Privacy policy

Services Offered

We collect and process your data to perform our services as described in this privacy policy, in the general terms of service and in any specific written service contract. Each of the services is offered only at your request and with your consent. You have the right to withdraw your consent at any time by sending an email to If you do so, we will no longer process your personal data: legal delays and retention policy may apply.

Please note that in some cases, even if you withdraw your consent, we might still have to retain or use some of your personal data for legal reasons. A more detailed overview of our processing activities and their underlying reasons can be found in the following sections.

Megeno's Website

Megeno has a general website which you can visit without an account and which provides you with a description of activities and services as well as contact information. Please also consult our cookies policy on our website for more information on which personal data is processed during your website visit.


safeTogether is a COVID-19 workplace prevention program offered to professionals working in Luxembourg. safeTogether aims to secure a safe return to the workplace and improve occupational safety of employees by monitoring your and your coworkers' risk of COVID-19 exposure. Through your voluntary participation in safeTogether, you can help keep your workplace COVID-19-free, and protect yourself and those around you.

safeTogether is a web progressive solution that allows us to ask you for the information relevant to determining the risk of exposure to the SARS-CoV-2 infection: information about your health, household, and work environment.


clearGene is a universal transaction service, enabling the retrieval and transfer of genomic information from any source to any point of reuse across Europe. clearGene applies a clearing house concept to enable such transactions in a quality controlled fashion, meeting the highest ethical and legal standards.

Providing access to the private genome requires a system to ensure that the right person receives the right data. For this, an individual undergoes a verification process which includes a legal and biological identification. Specifically, the latter includes a single-nucleotide polymorphism fingerprint generated from a buccal swab sample. Megeno verifies if the buccal swab derived fingerprint matches with the original genome data set.

Individuals with personal access to genomic data need to be supported in the reuse of their data. clearGene enables the compliant transfer of the private genome under a secure protocol to any given recipient chosen by the individual.


Megeno is legally required to implement appropriate security measures to protect your personal data (These measures include but are not limited to the following: access management, encryption, pseudonymisation, backups, monitoring of the data). Although Megeno has appropriate security measures in place to protect your personal data, no system is completely immune to hacks or data breaches that may expose your personal data to an unauthorised party. If your genome data is breached and linked to your identity, an unauthorized party may gain access to sensitive personal information about you. If your biometric data is breached and linked back to you, it could be used to uniquely identify you.

Processing of Data

We process your personal data in accordance with valid legal acts and the following principles:

  1. Personal data with respect to you is processed in a lawful, honest and transparent way;

  2. Personal data is collected for specified, clearly defined and legitimate purposes and shall not be further processed in a way incompatible with those purposes;

  3. Personal data must be adequate, appropriate and only which is necessary for the purposes for which it is processed;

  4. Personal data must be accurate and, if necessary, updated; all reasonable steps must be taken to ensure that personal data which is not accurate in relation to the purposes for which it is processed shall be immediately erased or corrected;

  5. Personal data shall be kept in such a way that your identity can be determined for no longer than is necessary for the purposes for which personal data is processed;

  6. Personal data shall be managed by applying appropriate technical or organisational measures in such a way as to ensure the proper security of personal data, including protection from unauthorised processing or processing of unauthorised data, and against accidental loss, destruction or damage.

Please note that some of these processing activities may be carried out by our service providers on Megeno’s behalf. Please refer to the Sharing of your Data section below for more information.

Any of the personal data collected might also be processed when Megeno is required by law to do so.

Processing activities based on the performance of the contract and/or explicit consent

  • Account and contact information

  • Domicile information

  • Payment information

  • Shipping and invoicing information

  • Legal identity documentation

  • Genetic information

  • Information relating to the use of our services

  • Communications with you

  • Website navigation tracking data

Processing activities based on Megeno’s legitimate interests:

  • Legal identity documentation

  • Information from the use of our services

  • Website usage tracking data

  • Legal documentation

Sharing of your Data

Within Megeno

In order for Megeno to provide its services, the company will need to process your personal data. We will process your personal data on a need-to-know basis and in accordance with this privacy policy. All Megeno's employees with access to personal data have received appropriate training in data protection and are bound by an obligation of confidentiality. Additionally, all personnel with access to the most sensitive data (e.g. genome data or and biometric data) and those employees who manage the company’s servers have received further information security training or have the appropriate qualifications and/or certifications.

Third-Party Service Providers

Megeno uses service providers to enable some of the features offered through our services. Some of these service providers will, therefore, process part of your personal data. Megeno only transfers on a need to know basis your personal data to our service providers. All our service providers are located in Europe and operate under the General Data Protection Regulation. Transfers outside the European Economic Area will only be performed under one of the transfer mechanisms described in articles 44-50 of General Data Protection Regulation. Megeno vets all of its service providers and ensures that they have in place the appropriate security measures to protect your data.

  • Genotyping laboratory (Generates biological signature from a buccal swab sample):
    • Your buccal swab samples;

    • A pseudonymised identifier;

    • Your biological signature.

  • Logistics partner (Distributes, collects and temporarily stores sample collection kits)
    • Your name;

    • Your address;

    • A pseudonymised identifier;

    • The date of sample collection.

