Privacy policy

You are here:

Last updated: 02nd June 2023)


The company EXPERT CENTER FOR DIAGNOSTICS AND LABORATORY SUPPORT “BIOLIGHTS” LTD., incorporated under the laws of Ukraine (Identification number of the legal entity: 32345069) at the following address: 5-B, Yaltynska street, Kyiv, Ukraine (hereafter referred to as “Company”, “we”, “us” and “our”), complies with all relevant data protection laws and strives to maintain robust data protection for users of our website (from now on referred to as “Website”).
This document presents the Company’s Privacy Policy (from now on referred to as the “Policy”, “Privacy Policy”) regarding the nature, purpose, processing methods (collection, use, storage, distribution, deletion, etc.) and features of protecting the Personal Data collected by us (from now on referred to as “Personal Data” or “Data”). In addition, in this document, you can find information about your rights and how to contact us if you have any questions about processing information about you.

This Policy includes the following sections:



This Policy applies to those individuals whose Personal Data is processed or may be processed by us in the future as a data controller, including, but not limited to, if such persons use our Website; contact us with inquiries; follow a hyperlink (link) to this Policy; attend our events, accompanied by the collection of Personal Data.
Our services are mainly intended for use in Ukraine and EU countries. At the same time, we understand that our services may be of interest to users around the world. That is why the Company makes its Website available practically worldwide.
We do our best to protect all Personal Data received from our customers and Websites users and comply with all local data protection laws to the extent they apply to us.
We will never sell your Data to third parties.
Your Data will not be used for automated decision-making, including profiling.
As a rule, we do not collect Personal Data when you visit our Website, except for the lawful operation of cookies and similar technologies or when you prove us consent to process Data in some instances. The provision of Data through the Website is voluntary. We do not require you to register or provide Data to browse the Website. However, failure to provide specific Data may lead to the fact that the Company cannot provide you with the desired service you want to order through the Website.
We inform you that the Company is a Data Controller for the purposes of the General Data Protection Regulation (EU GDPR) and any other applicable data protection law when we control Data collection methods and determine the purposes for which such Data will be used.
This Policy does not apply when the Company acts as a Data Processor or in any other similar role when acting on behalf of a third party. In this case, we process the Personal Data on the instructions and behalf of a third party. Accordingly, a third party’s privacy policy/statement shall apply.
We will process your Data only if at least one of the following legal grounds for such processing exists, including:

  • processing is necessary for the conclusion and/or the performance of a contract with you (including any offer and acceptance thereof), including when you are interested in our services;
  • such processing is required by the laws of the countries in which we provide our services or make them available;
  • there is a significant public interest based on current legislation (for example, to prevent and detect illegal activities);
  • you gave your consent to Data processing;
  • the processing is necessary for the purposes of any legitimate interests of the Company, as the controller, or a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).

Please note that our Website may contain hyperlinks (links) to external resources or third-party websites (Twitter, Youtube, LinkedIn, Facebook). If you use such a hyperlink (link), first of all, carefully read the terms of processing and security of your Data. We are not responsible for data processing by the respective third-party resources and websites.
You can always delete or change your Data and exercise your other rights under applicable law and this Policy.
This Policy may be updated from time to time, including as required by applicable law. The Company will notify you of any changes to the Policy, either by sending notices by email if you provide us with your email address, and we will have the right to send you notifications or by posting notices on the changes on our Website. We suggest you review this Policy for any changes from time to time.


Depending on how you interact with us, how you use the Website, the Personal Data we collect and process may include the following:

  • name and surname;
  • contact details, in a particular email address, telephone number;
  • information about the employer and your position;
  • data collected from a contact (request) form;
  • information about the software, devices, and technologies you used to access the Website, your Internet Protocol address (IP address), browser version, user browser setting, screen size;
  • preferences we obtain from you as you use the Website, such as your language version and region (country).

Some Personal Data may be obtained by the Company from publicly available sources, for example, when such information is (a) available to the public and usually posted on the Internet; (b) lawfully made available to the general public, such as social media, etc.
In addition, we may process other Data if you voluntarily provide it to the Company; for example, when you send us a request.
Since we may change the services we offer, the data we ask for specific processes may vary accordingly.
Please note that our Website and services do not address anyone under the age of 18. We consider a user/customer as a child if they are under 18 unless their country has a different age limit (in some countries, it is under 16). Accordingly, we do not knowingly collect or process information about children. If you become aware of cases of use of the Website by children or that we receive Data from children, please inform us immediately. If we become aware that Company has collected Personal Data from anyone under 18 without verification of parental consent, we take steps to remove that information.


