This notice applies to visitors of abomicspgx.com and marketing communications. It does not cover patient data in GeneAccount. A link to the separate GeneAccount notice is provided.

We process IP addresses, device and browser information, site usage (analytics), consent-based marketing, and contact form data.

Legal bases: consent (cookies/marketing), legitimate interests (basic functionality and security), contract (forms).

Cookies: Necessary, analytics, advertising. CMP-compliant consent layer, list of partners, retention periods, and 'Change cookie settings' link.

Retention: Data are retained per purpose and deleted when no longer needed.

Recipients: Trusted processors located in the EU/EEA.

Data subject rights: access, rectification, withdraw consent, object, restrict, portability.

Contact: privacy@abomicspgx.com.

This notice covers genetic and other patient data processed in the GeneAccount service and PGx interpretation.

Roles: Under laboratory instruction, the laboratory is the controller and Abomics is the processor. In direct customer relationships, Abomics is the controller.

Purposes: PGx interpretation, GeneAccount usage, customer support, quality assurance, security, legal obligations.

Legal bases: contract (Art. 6(1)(b)), legal obligation (6(1)(c)), legitimate interests (6(1)(f)), explicit consent (9(2)(a)) or healthcare provision (9(2)(h)).

Data types: genetic variants, reports, contact details, background information, interaction data.

Recipients: healthcare providers, laboratory partners, subprocessors (UpCloud Oy, Microsoft Oy).

Location and security: EU/EEA hosting, encryption, MFA, VPN, role-based access, logging, ISO 27001/SOC 2 requirements.

Retention: Purpose-based and in accordance with MoSAH Decree 94/2022 annex.

Data subject rights: access, rectification, erasure, restriction, portability.

Automated decisions: PGx reports support decision-making; no automated decisions.

Transparency: Abomics does not sell personal data; data subjects have GDPR rights.