  • Legal identity verifier (Verifies your legal identity)
    • Picture/video of your face;

    • Picture/video/hologram of your legal identification document.

  • Payment processor (Processes the payment transactions)
    • Billing information (such as a credit or debit card number, or bank account information);

    • Purchase amount;

    • Date of purchase;

    • Payment method;

    • Product or service bought.

  • Cloud service providers (Stores your data and provides processing capabilities for our services)
    • Genetic information;

    • Information from the use of our services.

  • Email and SMS service provider (Processes our email and SMS communications)
    • Your email addresses;

    • Email communications with you;

    • Your mobile phone number.

  • Legal support (Helps in dispute resolution)
    • Potentially all personal data processed by Megeno.

Transfers Outside the European Economic Area

Megeno is based in Luxembourg and all of its employees are based in Europe. Nevertheless, some of our processors may perform part of their processing activities outside the European Economic Area. Your personal data will always be stored in Europe but might be accessed from outside the European Economic Area by those processors. This will always be done under the appropriate safeguards to ensure a level of data protection that matches your protection within the European Economic Area. We have entered into contractual clauses with the relevant processors which guarantee an appropriate level of data protection according to article 46 General Data Protection Regulation.

The cloud service providers only have access to genome data, the biological signature and pseudonymised identifiers. Although your data will always remain stored in Europe, the cloud service providers may access and process personal data on a global basis as necessary to perform the cloud services, including for IT security purposes, maintenance and performance of the cloud services and related infrastructure, cloud services technical support and cloud service change management. We have entered into contractual clauses with the cloud service providers which guarantee an appropriate level of data protection according to article 46 General Data Protection Regulation. You can contact to obtain a copy of these model clauses.

Use of Cookies

Our websites (and some emails) use cookies and/or other technologies, which store small amounts of information on your computer or device, to allow certain data from your web browser to be collected. Cookies (and similar technologies) are widely used on the internet and allow a website or a portal to recognise a user’s device, without uniquely identifying the individual person using the computer. These technologies help to make it easier for you to log on and use the site and provide feedback to us as to which parts of the website you visit (or whether particular emails have been read), so that we can assess the effectiveness of the site or communication and provide a better user experience.

For more information about cookies, including how to see what cookies have been set and how to manage, block and delete them, see our cookies policy and the site for a general overview about cookies.

Your Privacy Rights

You can exercise your privacy rights at any moment by contacting us on or, in some cases, simply through your Account in the “Account information” menu.

As a data subject, you have the following rights in relation to your personal data collected by Megeno:

  1. The right to be informed: Megeno as the entity processing your personal data, must make clear what data it is processing and why in this privacy policy;

  2. The right of access: you have the right to see what data is held about you by Megeno;

  3. The right to rectification: this refers to your right to have incorrect data corrected and/or amended;

  4. The right to erasure: this refers to your right in certain circumstances to have your personal data be deleted (‘the right to be forgotten’);

  5. The right to restrict processing: this refers to the right of you as a data subject to call for a temporary halt to data processing in certain circumstances;

  6. The right to data portability: as a data subject, you have the right to ask for any data supplied to Megeno as a data controller to be provided in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;

  7. The right to object: in certain circumstances, you have the right to object to the further processing of your personal data which is inconsistent with the primary purpose for which it was held;

  8. Rights related to automated decision making and profiling: as a data subject, you have the right not to be subject to a decision based solely on automated processing;

  9. Right to lodge a complaint with the supervisory authority: you have the right to lodge a complaint with Luxembourg’s supervisory authority - the Commission National pour la Protection des Données (CNPD):

Commission Nationale pour la Protection des Données
1, avenue du Rock'n'Roll
L-4361 Esch-sur-Alzette
Tel.: (+352) 26 10 60-1

You have the right to withdraw consent for the processing of your data for one or more services at any moment. Without your consent, Megeno will not process your personal data. Upon your withdrawal of consent and without further processing request from your part, Megeno will, therefore, delete your data without undue delay, unless there is a legal exception that allows or requires us to continue processing your data (see Processing of Data section).

Please note that the withdrawal of your consent does not affect the lawfulness of the processing of your data before your withdrawal and does not exempt you from any outstanding payment obligations as determined in the general terms of service.

You can ask us, or any related third parties, to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not affect our processing of your personal data for other non-marketing purposes such as providing a product and/or service to you, product and/or service experience or other transactions, etc.

Changes to the Privacy Policy

This privacy policy is managed and maintained by Megeno. Megeno reserves the right to amend this document to reflect changes to our services. Megeno will notify you in advance of any changes to this statement that alter its meaning through either publishing on our website or via email communication. In the case of any major amendments, we will ask you to consent again to this privacy policy.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow such a link, please note that these websites have their own privacy and cookies policies and Megeno does not accept any responsibility or liability for these third-party websites.

This privacy policy is global in scope but is not intended to override any legal rights in any territory where such rights prevail. In such an event, the rights and obligations set out in this privacy policy will apply, subject only to amendment under any applicable local law having precedence.

Data Protection Officer

Ernst & Young Business Advisory Services S.à.r.l.
(Michael Hofmann)
35E avenue John F. Kennedy
L-1855 Luxembourg