Privacy Policy

  1. Chrysea Limited

The privacy, protection and safety of the personal data we have access to are part of our daily activity priorities. CHRYSEA and its affiliates undertake to process personal data only for the purposes for which it was collected, in a transparent, safe, responsible and ethical manner.

This privacy policy applies to all the personal data collected through the website, owned by CHRYSEA LIMITED, “CHRYSEA” a company with headquarters at 88 Harcourt Street, Dublin 2 D02 DK18,  Ireland

Read this Privacy Notice (this “Privacy Notice”) carefully. If you do not consent to the terms of the Privacy Notice please do not access, or use the Services of CHRYSEA and its Affiliates (collectively, “CHRYSEA,” “we,” “us,” or “our”) provide. To learn about Affiliates of CHRYSEA, see the list at the end of the Policy.

When visiting the website, only, it does not require the collection, in an automatic manner, of any personal data that identifies the user, unless the user voluntarily provides information through the available forms for each purpose. 

It is only following a direct contact by the users through the website that CHRYSEA processes the personal data, within the scope of its activity, as better described in the present Policy, so that data subjects can better understand the purpose of their data and the operations performed using it. The user can choose to contact CHRYSEA through other available means indicated herein, and the same conditions and safety measures are applicable as long as the same purposes are concerned.

2. Processing of Personal Data

2.1. Conditions for lawfulness

In order to process the user’s personal data under the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”) and additional legislation on data protection in force in the countries of operation, CHRYSEA will act under the condition for lawfulness according to the Conditions for lawfulness of the GDPR.

Throughout this document, the following conditions for lawfulness are mentioned, depending on the purpose and context of the data processing:

  • Consent: whenever the data subject previously consented, by means of an affirmative action, to the processing of its personal data;
  • Pre-contractual measures or performance of the contract: whenever the processing of data is necessary in the context of a service provision or product acquisition;
  • Legitimate interest: whenever CHRYSEA processes personal data by virtue of a legitimate interest, which, in a balancing test, is not surpassed by the rights and interests of the data subjects;
  • Legal obligation: whenever the processing of personal data is necessary to comply with a legal obligation to which CHRYSEA is subject of;
  • Biological Sample. To use our tests, we may require a biological sample, such as a saliva, urine, blood, or stool sample. We use your biological sample to provide your test results;
  • Health and Wellness Information: Data needed to provide testing services (including generating meaningful results), we request certain health and wellness information from you, including your height and weight, demographic information, health history, analytical blood works and respective results, medication history, mental health, pregnancy, fertility health history, dietary, sleep, and exercise habits (“Health and Wellness Information”). With your informed consent only, we use your Health and Wellness Information, your test results, and information about the purchases you make through our Services for research, analytics, and product development purposes and to create de-identified or aggregate data that we might share with third parties for their own research and product development purposes. 
  • Important public interest or public interest regarding public health: whenever the processing of special categories of personal data (such as health data) is concerned, necessary to ensure a high level of quality and safety of healthcare related practice or nutrition intervention,  devices use, anticipating appropriate and specific measures that safeguard the rights and freedoms of the data subject.

2.2. Purposes

CHRYSEA processes personal data, i.e. it collects, registers, organizes, structures, stores, consults, uses, discloses by forwarding, broadcasting or any other form of availability, among others, information that can be associated to an individual (the “data subject”) and it is responsible for said processing, determining the data operations, whenever there are appropriate conditions for lawfulness.

The website is an informative website that aims to communicate to our visitors who we are, what is our mission, what are our commitments, where we are, as well as our activities and the career opportunities at CHRYSEA.

Personal data is not necessary for the informative use of our website. However, we offer various communication channels so that you know how to contact us. It is through these voluntary contacts that we might need to process some personal data directly provided by those who visit our website, with one of the following purposes:

  • Management of contacts, information or requests;
  • products and respective information.
  • Quality suggestions and complaints.
  • Recruitment of human resources.

This privacy policy is only applicable to personal data directly provided through our website and our online resources and communications (such as other websites operating under direct responsibility of CHRYSEA, mobile applications [apps], e-mail and other communication tools) with a link to this policy.

This privacy policy is not applicable to personal information collected through offline resources and communications, except in cases where said personal information is consolidated with personal information collected online by CHRYSEA or by a subcontracting party acting on behalf of CHRYSEA. This Policy is also not applicable to other third-party websites and online resources to which, or websites might provide links, when CHRYSEA neither controls nor is responsible for the content or the data processing of those resources.