The Company may obtain your Data in a variety of ways and from various sources, including, but not limited to:

  • when using the Website and/or ordering our services;
  • when you subscribe to our marketing;
  • when contacting us (via a unique form on the Website, by email, phone).

We may collect information based on analyzing the actions taken while using the Website through cookies and similar technologies.
When the Company receives any Personal Data from third parties (not from data subjects directly), such third parties are responsible for their compliance with the relevant data protection laws.


We will process your Data solely for the purposes provided for by the applicable law.
We process Personal Data for the following purposes with such legal basis (data may be processed on several legal bases):

  • conducting internal research, development, testing, and improvement of the features and functions of our Website (legitimate interest);
  • prepare for the conclusion of a contract with you (conclusion of a contract, legitimate interest);
  • meeting our internal and external audit requirements, including our information security obligations (legitimate interest);
  • to personalise the user experience and allow us to provide the type of content and product offerings that are of most interest to you (consent; in some cases, a legitimate interest);
  • to contact you concerning participation in events (forums, seminars, meetings, other similar events) held by the Company in which you may be interested in connection with the use of the Website and/or our services (legitimate interest; in some cases consent);
  • direct marketing and/or performance evaluation, including through a survey and other manifestations of the Company’s research activities (legitimate interest);
  • administrative, analytical, and statistical purposes (legitimate interest);
  • to provide advertising information (consent);
  • notifying you of changes and other announcements related to the Website and/or our services (performance of a contract, legitimate interest);
  • subscription and unsubscription management (consent);
  • protection against any malicious actions of users (such as fraud, etc.), detection and/or investigation of a crime in connection with other security considerations of the Company (legitimate interest, compliance with legal requirements);
  • processing (consideration) of your inquiries and/or complaints and responses to them (legitimate interest);
  • to respond to requests from you, supervisory or law enforcement authorities (legitimate interest, compliance with legal requirements);
  • ensuring other legitimate interests of the Company, for example, to prepare a claim or respond to a received claim (legitimate interest).

Where we rely on legitimate interests as the legal basis for processing your Personal Data, we will balance those interests with your interests, fundamental rights, and freedoms, as required by applicable law and best industry practice.
In any case, we will gladly help clarify the specific legal basis for processing your Data.


The Company may provide you with marketing and event information in several ways, such as email, telephone, text messages, direct mailing, and online (when using the Website).
It is mandatory for us to comply with both your marketing preferences and the requirements of applicable data protection laws. We process your Data to send marketing materials where we have your express consent or where there is a legitimate interest in direct marketing.
The information contained in direct marketing must not conflict with your interests. For example, from time to time, we may send you marketing materials about products and services that you may be interested in based on your interest in our Website.
You can opt out of marketing even if you have previously given us consent. You can also object to receiving direct marketing.
If you decide to opt out of marketing or object to receiving direct marketing from us, you can contact us at any time.
In particular, marketing emails received from the Company will contain a specific button or prominent link that will allow you to unsubscribe from receiving such communications in the future.
You may withdraw your consent by contacting Company using the contact form.
Also, you can write a request to our Data Protection Specialist, whose contacts are indicated in this Policy.


Following the standard practice that complies with the requirements of applicable data protection laws, your Data may be transferred to third parties outside the Company in such cases:

  • when we have your consent or at your request;
  • state, federal, and other regulatory, administrative, or law enforcement authorities/agencies as a part of an official process (upon request);
  • in response to a judgment or other decision of the court as a part of an official process;
  • to establish or exercise the right of the Company or an affiliate of the Company to defend against your claims;
  • to investigate and/or prevent fraud by users/customers;
  • if it is necessary and/or in the interests of the Company to protect or exercise its rights or the legal rights of other persons.

Sometimes, we may need to transfer your Data to third parties. In particular, we may share your Data, including but not limited to the contact and technical data, with third parties, such as service providers who perform various functions necessary for the operation of our Website.
Depending on services provided for the processing of Data necessary for our operation, based on our instructions, under this Policy and data protection laws, we may transfer information to the following third parties:

  • to our partners who provide Website technologies and other functions;
  • to our partners providing customer support services (processing customer requests through various communication channels), email services, cloud services, and research services;
  • to our partners providing services to detect and prevent fraud, as well as legal and financial (accounting) services;
  • to third parties to which we are obliged to disclose your Data under the law (for example, state institutions, law enforcement agencies, and courts).

