OmixMe – Terms of Use
Effective date: [09.07.2026]
Version: 1.0
Introductory provisions
These Terms of Use (the “Terms” or “GTC”) govern the use of the OmixMe service, including the website https://omixme.com, the client/clinician portal, the analysis, the report and any consultation (together the “OmixMe Service” or the “Service”), operated by SAMETA s.r.o., Čulenova 7936/5, 811 09 Bratislava, Company ID: 50 706 667, registered in the Commercial Register of the Bratislava III City Court [section, insert] (“OmixMe”, the “Provider” or “we”).
These Terms are general terms and conditions and form an integral part of the contract concluded between the Provider and a client or an institution. By using the OmixMe Service you confirm that you have read, understood, agree to and are bound by these Terms. If you do not agree with the Terms, do not use the Service.
Legal relationships between the Provider and the client that are not expressly governed by these Terms are governed by the relevant provisions of Act No. 40/1964 Coll., the Civil Code, as amended, Act No. 108/2024 Coll. on Consumer Protection (where the client is a consumer), Act No. 391/2015 Coll. on Alternative Resolution of Consumer Disputes and other related regulations. Relationships with an institution (B2B) are governed in particular by Act No. 513/1991 Coll., the Commercial Code.
The current version of these Terms is always available at https://omixme.com/terms. The Terms prevail over any conflicting information contained in other materials (e.g. promotional materials, e-mails or the website).
Language versions. These Terms may be drawn up or made available in several language versions. In the event of any discrepancy, inconsistency or doubt of interpretation between the Slovak language version and any other language version, the Slovak language version always prevails.
The concluded contract is archived by the Provider in electronic form for at least five (5) years from its conclusion, but no longer than the period under the applicable legal regulations, for the purpose of its proper performance, and is not accessible to uninvolved third parties.
Definitions
Unless the context requires otherwise, the capitalised terms used in these Terms have the following meaning and are used consistently throughout the document:
“Provider / OmixMe” means SAMETA s.r.o., seated Čulenova 7936/5, 811 09 Bratislava, Company ID: 50 706 667;
“Client” means a person who orders, makes available or uses the Service, or a person whose biological material is the subject of the analysis;
“Consumer” means a Client who is a natural person and who, in connection with the contract, does not act within their business activity or profession;
“Institution” means a hospital, clinic, healthcare provider or other legal entity that orders the Service within its activity (B2B);
“Treating physician” means a physician or other qualified healthcare professional who provides the relevant medical records and with whom the Report is also shared;
“Contract” means the contract for the provision of the Service concluded between the Provider and the Client or the Institution, of which these Terms form an integral part;
“Report” means the informational output of the multi-omics molecular analysis;
“Biological material / Sample” means any biological material provided for the purpose of analysis through the Service (e.g. DNA, tissue, blood, saliva or other bodily substance);
“Laboratory” means an independent partner laboratory that performs the sequencing and omics analyses of the Sample under its own responsibility;
“Portal” means the Provider’s client/clinician portal through which the Service and the Report are made available;
“Price” means the remuneration for the provision of the Service according to an individual price quotation;
“Terms / GTC” means these Terms of Use.
Nature and purpose of the service – not a medical device or a healthcare service
The purpose of the OmixMe Service is not the provision of healthcare. The OmixMe Service and the Report are provided for research and informational purposes only (“Research use only. Not for diagnostic procedures.”) and have an exclusively informational and supporting character for the Client’s Treating physician.
Not a medical device / IVD. OmixMe is not intended as a medical device or as an in-vitro diagnostic medical device within the meaning of Regulation (EU) 2017/746 (IVDR). It is not intended to diagnose, prevent, monitor, predict, prognose, treat or alleviate any disease or health condition and must not be used for diagnostic procedures.
Not a healthcare service. OmixMe does not provide healthcare and is not a provider of healthcare within the meaning of Act No. 576/2004 Coll. on Healthcare. The Report is not a medical record entry, a diagnosis, a treatment recommendation or medical advice.
Does not replace a physician. The information provided does not replace a professional medical examination, diagnosis or advice. Before any diagnostic, preventive, therapeutic or other health-related decision or intervention, the Client should consult a physician or another qualified healthcare professional.
The physician is the decision-maker. The Report is only a molecular information basis. Any clinical decision remains solely with the Treating physician. OmixMe does not make diagnostic, preventive or therapeutic decisions, does not recommend treatment, makes no therapeutic claims and guarantees no result.
Incompleteness of scientific knowledge. The Client acknowledges that molecular and genetic research is not complete and is constantly evolving. Only those loci and features that have been scientifically demonstrated to be relevant are analysed. For most conditions, the known factors account for only part of the risk; other unknown factors, environmental or lifestyle influences may also apply. The fact that the data do not indicate an increased risk does not mean protection against the condition, and vice versa. Results must therefore always be interpreted in the clinical context by a physician.