2.2.1. Management of contacts, information, or requests

If you wish to contact the CHRYSEA Group, you can do so by phone, e-mail or by filling out a form on our website, indicating the subject and reason for your contact. Through the form available on the website, we will collect a set of personal data, which will be processed to respond to your request, question or suggestion. For this purpose, the following personal data is collected from the contact form: first and last name, e-mail address and the subject of your request. Provision of this data is mandatory, otherwise we might not be able to process and respond to your request.

In that respect, an open-message field is also made available where you can fill out your request, question, or suggestion, where other personal data can be provided, spontaneously.

Any personal data provided to CHRYSEA and related to an information request can be processed to respond to your request. This process is of the legitimate interest of CHRYSEA and is indispensable so that we can respond properly to your request. In this case, CHRYSEA will store this information for up to two years from the date of the request.

2.2.2. Recruitment and selection of human resources

CHRYSEA publishes on its site career opportunities available within the Group, while also encouraging spontaneous applications. The communication of personal data for recruitment process purposes is voluntary. However, the supplied data is necessary to the recruitment process to which the data subject applied, wherefore the omission or refusal to communicate said data might prevent its fulfilment and, therefore, the potential consideration of the application that was sent.

CHRYSEA processes personal data regarding the data subjects that send in applications, also researching and analyzing profiles, through publicly available professional information, and, in some cases, performing interviews and tests to assess the candidate’s potential. No decision based on the personal data supplied by the subject is automated.

CHRYSEA stores the records of the recruitment processes and proceeds with processing this data in the context of pre-contractual proceedings and obtaining consent. By submitting an application through the recruitment platform available on the CHRYSEA website, the candidate is given direct control over the submitted data, being able to edit it, update it, complete it or delete the application at any time. If you wish to maintain your candidate profile active, the data will be stored for up to five years from the last access (login) to CHRYSEA’s recruitment platform. Furthermore, CHRYSEA can store the candidates’ data for a longer period in order to contact them during future recruitment processes, upon consent.

2.3. Recipients of your personal data

So that CHRYSEA can fulfil its duties and provide the best possible service, it might need to communicate or provide access to your personal data to the following categories of entities:

  • Affiliates, with registered offices inside the European Economic Area, with the same aforementioned purposes. See for List of Affiliates.
  • Vendors and Service Providers. We may share information we receive with vendors and service providers retained in connection with the provision of our Services.
  • User Content. Our Services allow you to find and share content, such as product ratings and reviews. The content you post to the Services will be displayed on the Services and be viewable by other users by default. Please note that we are not responsible for the other users’ use of available information, so you should carefully consider whether to post and what to post or how you identify yourself on the Services.
  • Social Networks and Other Online Services. Our Services allow you, on your direction, to share content on social networks and other online services, such as Twitter and Facebook. You understand and agree that the use of the content you post by a social networking website or other online service is governed by the privacy policies of these third-party services and your settings on that service. We encourage you to review their privacy policies.
  • Analytics Partners. We use analytics services, such as Google Analytics, to collect and process certain analytics data. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/ and if you use our Services as part of a promotion with that partner, with your consent, CHRYSEA will share your test results with that third-party partner.
  • As Required by Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information can occur if you post objectionable content on or through the Services.
  • Merger, Sale, or Other Asset Transfers. We can transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. The use of your information following such an event will be governed by the provisions of our Privacy Policy in effect at the time the applicable information was collected.
  • Consent. We might also disclose your information with your permission.
  • Links: Our websites may contain links to websites not operated or controlled by CHRYSEA and or its Affiliates. We are not responsible for the privacy practices of other websites. We encourage our users to be aware when they leave our website(s) to read the privacy statements of every website that collects personally identifiable information.

2.4. Exercise of rights by the data subjects

2.4.1. Rights of the data subject

In regard to the processing of his/her personal data, the data subject has the following rights:


Right of access
In legal terms, he/she has the right to obtain confirmation as to whether or not his/her personal data is processed by CHRYSEA.
He/she also has the right to access his/her personal data, as well as to obtain the following additional information or explanations:(i)   the reasons for the processing of his/her personal data;(ii)   the types of data being processed;(iii)   entities to which his/her personal data might be forwarded, including entities located outside the European Union or international organisations, in which case the data subject will be informed of the warranties covering the transfer of its data;(iv)   storage periods of his/her data or, if this is not possible, the criteria for fixing this period;(v)   rights the data subject benefits from regarding the processing of his/her personal data;(vi)   if the personal data was not supplied by the data subject, information on its origin;(vii)   the existence of automated individual decisions, including profile settings, and, in this case, information on the underlying logic of this processing, as well as its importance and foreseen consequences.
Right of rectificationWhenever the data subject believes that his/her personal data is incorrect or incomplete, he/she can request its rectification or supplementation.
Right to eraseIn legal terms, the data subject has the right to request the erasure of his/her personal data in one of the following cases:(i)   the personal data is no longer necessary for the purposes for which it was collected or processed;(ii)   the data subject objects the data processing and there are no prevailing legitimate interests that justify the processing, or the data was processed for purposes of direct marketing (sending of unsolicited communications);(iii)   the personal data is being processed illegally;(iv)   the personal data has to be deleted due to a legal obligation CHRYSEA is subject to; or(v)   the personal data has been collected regarding the provision of services by the information society.The right to erasure does not apply when the processing is necessary for the following purposes:(i)   exercising the right of freedom of expression and information;(ii)   compliance with a legal obligation requiring the processing and to which CHRYSEA is subject to;(iii)   reasons of public interest regarding public health;(iv)   archiving purposes of public interest, scientific or historic investigation purposes or statistical purposes, inasmuch as exercising the right to erasure seriously undermines achieving the purposes of that processing; or
(v)   establishment, exercise or defence of a right in legal proceedings.
Right to restrict processingYou can request the restriction of your personal data processing, in the following cases:(i)     if you dispute the accuracy of your personal data, for a period which allows CHRYSEA to check its accuracy;(ii)   if the processing is illegal and you oppose the erasure of your personal data and request, conversely, the restriction of the processing;(iii)  if CHRYSEA no longer needs the personal data for the purposes of the processing, but that data is necessary for the purposes of establishing, exercising or defending a right in legal proceedings; or(iv)   if you have expressed your opposition to the processing, until such time as CHRYSEA’s legitimate interests outweigh your own.
Right of portabilityYou have the right to receive your personal data, which you provided, in a structured, general-use format that allows for automatic reading. You also have the right to request that the data be transmitted by CHRYSEA to another data controller, as long as that is technically possible and, in this particular case, the legal requirements to exercise that right are fulfilled.
Right to objectIn legal terms, you have the right to object the processing of your personal data at any moment, for reasons related to your specific situation, in the following cases:
(i) When the processing is based on CHRYSEA’s legitimate interest, without prejudice to CHRYSEA presenting compelling and legitimate reasons for such processing that outweigh the interests, rights and freedoms of the data subject, or for the purposes of establishment, exercise or defence of a right in legal proceedings; or
(ii) When the processing is performed for purposes different from those to which the data was collected for, but which are compatible.
The right to lodge a complaint with a supervisory authorityYou have the right to lodge a complaint with a competent supervisory authority, regarding matters related to the processing of your personal data. Click here to obtain the contact information of the relevant authority in your country or region.

2.4.2.  How to exercise your rights

You can exercise your rights before CHRYSEA through the following channels:

  • In person: at CHRYSEA’s headquarters, in person with the Compliance Officer, at 88 Harcourt Street, Dublin 2, D02 DK18, Ireland
  • or at the CHRYSEA’s branch in your country;
  • Online: through the relevant form available online;
  • E-mail: through an e-mail addressed to the Compliance officer at  legal@chrysea.com;
  • Letter: in writing, through a letter addressed to the Compliance Officer, at 88 Harcourt Street, Dublin 2, D02 DK18, Ireland
  • Exercising your rights is free, without prejudice to, whenever there are reaffirmed requests, clearly unjustified and repetitive, CHRYSEA demanding payment of a reasonable fee, regarding administrative costs related to the supply of information or execution of the requested actions or even refusing to comply with the request.

When CHRYSEA is in reasonable doubt regarding the identity of the individual submitting the request, they can request additional information to confirm his/her identity. 

2.5. Updates to the Privacy Policy

The information provided in this document may need to be altered over time.

Therefore, we advise you to visit the website, where this information will always be up to date.

Whenever there are changes regarding the processing of your personal data, CHRYSEA will inform you through the website or by means of other communication channels commonly used.

2.6. Compliance Officer and Point of Contact

Whenever you have doubts regarding the processing of your personal data or the information you provided by CHRYSEA, you can contact CHRYSEA through the usual communication channels, indicated in paragraph 2.4.2 above, or our Compliance Officer through the following contacts:

CHRYSEA LIMITED

88 Harcourt Street,
Dublin 2
D02 DK18
Ireland

E-mail:  legal@chrysealabs.com 

12 November 2023