Our partners (suppliers of various services) are prohibited from processing Personal Data that we transfer for them for a specific purpose, for any purposes other than those specified by us as Data Controller. Also, we conclude contracts with such partners, demanding that they provide the same level of protection and security of your Data that is required of us per the applicable law. We limit the use of your Data following any consent provided by you (if consent is the basis for Data processing).
In the event of a merger, reorganisation or a similar corporate event or the sale of the Сompany or part of the Сompany’s assets, the information collected by us, including Personal Data, can be transferred to another company/organisation (subject to merge or acquisition). Undoubtedly, all such Data transfers will be carried out under the applicable data protection legislation and our confidentiality obligations, as specified in this Policy.
Our Website may contain hyperlinks (links) to other third-party websites that do not belong to the Company and are not controlled by the Company. The Company provides this content only for convenience, and including some links does not mean we approve this linked website. Remember that we are not responsible for using Personal Data by these websites and for their privacy policy. The Company recommends being careful when you leave our Website and reading the Privacy policy of each third-party website that collects and then processes your Data.


The Company is an international company that collaborates with various companies worldwide to promote and/or provide users access to the Website and our services. Accordingly, your Data can be processed outside your country of residence, including countries that may not provide the same level of protection of your Data as your country.
In particular, the Personal Data we process are stored in our local environment of the Company’s servers.
When we transmit Personal Data to recipients in other countries outside Ukraine, we take measures to comply with the relevant legal and technological requirements, as described in this Policy and under the applicable legislation on data protection, including by the provisions of Articles 44-50 of General Data Protection Regulation (EU GDPR).
When transferring your Data to third countries that do not apply to the “adequacy decision” of the European Commission, the Company uses Standard Contractual Clauses, mandatory corporate rules, and special agreements on data transfer and processing. In addition, we will require all data recipients to ensure the proper level of protection and security of your Data that is required by the applicable data protection legislation.
In some cases, Company may need your explicit consent to the International Data Transfer.


We save your Data during the time necessary to achieve the goals for which we have collected it, in particular, to satisfy any legal requirements, accounting or reporting, and to ensure the performance of contracts.
To determine the corresponding retention period for Personal Data, in addition to processing objectives, we also consider the volume, nature, and category of Data, as the potential risk of harm from unauthorised use or disclosure of Data, as well as the relevant requirements of the applicable legislation.
As a rule, we keep basic information about Website users for five (5) years.
Please note that the regulations of some countries may impose additional requirements, so the Data retention period may vary. In particular, if the legislation of a country where a user of our Website contains limitation period provisions that determine the period during which you can file a claim against us, we need the appropriate evidence of legal relations with you. So we can process your Data during this period.
We also need to consider the periods for which we may need to keep your Data to comply with our legal obligations to you or regulatory authorities.
Eventually, we can minimise the Data that we process or make it anonymous (for research or statistical purposes) so that they are no longer connected with you. If the Data was anonymised, we could use this information indefinitely since it no longer contains Personal data.
Suppose we process Data with your consent to processing (mainly for marketing). In that case, you have the right to withdraw consent at any time or send us a request for Data deletion or temporary termination of Data processing.


The Company is very serious about the security of Personal data. To ensure the secure storage of your Data, we implemented many technical and administrative tools that protect Data from any unauthorised or illegal processing, as well as any losses, destruction, or damage. We regularly test our security measures to ensure they remain efficient and effective.
First, we use the usual scanning for malicious programs. Our antivirus protection product is one of the best on the market.
When transferring Personal Data outside the Company, we use encryption. We usually use different technical measures for information protection that we collect on the Internet or transmit to third parties, including encryption, firewalls, and password protection.
The Data you provided will be safely stored on our servers, inaccessible to the public.
The Company adheres to the principle of minimising data. We process information related to our users/customers that we very need to perform certain functions and for the specific goals defined in this Policy. Your Data is available only for a limited number of employees who need access to corresponding data to fulfil their functional duties. We constantly train the employees on our Policies, regulating data privacy and security issues.
We do our best to protect the Data, but you need to know that no method of data transmission via the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If the Company learns about the violation of the security system, we will inform you if we shall do this under the applicable legislation so that you can take appropriate security measures.


Cookie files are small text files placed on your device, for example, a computer or mobile device you visit on websites. Our Website, for a certain period, can remember your preferences and actions so that you do not have to configure them again. Our cookie files usually do not identify a specific user, but only recognise the device used.
Cookie files and other tracking technologies on our Website can be used in different ways, for example, for the proper operation of the Website itself, tracking the traffic, or advertising. In particular, we use cookies and other tracking technologies to improve the quality and efficiency of our services and for security purposes.
To learn more about what cookies are, how they work, and how to manage or delete them, visit the website
The list of cookies and other tracking technologies used by the Company on the Website and detailed information about cookie files is available in a separate Cookie Policy.