Description of the service
The OmixMe Service comprises multi-omics molecular analysis of biological material and AI-assisted bioinformatics, made available as an informational output through the Portal. The Treating physician provides the relevant medical records and arranges collection of the biological material; an independent partner Laboratory performs the sequencing/omics analyses under its own responsibility, and every Report is reviewed by a human expert before it is made available.
The Report is intended solely to support the Treating physician’s own independent professional decision-making (see Section 3). OmixMe provides access electronically and may use subcontractors, remaining responsible for their performance.
Access to the Report and technical requirements. The Report and the interpreted outputs are accessible via up-to-date versions of the major web browsers (in particular Google Chrome, Safari, Mozilla Firefox). It is the user’s responsibility to keep their web browser up to date; the Provider is not liable for display malfunctions caused by technical problems on the user’s side, provided the outputs were correctly made available on the Portal. Such inability to access does not give rise to a right to withdraw from the Contract.
Handling and assignment of the Sample. The biological material must be properly labelled and assigned to the order according to the Provider’s instructions. If the Sample cannot be assigned due to incorrect or missing labelling or registration, the Sample cannot be evaluated and may be irreversibly degraded. After extraction and analysis, the Laboratory may irreversibly dispose of the Sample.
Time validity and sample degradation. Biological material and collection kits may degrade over time. The Sample must be sent and delivered within a reasonable period according to the Provider’s instructions. The Provider is not liable for incorrect interpretation or for the impossibility of performing the analysis due to degradation of the material arising from delayed delivery or improper handling on the side of the Client or the Treating physician.
Impossibility of processing the Sample. In exceptional cases the Laboratory may be unable to process the Sample (e.g. insufficient quantity or quality of the material, failure to follow instructions). If this occurs for reasons on the Laboratory’s side, the Provider will arrange a repeat collection or analysis at no additional cost. If it occurs for reasons on the side of the Client or the Treating physician, the Client is not entitled to a refund and the Provider’s obligation to provide the Service in respect of the affected Sample ceases.
Updating of results. As scientific knowledge continuously evolves, the analysis results may change over time. The Provider is entitled to unilaterally supplement, adjust or remove parts of the outputs in light of the current state of scientific knowledge. After an update, the current outputs are available on the Portal.
Development of the Service. The Service is continuously developed. The Provider may update, modify, supplement or change its functionality; functionality may evolve over time.
Contracting parties and formation of the contract
B2C (client). The Contract is concluded between OmixMe and the Client, or their legal representative. Completing the web form is regarded as a non-binding pre-contractual contact; the Contract is concluded only upon acceptance of the price quotation and signature of the informed consent. The collection of the biological material (tumour tissue) is not performed by OmixMe, but by the healthcare personnel of the relevant healthcare facility; performance of the Contract commences upon delivery of the collected Sample to the partner laboratory, or upon the commencement of its processing. The web form may be completed on behalf of a third party by a family member or a legal representative of that person (e.g. for the organisational arrangement of the Service); in such a case this may constitute a contract in favour of a third party. However, the person whose tissue is collected and analysed must give their own consent to the collection, analysis and processing of their data. If that person is a child (a minor), the informed consent is given by their legal representative; depending on the child’s age and maturity, the child’s own expression of consent (assent) is additionally taken into account.
B2B (institution). If the Service is ordered by a hospital, clinic or other Institution, the Contract is formed with that Institution on the basis of a separate Institutional Agreement.
Payer vs. beneficiary. The Service may be paid for by the Client, a family member, an Institution or another third party. The contracting party and the beneficiary are distinguished in the order; a third-party payer does not become a party to the data relationship.
Order confirmation. The Provider will promptly confirm receipt of the order by an informative e-mail to the e-mail address provided; the confirmation includes an invoice with the basic details of the Contract and the current wording of these Terms. The Provider reserves the right not to accept an order, in particular where the Service is temporarily unavailable, the Price has not been paid, or an obvious error in the price or description of the Service has been identified; the Provider will inform the Client of such fact.
Eligibility, account and acceptable use
The Service is intended for adults; it may be provided to minors only through a legal representative. You undertake to provide accurate, truthful, current and complete information and to notify any changes to it without undue delay.
You undertake to use the Service only for its intended informational purpose, not to misuse it or attempt to circumvent it, not to upload malicious code, not to place an unreasonable load on the system or on other users, and not to use the Service for unlawful purposes.
Access to the Portal is personal. You are responsible for the confidentiality of your login credentials and for all activity carried out under your account, and you undertake not to allow its use by a third party, except in cases expressly permitted by these Terms. You must promptly notify the Provider of any actual or reasonably suspected unauthorised use of the account.
If you become aware of, or suspect, an outage or malfunction of the Portal or the Service, please notify the Provider promptly and provide the necessary cooperation in remedying it.
Price and payment terms
Prices are set out in an individual price quotation, which depends on the biological material and the scope of the analysis. Towards a Consumer, prices are final and inclusive of all taxes and charges.
