Privacy Notice
Last updated: March 25, 2026
This notice explains how DNAthlete Austria GmbH processes personal data in connection with this website and the DNAthlete genetics service.
1. Controller
DNAthlete Austria GmbH
Jakob-Auer-Strasse 8
5020 Salzburg, Austria
support@dnathlete.at
For privacy questions, contact support@dnathlete.at.
2. What Data We Process
Depending on how you interact with us, DNAthlete may process:
- contact and identity data you provide via website forms or email, such as name and email address;
- device and usage data collected when you visit the website, such as IP address, browser type, and pages visited;
- analytics data, if you consent to analytics cookies;
- account and service state data if you use the DNAthlete customer portal;
- minimum profile data you provide during service activation, such as first name, last name, biological sex, and ethnicity, needed to generate and interpret your report;
- biological sample data, including the saliva sample submitted for the ordered genetics service;
- genetic data generated from your submitted sample;
- report data and related service outputs; and
- support communications and account-closure requests.
3. Why We Process Data and the Legal Basis
| Purpose | Legal basis |
|---|---|
| Respond to website inquiries and contact form submissions | Art. 6(1)(b) or (f) GDPR |
| Operate and secure the website | Art. 6(1)(f) GDPR – legitimate interests |
| Measure website usage with Google Analytics | Art. 6(1)(a) GDPR – consent |
| Create and manage the portal account and provide report access | Art. 6(1)(b) GDPR – contract performance |
| Process the saliva sample and genetic data to generate the initial report | Art. 6(1)(b) and Art. 9(2)(a) GDPR – explicit consent |
| Retain residual sample for future report updates (if separately requested) | Art. 6(1)(a) and Art. 9(2)(a) GDPR – consent |
| Maintain consent records and comply with legal obligations | Art. 6(1)(c) and (f) GDPR |
4. Who Receives Data
Depending on the service workflow, DNAthlete may disclose data to:
- cloud hosting, storage, and infrastructure providers;
- laboratory and sample-processing partners;
- logistics or shipment partners, if physical kit handling requires it;
- email delivery or customer-support service providers;
- website analytics providers (Google Analytics, only if you consent);
- professional advisers, auditors, or insurers where reasonably necessary; and
- public authorities or courts where disclosure is required by law.
Transfers outside the EU/EEA only occur where appropriate safeguards apply under applicable data protection law.
5. Retention
- If you do not opt into Future Updates, residual physical sample will be destroyed within 3 months after completion of the initial analysis workflow.
- If you opt into Future Updates, residual sample may be retained until consent is withdrawn or for a maximum of 5 years from initial activation, whichever happens first.
- Report data and account-linked service outputs may be retained for as long as reasonably needed to provide the service.
- Consent records and compliance evidence may be retained for as long as needed to demonstrate compliance and defend legal claims.
- Security and server logs may be retained according to security and fraud-prevention requirements.
- Contact form submissions are retained only as long as needed to respond to and resolve the inquiry.
6. Your Rights
Subject to applicable law, you may have rights to:
- access your personal data;
- request correction of inaccurate data;
- request deletion in certain circumstances;
- restrict certain processing;
- object to certain processing based on legitimate interests;
- receive data portability where applicable;
- withdraw consent where processing is based on consent; and
- lodge a complaint with a competent supervisory authority.
DNAthlete's supervisory authority is:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
www.dsb.gv.at
Withdrawal of consent does not affect processing that was lawfully performed before withdrawal or processing that relies on a different legal basis.
7. Cookies and Analytics
We use Google Analytics to understand website usage and improve performance. Analytics is only activated if you explicitly accept it. Your preference is stored locally in your browser and you can change it at any time using the cookie settings control on this website.
The DNAthlete customer portal does not use tracking cookies or third-party analytics.
8. Children's Data
The DNAthlete service is intended for adults aged 18 and over. We do not knowingly process data of minors.
9. Security
DNAthlete implements technical and organisational security measures appropriate to the sensitivity of the data processed. If DNAthlete becomes aware of a personal-data breach likely to result in a high risk to affected individuals, DNAthlete will notify those individuals in accordance with applicable law.
10. Updates to This Notice
DNAthlete may update this Privacy Notice to reflect operational, legal, or product changes. The current version is published on this page.
11. Contact
For privacy questions or rights requests, contact support@dnathlete.at.