Privacy Policy
Last updated: August 20, 2025
DNAthlete Austria GmbH, Jakob-Auer-Strasse 8, 5020 Salzburg, Austria ("DNAthlete", "we", "us", or "our"), operates this website at www.dnathlete.at (the "Services"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and disclose your personal data when you use our Services, including our DNA, epigenetic, and microbiome testing and consulting services.
1. Contact Information
Responsible party / data controller under GDPR:
DNAthlete Austria GmbH
Jakob-Auer-Strasse 8
5020 Salzburg, Austria
Email: info@dnathlete.at
Data Protection Officer (DPO): Daniel Martin – info@dnathlete.at
2. Categories of Personal Data We Collect
We may collect the following categories of personal data depending on how you interact with us:
- Contact details: name, date of birth, address, billing/shipping address, phone number, email.
- Account information: username, password, preferences, communication settings.
- Transaction information: orders, purchases, returns, exchanges, payment details.
- Payment and financial data: credit/debit card information, transaction confirmations, billing data.
- Communications: support inquiries, emails, messages.
- Device and usage data: IP address, browser type, operating system, cookies, analytics data.
- Genetic, epigenetic, and microbiome data: saliva, blood, or stool samples and the biological/genetic/epigenetic/microbiome information derived from them.
- Phenotype and health information: lifestyle, nutrition, physical performance, ethnicity, or medical/fitness-related information you provide in questionnaires or forms.
⚠️ Note: Without providing the required form information and the relevant biological sample, we cannot perform DNA, epigenetic, or microbiome tests.
3. Purposes of Data Processing
We use your data for the following purposes:
- Contract performance: processing orders, payments, shipping, returns.
- Testing services: analyzing DNA, epigenetic, and microbiome samples; producing reports.
- Phenotype integration: with your consent, combining form data with test results for more accurate recommendations.
- Scientific research: with consent, storing results in pseudonymized form in our research database.
- Trainer/club access: if you consent, sharing your report with your trainer/club.
- Marketing: promotional emails, SMS, or online advertising (where permitted).
- Security & fraud prevention: account authentication, fraud detection, IT security.
- Legal reasons: compliance with law, responding to legal process, dispute resolution.
4. Legal Basis for Processing
- Art. 6(1)(b) GDPR – contract performance (orders, test results).
- Art. 6(1)(a) GDPR & Art. 9(2)(a) GDPR – explicit consent (sensitive data: DNA, epigenetic, microbiome, phenotype; research use; sharing with coaches).
- Art. 6(1)(c) GDPR – compliance with legal obligations.
- Art. 6(1)(f) GDPR – legitimate interests (security, fraud prevention, website functionality).
5. Storage Period
- Samples: stored by our labs for 90 days, then destroyed.
- Pseudonymized data: stored indefinitely for scientific purposes (with your consent).
- Personal data: stored only as long as needed for contract fulfillment, customer support, or legal retention duties.
- Server logs: stored for 2 weeks, then automatically deleted.
6. Data Sharing and Transfers
We may share your data with:
- Laboratories (for sample analysis).
- IT and support services used internally.
- Financial/payment institutions.
- Legal advisors and auditors.
- Authorities or courts where required.
- Your trainer/club (only if you gave explicit consent).
Transfers outside the EU/EEA only occur where lawful (adequacy decision or EU Standard Contractual Clauses).
7. Your Rights
You may exercise the following rights under GDPR:
- Access, correction, deletion of your data.
- Restriction or objection to processing.
- Data portability.
- Withdrawal of consent at any time.
- Complaint to a supervisory authority.
Participation in DNA, epigenetic, or microbiome testing is voluntary. Withdrawal of consent stops further processing, though prior processing remains lawful.
8. Cookies and Analytics
We use cookies and analytics to improve usability and website performance. If you disable cookies, some features may not function properly.
9. Children's Data
Our Services are not intended for minors. We do not knowingly process data of individuals under the age of majority.
10. Security
We implement technical and organizational security measures, but no system is 100% secure. Please avoid sending unencrypted sensitive data via email.
11. Changes
We may update this Privacy Policy to reflect changes in law, practices, or business operations. Updates are published with the revised "Last updated" date.
12. Contact
For privacy inquiries or rights requests, please contact:
📧 info@dnathlete.at
📍 DNAthlete Austria GmbH, Jakob-Auer-Strasse 8, 5020 Salzburg, Austria