Please note that when you contact us, you must complete the identification process and describe your specific requirements so that we can process your request and give a lawful response. If we cannot identify you via messages or requests or have reasonable suspicions about your identity, we may ask you to provide proof of identity. Only in this way can we avoid disclosing your Personal Data to someone who may impersonate you, i.e. the identification process is carried out in your interests. Any additional information collected for verification purposes will only be used to verify identity.
We process requests as quickly as possible, but at the same time, we ask you to remember that providing a complete and lawful response to Personal Data is a complex process that can take up to a month or even longer. We will let you know if we need more time to prepare a response.

Rights of Data Subjects under the GDPR

Please be advised that when you contact us, you have to go through the identification process and submit your specific requirements, so that we can process your request and provide a response on legitimate grounds. The list of data that we must provide to you is contained in Article 13 and Article 14 of the GDPR.
According to the data protection legislation of the European Union, your rights regarding your Personal Data include the following:

  • Right of access to your Data (“Data Subject Access Requests”). This right allows you to get a copy of your Data that we process and to find out detailed information about how and why we process this Data. You can read the general information about what Personal Data we process and with what purpose in this Policy. If you want to know more and fail to find this information in Policy, you can request this information from us, in particular, contacting our Data Protection Specialist (see contacts in the next section below).
  • Right to rectification allows you to amend any incomplete or inaccurate Data about you that we process. If you find some of your Data that we process is incorrect or outdated, inform us of this, including contacting the Company’s Data Protection Specialist. However, in some cases, we cannot change your Data. For example, when they were already used in the offer contract and/or contained in any written document issued and presented to us.
  • Right to erasure (“the right to be forgotten”) and withdraw the consent for your Data processing. This right allows you to demand Data deletion if the Сompany has no legal grounds to continue their processing. If we process your Data under the consent to processing (in particular, for marketing distributions), any further processing can be stopped by withdrawing the consent. In cases mentioned in Article 14 of GDPR, the Company will delete processed Personal Data, except for Data we must store following the law. At the same time, we will not always be able to fulfil your request to delete Data for specific reasons about which you will be informed in response to the request.
  • The right to object to the processing of your Data. This right allows you to object if you think that our processing of your Data affects your personal rights and freedoms. In some cases, we can demonstrate that we have significant legal grounds for processing your Personal Data that prevail over your rights and freedoms. You have the absolute right to object to Data processing for direct marketing.
  • Right to restrict the processing of your Data allows you to suspend or limit Data processing. This means the requirement to stop any processing of your Data, except for storage under certain circumstances, namely:
    • you want us to establish Data accuracy;
    • if we illegally process your Data, but you do not wish to delete it;
    • if you need to save Data since such Data is necessary to establish, exercise or defend a legal claim, even if we stopped processing such Data;
    • you objected to the processing of your Data by us, but we must establish the predominant legal grounds to satisfy them.
    • Right to data portability allows you to request the transfer of Personal Data to you or the third party you choose in some cases. We provide Personal Data in a structured, common, machine-readable format. This right applies only to cases where Data were received from you based on your consent or for the conclusion and fulfilment of the terms of the contract with you.
  • Right related to automated decision-making, including profiling. You have the right not to be subject to a decision based solely on automated Data processing, including profiling, which has legal consequences or a significant impact on you.
  • Right to complain. The EU legislation allows you to lodge a complaint with the respective supervisory authority (Data Protection Regulator).

All of these rights are always available to everyone. There are individual exceptions where some of these rights do not apply to the Data we process. Please get in touch with us if you want to exercise the rights above.
A Do Not Track (DNT) request is a setting any user can trigger from their device. The purpose is to allow consumers to limit or prevent the collection of their personal data.
There is no law requiring websites to respect a DNT setting.
Because we do not track our Website users over time and across third-party websites, we do not respond to browser do-not-track signals.
At the same time, even if we follow the DNT, we cannot control the DNT handling of third parties interacting with the Website, such as Google Analytics, AdWords, and others.


If you have any questions or want to complain about this Policy or our use of your Personal Data, don’t hesitate to contact us.
We have appointed a Data Protection Specialist who is the contact person for any questions or comments regarding protecting and processing your Data.
You can contact us by: