PRIVACY POLICY
At Proteinea, we are dedicated to advancing biotechnology while upholding the highest standards of data privacy and security. We recognize that the personal and corporate data we handle—ranging from basic contact details to sensitive research materials—is entrusted to us by individuals, partners, and collaborators worldwide. This Privacy Policy outlines our commitment to protecting your data and explains how we collect, use, store, share, and safeguard it across all interactions with Proteinea, including our website, services, research initiatives, and employment processes.
We encourage you to read this policy carefully to understand our practices and your rights. It covers:
- Types of data we collect
- Purposes and legal bases for processing
- Data retention periods
- Data sharing and international transfers
- Security measures
- Your rights and choices
- Ethical commitments in biotech data handling
- Procedures for data breaches and complaints
Proteinea complies with leading data protection frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and, where applicable, the Health Insurance Portability and Accountability Act (HIPAA) for health-related data. Our practices reflect both legal obligations and our ethical responsibility as a biotech leader.
- Our Commitment to Data Protection Principles
We adhere to the GDPR’s eight foundational principles, which guide all our data activities:
- Lawfulness, Fairness, and Transparency: Processing is legal, equitable, and clearly communicated.
- Purpose Limitation: Data is collected only for specific, explicit purposes.
- Data Minimization: We limit collection to what is strictly necessary.
- Accuracy: We maintain up-to-date and correct data.
- Storage Limitation: Data is retained only as long as needed or legally required.
- Integrity and Confidentiality: Robust security protects against unauthorized access or breaches.
- Transfer Limitation: Cross-border transfers occur only with adequate safeguards.
- Accountability: We document and demonstrate compliance.
By engaging with Proteinea—whether through our website, services, or partnerships—you agree to our data practices as described here and in our Terms of Use. This policy does not govern data shared with third parties beyond our control.
- Legal Basis for Processing Your Data
Proteinea processes personal and corporate data under these lawful grounds:
- Consent: Explicit, informed permission (e.g., via opt-in forms or agreements) allows us to process data for specified purposes. You may withdraw consent anytime.
- Contractual Necessity: Data is processed to fulfill contracts (e.g., employment, partnerships) or pre-contractual steps (e.g., proposal negotiations).
- Legal Obligation: We comply with mandates from laws or regulators (e.g., tax filings, research audits).
- Vital Interests: Processing may occur to protect life or health (e.g., emergency disclosures in clinical research).
- Legitimate Interests: We process data to support business operations—like improving services, securing systems, or advancing research—unless your rights outweigh these interests.
Each basis is applied thoughtfully, balancing our biotech mission with your privacy.
- Types of Data We Collect
Depending on your interaction with Proteinea, we may collect:
- Basic Contact Information: Name, email, phone number, job title, company name (e.g., from forms, emails, or events).
- Business Communication Data: Records of emails, calls, or messages exchanged during collaborations.
- Transactional and Contractual Data: Details tied to agreements, payments, or deliverables (e.g., invoices, project milestones).
- Research and Project Data: Scientific data, intellectual property, or materials from biotech projects (e.g., genetic sequences, trial results), often pseudonymized or anonymized and protected by NDAs/CDAs.
- Employment Data: For applicants: name, address, phone, ID, CV, references; for employees: payroll, performance, and compliance records.
- Website Interaction Data: IP address, browser type, device info, and usage patterns (via cookies—see our Cookie Policy).
- Sensitive Biotech Data: Where applicable, pseudonymized health, genetic, or biological data linked to research, handled under strict ethical and legal protocols.
- Publicly Available Data: Information from public sources (e.g., professional directories) to support partnerships or outreach.
We avoid collecting unnecessary sensitive data and apply heightened safeguards when we do.
- How We Use Your Data
We process data to:
- Facilitate business relationships with partners, suppliers, collaborators, and stakeholders.
- Communicate about services, opportunities, updates, or industry developments.
- Execute contracts and meet regulatory or ethical obligations.
- Enhance our biotech offerings, research, operational efficiency, and customer experience.
- Protect our systems, intellectual property, and business interests (e.g., fraud detection, cybersecurity).
- Process job applications and manage HR functions.
- Respond to inquiries, requests, or legal demands from authorities.
- Conduct aggregated analytics (e.g., trends in research or website usage) without identifying individuals.
For sensitive biotech data, usage is limited to consented research purposes or legal requirements, with ethics board oversight where applicable.
- How We Protect Your Data
Data security is paramount at Proteinea, especially given the sensitive nature of biotech information. Our measures include:
- Technical Safeguards: Encryption (e.g., AES-256), secure servers, firewalls, intrusion detection, and multi-factor authentication.
- Organizational Controls: Role-based access (limited to trained, authorized personnel), regular privacy training, and compliance audits.
- Physical Security: Hard copies are stored in locked, monitored facilities with restricted access.
