Privacy Policy

Effective date: 21 March 2026


HealthCode Gene (“HealthCode Gene”, “we”, “us”, or “our”) respects your privacy and is committed to handling personal data responsibly, transparently, and in accordance with applicable data protection law, including the Swiss Federal Act on Data Protection (“FADP”) and, where applicable, the EU General Data Protection Regulation (“GDPR”).

This Privacy Policy explains how we collect, use, share, store, and protect personal data when you visit our website, contact us, request resources, book consultations, submit project information, use our online forms and triage tools, or otherwise interact with us.

1. Who we are


HealthCode Gene
Binzmühlestrasse 76a
8050 Zürich
Switzerland
Email:admin@healthcodegene.com
Phone: +41 78 401 43 76


HealthCode Gene is the controller of the personal data described in this Privacy Policy, unless stated otherwise for a specific client project or service engagement.


2. Scope of this policy

This Privacy Policy applies to personal data collected through:

  • our website and its pages;
  • contact forms and consultation/scoping forms;
  • downloadable resources and email sign-up flows;
  • online questionnaires and triage tools;
  • communications by email, phone, WhatsApp, and social media;
  • client and partner onboarding for research, bioinformatics, omics, predictive modelling, pharmacogenetics, polygenic risk, and related translation or education services.

In some client engagements involving human subject, patient, or research-participant data, our role may differ. In those cases, the relevant contract, data processing agreement, or service terms will govern whether we act as controller, joint controller, or processor for that project.


3. Personal data we may collect

Depending on how you interact with us, we may collect the following categories of personal data:


a. Contact and identity data

  • first name and last name;
  • email address;
  • phone number;
  • country or approximate region;
  • organisation name, professional role, or sector.

b. Communications data

  • messages you send us through contact forms, email, WhatsApp, or social media;
  • notes from calls, consultations, and project discussions;
  • requests for resources, follow-up, or support.

c. Service and project inquiry data

When you use our scoping, booking, or inquiry forms, we may collect:

  • the service you are interested in;
  • your role and organisation type;
  • project descriptions, sample size, study type, data type, or analysis needs;
  • uploaded summaries or other information you choose to provide.


d.  Questionnaire and triage data

If you use our triage tools, pharmacogenetics forms, genetics education tools, or similar questionnaires, we may collect information you choose to provide about:

  • family history;
  • cancer history;
  • medication response;
  • cholesterol or cardiovascular history;
  • pregnancy or family-planning context;
  • developmental or neurological concerns;
  • symptoms or hereditary-condition indicators;
  • consultation interest;
  • optional research participation choices.

e. Marketing and resource request data

  • whether you requested a guide, checklist, or downloadable resource;
  • whether you opted in to updates, newsletters, or occasional service communications;
  • interaction data such as whether you opened or clicked certain emails, where supported by the email service used.


f. Technical and website usage data

When you visit our website, we or our service providers may collect:

  • IP address;
  • device and browser type;
  • date/time of visit;
  • pages viewed and referring page;
  • limited diagnostic, security, and performance data;
  • cookie or similar technology data, where used.


g. Form metadata and attribution data

Where we use advanced form tools, we may also collect:

  • submission time;
  • respondent country derived from IP-based metadata;
  • campaign/source parameters;
  • hidden fields used for attribution or workflow routing;
  • calculated fields used to classify form responses.

4. Sensitive  data

Because HealthCode Gene works in genetics, precision health, pharmacogenetics, and related education, some information you provide may qualify as sensitive personal data, including genetic data and health-related data.


Please do not send full medical records, raw genetic files, or directly identifiable patient data through ordinary website forms unless we have specifically asked for them and provided an appropriate secure method.


Where required, we rely on your explicit consent to process health- or genetics-related information submitted through public-facing tools or forms.


5. How we use personal data

We use personal data to:

  • respond to inquiries and communicate with you;
  • provide consultations, scoping, and service information;
  • deliver requested resources, downloads, or follow-up materials;
  • assess whether our services are relevant to your needs;
  • deliver contracted services in bioinformatics, omics, predictive modelling, genetics translation, and related support;
  • improve our website, forms, resources, and services;
  • maintain website security and prevent abuse;
  • send educational or marketing updates where you have opted in;
  • support optional internal research, analytics, and model-improvement activities using consented, de-identified, or aggregated data where appropriate;
  • comply with legal, regulatory, contractual, tax, or accounting obligations;
  • protect our rights and resolve disputes.


6. Legal bases for processing

Where the GDPR applies, we rely on one or more of the following legal bases:

  • consent, including explicit consent where required for health/genetic-related data or optional research participation;
  • performance of a contract or steps taken at your request before entering into a contract;
  • legitimate interests, such as managing inquiries, improving services, maintaining website security, and administering our business, provided those interests are not overridden by your rights;
  • legal obligation, where we must keep records or make disclosures required by law.

Under Swiss data protection law, we process personal data in accordance with the principles of lawfulness, transparency, proportionality, purpose limitation, and data security.


7. Triage tools, questionnaires, and research use

If you use a HealthCode Gene triage tool, checklist, questionnaire, or similar educational screening form:

  • the tool is intended for educational and informational purposes and does not provide a diagnosis;
  • the result is a simplified triage summary based on the answers selected;
  • we may store the form responses, result category, and related metadata;
  • if you separately opt in, we may use your responses in de-identified, aggregated, or otherwise appropriately protected form to improve internal frameworks, audience insights, educational tools, and future precision-medicine modelling;
  • your decision not to provide research consent will not prevent you from using the tool unless a particular data item is necessary to operate the form.

We do not use the triage tool to make solely automated decisions that produce legal effects or similarly significant effects about you.


8. Marketing communications

If you opt in to receive updates, we may send you occasional emails about:

  • genetics and health education resources;
  • omics or bioinformatics services;
  • consultation availability;
  • new tools, guides, or blog posts;
  • selected HealthCode Gene updates.

You can unsubscribe at any time using the unsubscribe link in the email, where available, or by contacting us at admin@healthcodegene.com.

We do not use identifiable health or genetics questionnaire answers for direct marketing without an appropriate legal basis and, where required, your separate consent.


9. Sharing of personal data

We may share personal data with:

  • website hosting and website management;
  • forms and workflow tools;
  • email and communications;
  • analytics and security;
  • scheduling and productivity tools;
  • professional legal, accounting, or compliance support.

We may also disclose personal data where required by law or where necessary to protect rights, safety, or legal claims.

We do not sell your personal data.

Where a third-party provider processes personal data on our behalf, we aim to put in place a data processing agreement or other appropriate contractual safeguards as required.


10. International data transfers

Some of our service providers may process personal data outside Switzerland or the European Economic Area.

Where personal data is transferred internationally, we take steps designed to ensure an adequate level of protection, including, where appropriate:

  • transfers to countries recognized as adequate by the relevant authority;
  • contractual safeguards such as standard contractual clauses;
  • additional technical and organisational safeguards where required.


11. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to satisfy legal, accounting, contractual, and reporting requirements.

As a general guide:

  • contact and inquiry data: up to 24 months after the last meaningful interaction, unless a longer period is needed;
  • marketing opt-in data: until you unsubscribe or we determine the list entry is no longer active;
  • triage/questionnaire submissions: typically up to 24 months for contact and service follow-up, and longer only where a valid research or service basis applies;
  • client/project data: for the duration of the engagement and thereafter as needed for agreed deliverables, record-keeping, legal obligations, or contractual commitments;
  • technical logs and security data: for as long as reasonably needed for security, diagnostics, and abuse prevention.

Where feasible and appropriate, we may anonymize data so that it can no longer be linked to an identifiable person.


12. Data security

We use reasonable technical and organisational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

However, no website, email system, or internet transmission is completely secure. You should therefore avoid sending highly sensitive information through unsecured channels unless we have agreed a suitable secure transfer method.



13. Cookies and similar technologies

Our website may use cookies, pixels, tags, or similar technologies for essential website functionality and, where implemented, for analytics, performance, attribution, or embedded third-party content.

Where required by applicable law, we will ask for consent before using non-essential cookies or similar technologies.

You can also manage certain cookies through your browser settings. Blocking some cookies may affect website functionality.

14. Social media, WhatsApp, and third-party websites

We maintain a presence on social media and may provide links to platforms such as LinkedIn, Facebook, Instagram, YouTube, TikTok, WhatsApp, or other external services.

If you interact with us through those platforms, both this Privacy Policy and the relevant platform’s privacy policy may apply. We are not responsible for the privacy practices of third-party websites or platforms that we do not control.

15. Children

Our website and services are not directed to children for independent use without parental involvement. We do not knowingly collect personal data from children in violation of applicable law.

If you believe a child has submitted personal data to us improperly, please contact us so we can review and delete it where appropriate.

16. Your rights

Depending on where you are located and subject to applicable law, you may have rights to:

  • request access to personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of personal data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to certain processing;
  • withdraw consent at any time where processing is based on consent;
  • request data portability where applicable;
  • lodge a complaint with a competent supervisory authority.

To exercise your rights, contact us at admin@healthcodegene.com. We may need to verify your identity before fulfilling a request.

If you are in Switzerland, you may also contact the Federal Data Protection and Information Commissioner (FDPIC). If you are in the EEA/UK, you may contact your local supervisory authority.

17. Client and partner responsibilities

If you submit personal data relating to another person, including patient, participant, or team-member data, you are responsible for ensuring you have the right to do so and that any required notices, consents, approvals, or contracts are in place.

For client engagements involving research or clinical datasets, the relevant contract or data processing agreement should define the parties’ roles, scope of processing, security requirements, and retention/deletion arrangements.

18. Changes to this policy

We may update this Privacy Policy from time to time to reflect legal, operational, or service changes. The updated version will be posted on this page with a revised effective date.

19. Contact us

For privacy questions or requests, contact:

HealthCode Gene
Binzmühlestrasse 76a
8050 Zürich
Switzerland
Email:admin@healthcodegene.com
Phone: +41 78 401 43 76