Log in
We take the privacy and confidentiality of personal data seriously. We are committed to processing personal data in a lawful, fair and transparent manner, in accordance with applicable data protection laws, and to implementing appropriate measures to protect such data.
This Privacy Policy explains how personal data is processed in connection with:
(a) the website https://www.omniscope.ai (the “Website”);and
(b) the Omniscope digital platform and user portal (the “Platform”).
This Privacy Policy applies to visitors of theWebsite, users of the Platform, prospects, business partners and any other individuals whose personal data is processed by Omniscope in connection with the Website or the Platform.
This Privacy Policy does not apply to the independent processing of personal data carried out by third-party clinics, laboratories or healthcare professionals acting under their own responsibility.
The controller of the personal data processed through the Website and the Platform is:
OMNISCOPE ESPAÑA, S.L.
Registered office: Parc Científic de Barcelona, AvenidaDoctor Marañón, 8, 08028 Barcelona, Spain
Tax ID (NIF): B-06.828.636
Registre Mercantile: [*]
Email: privacy@omniscope.ai
For the purposes of this Privacy Policy, “Omniscope”,“We”, and “Our” refer to Omniscope España, S.L.
Omniscope operates as part of an international group of companies. Certain technological, infrastructure or support activities may be performed by other entities within the Omniscope group acting exclusively as data processors on behalf of Omniscope España, S.L., under appropriate contractual safeguards.
For clarity, certain processing activitiesrelate solely to Website visitors (pre-contractual and informational interactions), while others relate to Platform users who have contractedServices. The applicable purposes and legal bases differ accordingly, as described in Section 5.
This Privacy Policy does not govern:
(a) the processing of personal data carried out independently by third-party clinics, laboratories or healthcare professionals acting under their own responsibility; or
(b) processing activities governed by specific contractual documentation applicable to services providedoutside the scope of the Website or the Platform.
Such processing activities are subject to separate privacy notices and applicable legal obligations of the relevant third parties.
Depending on how you interact with the Website or the Platform, We may collect and process the following categories of personal data:
(a) Identification and contact data, such as name, surname, email address, country of residence and organization;
(b) Account and access data, including login credentials (stored in hashed form), user identifiers and profile information;
(c) Communications data, including messages sent through contact forms or customer support channels;
(d) Background, lifestyle and self-reported information provided through questionnaires, including information voluntarily provided by the user regarding general health-related context, habits, lifestyle, symptoms or similar contextual data, for the sole purpose of enabling the technological functioning of the Services.
Such information is self-reported, is not clinically validated by Omniscope, and is not used to provide medical advice or clinical decision-making;
(e) Data derived from biological samples, typically received in pseudonymized form from authorized clinics or laboratories;
(f) Analytical outputs and Results generated through the Platform; and
(g) Technical and usage data, including IP address, browser type, device information and log data.
Omniscope does not collect biological samples directly and does not process identifiable biological samples.
Personal data is processed for the following purposes and on the following legal bases, as applicable:
(a) Provision of the contracted services, including account creation, access to the Platform, provision of the Services and generation of Results (article 6(1)(b)GDPR(performance of a contract); Article 9(2)(a)GDPR (explicit consent), where health or genetic data is processed;
(b) Compliance with legal obligations (Article 6(1)(c) GDPR), including accounting, tax and regulatory requirements;
(c) Legitimate interests (Article 6(1)(f) GDPR), security, integrity and proper functioning of the Website and Platform, including fraud prevention and abuse detection; and
(d) Consent (Article 6(1)(a) and Article 9(2)(a) GDPR), where required, including for the processing of health and/or genetic data for the provision of the Services or for optional processing activities.
(e) Communications and customer support related to the Services (Article 6(1)(b) GDPR or 6(1)(f)).
(f) Optional research, development and improvement activities, where data is used in pseudonymized or anonymized form beyond what is strictly necessary to provide the Services(Article 6(1)(a) GDPR and Article 9(2)(a) GDPR (separate, specific consent).
As a general rule, Omniscope does not sell or rent personal data. Personal data may be shared with:
6.1. Service providers. Third-party service providers acting as data processors on our behalf, including hosting providers, cloud infrastructure services, payment service providers, analytics and security providers, under appropriate contractual safeguards.
6.2. Clinics and laboratories. Authorized clinics and laboratories may transfer pseudonymized data derived from biological samples to Omniscope for the provision of the Services. Such entities act as independent data controllers for their own professional activities.
6.3. Legal and regulatory authorities. Where disclosure is required by applicable law or a lawful request from a public authority.
6.4. Corporate transactions. In the event of a merger, acquisition, reorganization or transfer of assets, subject to applicable legal safeguards.
We collect personal data from the following sources: (a) directly from you (forms, account creation, questionnaires, support communications); (b) automatically from your device when you browse the Website or use the Platform (technical identifiers, logs, cookies, similar technologies); (c) from authorized clinics or laboratories that provide pseudonymized data derived from biological samples, where applicable; and (d) from service providers supporting the Website/Platform (e.g., hosting, security, payment providers), where applicable.
Where personal data qualifies as special category data under Article 9 GDPR, including information that may relate to physical or physiological characteristics voluntarily disclosed by the user, such data is processed solely for the purposes described above and only to the extent strictly necessary.
Such processing is based on the explicit consent of the data subject, obtained prior to the commencement of the Services.
The withdrawal of consent for the processing of health or special category data may make it impossible for Omniscope to continue providing the Services. Withdrawal shall not affect the lawfulness of processing carried out prior to the withdrawal.
International data transfers may occur whereOmniscope engages service providers or group entities located outside theEuropean Economic Area for the provision of infrastructure, security, analytics or support services.
Where personal data is transferred outside theEuropean Economic Area, Omniscope ensures that such transfers are subject to appropriate safeguards in accordance with Chapter V GDPR, including the European Commission’s Standard Contractual Clauses of 4 June 2021, and, where required, supplementary technical and organizational measures, such as encryption, access controls or pseudonymization.
Data subjects may request further information on international transfers, including the categories of recipients and the safeguards applied, by contacting privacy@omniscope.ai. Where applicable, a copy of the relevant safeguards may be provided upon request.
Personal data is retained only for as long as necessary for the purposes for which it was collected, including:
(a) the duration of the contractual relationship;
(b) compliance with applicable legal obligations; and
(c) applicable limitation periods.
Data derived from background and lifestyle questionnaires and analytical outputs are retained in accordance with the duration of the Services and any applicable access period, as described in the Service Terms, unless longer retention is required by law or the data has been irreversibly anonymized.
In accordance with applicable data protection laws, you have the right to:
(a) access your personal data;
(b) rectify inaccurate or incomplete data;
(c) request erasure;
(d) restrict or object to processing;
(e) request data portability; and
(f) withdraw consent where processing is based on consent.
You may exercise your rights by contacting us at privacy@omniscope.ai.
You also have the right to lodge a complaint with the competent data protection authority.
The Website uses cookies and similar technologies. Further information about the use of cookies and how to manage your preferences is available in our Cookies Policy.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with the processing of personal data.
The Website and the Platform are not directed at persons under the age of 18. We do not knowingly collect personal data from minors.
We may update this Privacy Policy from time to time. The updated version will be published on the Website and will apply from the date of its publication.
If you have any questions regarding this PrivacyPolicy or the processing of your personal data, you may contact:
Data Protection Officer: dpo@omniscope.ai