- Vendor Management: Third-party processors (e.g., cloud providers) are vetted and bound by data protection agreements.
- Special Protections for Biotech Data: Sensitive research data is encrypted, pseudonymized, or anonymized, with access logs and ethical oversight.
We conduct annual security reviews and adapt to emerging threats. In case of a breach, we follow a robust incident response plan (see below).
- How Long We Retain Your Data
Retention periods vary by data type and purpose:
- Contact/Business Data: Kept for the duration of our relationship plus 5 years, unless extended by agreement or law.
- Research Data: Retained per project terms, ethical guidelines, or regulations (e.g., 10-15 years for clinical trial data).
- Employment Data: Applicant data is deleted within 6 months if unsuccessful (unless consent extends this); employee data follows HR policies (e.g., 7 years post-employment for tax records).
- Website Data: Analytics data is kept for up to 2 years; cookie data expires per user settings.
- Sensitive Biotech Data: Retained only as long as necessary for research goals or legal mandates, then securely destroyed or anonymized.
Expired data is deleted using secure methods (e.g., shredding, overwriting).
- Sharing and Transferring Your Data
We share data only when necessary and with safeguards:
- Trusted Third Parties: Service providers (e.g., IT, legal, or lab partners) under strict contracts.
- Legal Mandates: Disclosures to regulators, courts, or law enforcement as required.
- Business Transitions: Shared during mergers or acquisitions, with privacy protections intact.
- International Transfers: Data may move outside the EEA or U.S., but only to jurisdictions with equivalent protections (e.g., via EU Standard Contractual Clauses or Privacy Shield frameworks).
We disclose the minimum data needed and never sell or share it for unrelated marketing.
- Your Data Protection Rights
You have extensive rights under GDPR, CCPA, and similar laws:
- Access: Request details of your data, its use, and recipients.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Delete data when no longer needed or consent is withdrawn (subject to legal retention).
- Restriction: Limit processing in specific cases (e.g., during disputes).
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Oppose processing based on legitimate interests or for marketing.
- Withdraw Consent: Revoke consent anytime, effective immediately for future processing.
- Non-Discrimination (CCPA): Exercise rights without penalty to service quality.
- Complain: Contact your local authority (e.g., EEA Data Protection Authorities or California Attorney General).
To exercise rights, email hello@proteinea.com. We’ll respond within 45, per CCPA, free of charge unless requests are repetitive or unfounded. Identity verification may apply. Opting not to provide data may limit services (e.g., no job application without a CV).
- Ethical Considerations in Biotech
As a biotech company, we handle data with unique ethical implications (e.g., genetic or health information). We:
- Seek informed consent for sensitive data collection.
- Consult ethics boards for research involving human subjects.
- Use de-identification techniques (e.g., pseudonymization) to minimize privacy risks.
- Align with international standards like the Declaration of Helsinki and ICH Good Clinical Practice.
Our Ethics Committee reviews data practices to ensure they reflect our values and societal responsibility.
- Children’s Data
Proteinea does not knowingly collect data from individuals under 16 without verifiable parental consent, per GDPR and the U.S. Children’s Online Privacy Protection Act (COPPA). If such data is inadvertently collected, we’ll delete it promptly upon notification.
- Automated Decision-Making and Profiling
We do not use automated decision-making or profiling that produces legal or significant effects (e.g., hiring or credit decisions) unless explicitly consented to and with human oversight. Where analytics tools are used (e.g., website trends), they rely on aggregated, non-identifiable data.
- Data Breach Response
In the unlikely event of a breach:
- We’ll notify affected individuals and authorities within 72 hours (per GDPR) if there’s a risk to rights and freedoms.
- Our response team will investigate, contain, and mitigate the issue.
- We’ll provide guidance on protective steps (e.g., password changes).
- Records of breaches and responses will be maintained for accountability.
Contact hello@proteinea.com to report suspected incidents.
- Links to Third-Party Sites
Our website or communications may link to external platforms (e.g., collaborators, regulators). We’re not liable for their privacy practices—review their policies before sharing data.
- Data Controller and Processor Roles
Proteinea is the data controller for data we collect directly. Where we process data on behalf of others (e.g., research sponsors), we act as a data processor and follow their instructions, with separate notices provided as needed.
- Changes to This Policy
We may revise this policy to reflect legal, technological, or operational updates. Significant changes will be announced via email, our website, or direct notice, with a 30-day grace period where required. Continued engagement post-update signifies acceptance. The latest version is always at www.proteinea.com.
- Contact Us
For inquiries, rights requests, or concerns:
Email: hello@proteinea.com
Address: 700 main street, Cambridge, MA 02139, USA
Data Protection Officer: Available at marouf@proteinea.com
We aim to resolve issues promptly. If unsatisfied, contact your local data protection authority.