ltd. processes your payment details securely. We receive only limited transaction information (such as payment status, amount, and transaction ID). | Execution of the contractual relationship to which the interested party is a party. | This payment data is required for invoicing and customer support. | Personal data will be processed by MedBio during the contractual relationship between MedBio and the User. Said data will be blocked in order to comply with MedBio’s legal obligations and, once this period has elapsed, will be definitively deleted. |
| DISGENET Assistant. The data processed is identifying data (email, username, etc.) necessary to log in and data derived from interaction with the assistant. | Execution of the contract and/or consent | We process your personal data so that we can interact with the assistant and offer you personalized service and assistance. | Personal data will be kept for as long as necessary to respond to queries or requests made through the chatbot and, where applicable, for the applicable legal periods. Conversation records may be anonymized for statistical purposes or to improve the service. |
| Personalization Data. User identifier (userID), email and technical configuration metadata (filters, internal labels, timestamps). | Execution of the contractual relationship to which the interested party is a party. | We process the information necessary to store your preferences and allow you to retrieve and manage them later | Personal data will be processed by MedBio during the contractual relationship between MedBio and the User. Said data will be blocked in order to comply with MedBio’s legal obligations and, once this period has elapsed, will be definitively deleted. |
You are responsible for the accuracy of the data You provide, and MedBio reserves the right to exclude from the services any user who has provided false or inaccurate information, without prejudice to other available resources.
Prohibited data. It is forbidden to submit to us any data that contain data of special categories indicated in article 9 on the General Data Protection Regulation 679/2016 (“GDPR”).
Commercial Communications. If you tick the corresponding box, You consent to receiving commercial communications and newsletters from us regarding our services. If, later on, You don’t wish to receive commercial information about us anymore, you can expressly opt out by sending a notification to dataprotection@disgenet.com or by clicking the unsubscribe link in our email communications.
Payment Data. We use Stripe Payments Europe Ltd. as our secure payment processor for handling online transactions. Stripe collects and processes payment information (such as credit or debit card data) directly on its platform. MedBio does not store or have access to full card details.
Stripe acts as an independent data controller for payment information, in accordance with its own Privacy Policy.
Anonymized Data. We may anonymize personal data so that it can no longer be associated with any identified or identifiable individual. Once anonymized, we may retain and use such data for statistical, analytical, or research purposes, in which case the data will no longer be considered personal data under the GDPR.
B. We collect and process the following data in our Subdomain Website:
| Data processed | Legal Basis | Purposes | Conservation period |
|---|---|---|---|
| Navigation Data. User’s browser and user’s preferences of cookies while accesing the Subdomain Website. | Legitimate interest (only necessary cookies) | Cookies are required to enable basic features of the Subdomain Website. | The retention periods depend on each specific cookie. For more information on the information retention periods for each type of cookie, please consult the Cookies Policy. |
3. DATA DISCLOSURE
We process Your personal data with strict confidentiality in accordance with applicable law. Unless otherwise stated, Your personal data will not be provided to third parties. We do not sell or assign to third parties lists with personal data, nor of any other type. Nonetheless, we may disclose Your data as follows:
- We can make personal data available to any company interested in buying or buying MedBio or a part of your business and, consequently, give access to any national or international auditors to carry out your “due diligence”.
- We may give access to Your personal data to our service providers, as Data Processors under contracts for the provision of services in favor of the Company, in particular to:
- Database maintenance and newsletter subscription management service providers.
- Analytical service providers.
- Hosting service providers.
- E-mail service providers.
- Consent Management Platform Providers (Consent Management Platform)
- Payment gateway providers
- We require that all third parties respect the security of their personal data and treat them in accordance with the law, for this reason we have signed a data processing agreement with this services providers. We do not allow our external service providers to use your personal data for their own purposes and we only allow them to process your personal data for specific purposes and in accordance with our instructions.
- Authorities to investigate suspected fraud, harassment or other violations of any law, rule or regulation, or of the website policies.
4. INTERNATIONAL TRANSFER
MedBio is headquartered in Spain. We use technology services from third parties who can process Your data in the course of providing us with their services. These entities may be in jurisdictions that generally do not provide adequate guarantees in relation to the processing of personal data. However, we have entered into contracts with those entities that do include the safeguards required by applicable privacy laws, including the so called “standard model clauses”. For more information, contact us at dataprotection@disgenet.com
5. SECURITY MEASURES
We implement appropriate technical and organizational measures, including encrypted storage, access control, and secure transmission via HTTPS, security measures and personal data protection schemes as required by the applicable data protection law to maintain the confidentiality and integrity of Your data and protection against unauthorized access, modification or destruction. Personal data will be treated confidentially by MedBio, which undertakes to inform and enforce, by legal or contractual obligation, such confidentiality to its employees, partners and any person who should have access to the User’s personal data.
6. YOUR RIGHTS
You have the following rights under the data protection laws, in relation to Your personal data: the right to request access to Your personal data (commonly known as a “data subject access request”); request the correction of the personal data we have about You; request the erasure of Your personal data; objecting to the processing of Your personal data when we are relying on a legitimate interest (or those of a third party); request the restriction of processing Your personal data; request the transfer of Your personal data to You or to a third party (right to data portability); withdraw Your consent at any time where we are relying on consent to process Your personal data, Withdrawal does not affect the lawfulness of processing that has already taken place.
You can make the aforementioned rights effective by contacting us at dataprotection@disgenet.com.
You also have the right to file a complaint with the competent authority, in this case, the Spanish Agency for Data Protection (Agencia Española de Protección de Datos), at Calle Jorge Juan, 6, 28001 Madrid, Spain.
7. GENERAL
We reserve the right to modify the terms of this Privacy Policy and will notify You by clear notice of these changes by email, on our Website or Subdomain Website, and in this Privacy Policy. If You continue to use our website and services after such update, You will be deemed to accept the new terms. If You do not accept the update, let us know and we will cancel Your account and will delete Your personal data (except when it is necessary to keep them for legal purposes) and You will not be able to continue using our services. Unless a specific local regulation sets forth to the contrary, the Privacy Policy is governed by the laws of Spain.
Last modification: November 2025