PRIVACY POLICY

At Proteinea, we are dedicated to advancing biotechnology while upholding the highest standards of data privacy and security. We recognize that the personal and corporate data we handle—ranging from basic contact details to sensitive research materials—is entrusted to us by individuals, partners, and collaborators worldwide. This Privacy Policy outlines our commitment to protecting your data and explains how we collect, use, store, share, and safeguard it across all interactions with Proteinea, including our website, services, research initiatives, and employment processes.

We encourage you to read this policy carefully to understand our practices and your rights. It covers:

Proteinea complies with leading data protection frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and, where applicable, the Health Insurance Portability and Accountability Act (HIPAA) for health-related data. Our practices reflect both legal obligations and our ethical responsibility as a biotech leader.

  1. Our Commitment to Data Protection Principles

We adhere to the GDPR’s eight foundational principles, which guide all our data activities:

  1. Lawfulness, Fairness, and Transparency: Processing is legal, equitable, and clearly communicated.
  2. Purpose Limitation: Data is collected only for specific, explicit purposes.
  3. Data Minimization: We limit collection to what is strictly necessary.
  4. Accuracy: We maintain up-to-date and correct data.
  5. Storage Limitation: Data is retained only as long as needed or legally required.
  6. Integrity and Confidentiality: Robust security protects against unauthorized access or breaches.
  7. Transfer Limitation: Cross-border transfers occur only with adequate safeguards.
  8. Accountability: We document and demonstrate compliance.

By engaging with Proteinea—whether through our website, services, or partnerships—you agree to our data practices as described here and in our Terms of Use. This policy does not govern data shared with third parties beyond our control.

  1. Legal Basis for Processing Your Data

Proteinea processes personal and corporate data under these lawful grounds:

Each basis is applied thoughtfully, balancing our biotech mission with your privacy.

  1. Types of Data We Collect

Depending on your interaction with Proteinea, we may collect:

We avoid collecting unnecessary sensitive data and apply heightened safeguards when we do.

  1. How We Use Your Data

We process data to:

For sensitive biotech data, usage is limited to consented research purposes or legal requirements, with ethics board oversight where applicable.

  1. How We Protect Your Data

Data security is paramount at Proteinea, especially given the sensitive nature of biotech information. Our measures include:

We conduct annual security reviews and adapt to emerging threats. In case of a breach, we follow a robust incident response plan (see below).

  1. How Long We Retain Your Data

Retention periods vary by data type and purpose:

Expired data is deleted using secure methods (e.g., shredding, overwriting).

  1. Sharing and Transferring Your Data

We share data only when necessary and with safeguards:

We disclose the minimum data needed and never sell or share it for unrelated marketing.

  1. Your Data Protection Rights

You have extensive rights under GDPR, CCPA, and similar laws:

  1. Access: Request details of your data, its use, and recipients.
  2. Rectification: Correct inaccurate or incomplete data.
  3. Erasure: Delete data when no longer needed or consent is withdrawn (subject to legal retention).
  4. Restriction: Limit processing in specific cases (e.g., during disputes).
  5. Portability: Receive your data in a structured, machine-readable format.
  6. Objection: Oppose processing based on legitimate interests or for marketing.
  7. Withdraw Consent: Revoke consent anytime, effective immediately for future processing.
  8. Non-Discrimination (CCPA): Exercise rights without penalty to service quality.
  9. Complain: Contact your local authority (e.g., EEA Data Protection Authorities or California Attorney General).

To exercise rights, email hello@proteinea.com. We’ll respond within 45, per CCPA, free of charge unless requests are repetitive or unfounded. Identity verification may apply. Opting not to provide data may limit services (e.g., no job application without a CV).

  1. Ethical Considerations in Biotech

As a biotech company, we handle data with unique ethical implications (e.g., genetic or health information). We:

Our Ethics Committee reviews data practices to ensure they reflect our values and societal responsibility.

  1. Children’s Data

Proteinea does not knowingly collect data from individuals under 16 without verifiable parental consent, per GDPR and the U.S. Children’s Online Privacy Protection Act (COPPA). If such data is inadvertently collected, we’ll delete it promptly upon notification.

  1. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or significant effects (e.g., hiring or credit decisions) unless explicitly consented to and with human oversight. Where analytics tools are used (e.g., website trends), they rely on aggregated, non-identifiable data.

  1. Data Breach Response

In the unlikely event of a breach:

Contact hello@proteinea.com to report suspected incidents.

  1. Links to Third-Party Sites

Our website or communications may link to external platforms (e.g., collaborators, regulators). We’re not liable for their privacy practices—review their policies before sharing data.

  1. Data Controller and Processor Roles

Proteinea is the data controller for data we collect directly. Where we process data on behalf of others (e.g., research sponsors), we act as a data processor and follow their instructions, with separate notices provided as needed.

  1. Changes to This Policy

We may revise this policy to reflect legal, technological, or operational updates. Significant changes will be announced via email, our website, or direct notice, with a 30-day grace period where required. Continued engagement post-update signifies acceptance. The latest version is always at www.proteinea.com.

  1. Contact Us

For inquiries, rights requests, or concerns:  

Email: hello@proteinea.com  

Address: 700 main street, Cambridge, MA 02139, USA

Data Protection Officer: Available at marouf@proteinea.com  

We aim to resolve issues promptly. If unsatisfied, contact your local data protection authority.