Payment terms. After acceptance of the price quotation, the Provider issues a pro-forma (advance) invoice, which is processed by an external payment service provider. The Provider generally commences performance only after the Price has been credited, unless the parties agree otherwise. Where payment is made electronically (by payment card or a similar online method), it is carried out exclusively through a payment service provider certified under the PCI DSS (Payment Card Industry Data Security Standard). The Client enters payment-card details directly in that provider’s secure interface; OmixMe does not obtain, store, otherwise process or have access to full payment-card data. Responsibility for the security of payment processing and PCI DSS compliance rests with the relevant payment service provider. The processing of personal data related to payments is described in more detail in the OmixMe Privacy Policy.
On any amounts not paid by the due date, the Provider may charge default interest at the maximum rate permitted by the legal regulations.
Withdrawal from the contract (consumers)
Right of withdrawal. If the Client is a Consumer and the Contract was concluded at a distance or off-premises, the Consumer has the right to withdraw from the Contract, even without giving a reason, within fourteen (14) days under Act No. 108/2024 Coll., unless one of the exceptions under point 8.4 applies. The period begins to run according to the nature of the performance (for a service, from the day the Contract is concluded; for goods, from the day of their receipt).
Consent to the commencement of performance. The Consumer may expressly request the commencement of the Service before the expiry of the withdrawal period. In such a case, the Provider will obtain from the Consumer express consent to the commencement of performance and a statement that the Consumer has been informed of the loss of the right of withdrawal after the Service has been fully provided. By requesting the commencement of performance (in particular sequencing), the Consumer expressly consents to the commencement of performance; after the Service has been fully provided, the right of withdrawal ceases.
Partial performance. If the Consumer withdraws from the Contract after having requested the commencement of performance but before its full provision, the Consumer is obliged to pay a proportionate part of the Price for the performance actually provided up to the moment of withdrawal (a full refund of the Price before collection of the biological material; a proportionate refund after collection but before the commencement of sequencing; after sequencing has commenced, which constitutes full performance based on the Consumer’s prior consent, no right to a refund arises).
Exceptions to the right of withdrawal. The right of withdrawal does not apply in particular to a Contract whose subject is:
a service, if its provision has begun with the express consent of the Consumer and the Consumer declared that they had been duly informed of the loss of the right of withdrawal after the service has been fully provided, and the service has been fully provided;
goods made to the Consumer’s special requirements, made to measure or intended specifically for one Consumer – given the nature of the Service, the analysis is always uniquely tied to a specific biological material and Client;
goods enclosed in protective packaging which is not suitable for return for reasons of health protection or hygiene and whose protective packaging was broken after delivery (e.g. a collection kit);
goods which, after delivery, were by their nature inseparably mixed with other goods, or biological material which has been used or otherwise degraded.
Procedure and form. The Consumer may withdraw from the Contract by sending an unambiguous statement of withdrawal to the e-mail address [EMAIL] or to the Provider’s registered address. The withdrawal must contain the Consumer’s name, address, order details and contact details. A model form, which forms an Annex to these Terms, may be used for the withdrawal. Any unused collection kit must be returned undamaged, clean, complete and in its original packaging.
Refund. In the event of a valid withdrawal, the Provider will refund the relevant amount paid to the Consumer no later than within fourteen (14) days, by the same means of payment the Consumer used, unless the parties agree otherwise. If the returned kit was returned in damaged protective packaging under point 8.4, its price is not refunded.
Liability for defects and complaints
The rights and obligations of the parties concerning liability for defects are governed by the relevant generally binding legal regulations, in particular the provisions of the Civil Code and Act No. 108/2024 Coll. on Consumer Protection. The Client does not acquire rights arising from liability for defects if they knew of the defect before receipt or if they caused the defect themselves.
The Provider is responsible for the collection kit and the Service being free from defects upon receipt or upon provision, as applicable; this does not apply to defects that do not in any way affect functionality. The Client must report obvious defects without undue delay after they could have detected them with due attention, and hidden defects of the collection kit at the latest before its use and dispatch for analysis.
Filing a complaint. A complaint may be filed with the Provider by e-mail at [EMAIL] or at its registered address. In the complaint, the Client shall (i) describe the defect in detail, (ii) state the order number or other identification, (iii) state their contact details, and (iv) attach evidence proving the defect (e.g. photographs).
Handling of the complaint. The Provider will promptly provide the Consumer with written confirmation of the defect notification and information on the period within which it will remedy the defect; this period must not exceed thirty (30) days, except in cases justified by an objective reason beyond the Provider’s control. If the Provider rejects liability for defects, it will notify the Consumer of the reasons for the rejection in writing.
Remedies. In the event of a justified complaint, the Client has in particular the right to request the free dispatch of a replacement undamaged collection kit, a reasonable discount, or to withdraw from the Contract to the extent provided by the legal regulations. The provisions of this section apply mutatis mutandis to defective provision of the Service.
Use of artificial intelligence
The processing and interpretation of data within the Service include bioinformatics supported by advanced artificial intelligence systems. Outputs generated with AI support are based in particular on algorithms, databases and probabilistic computations and are reviewed by a human expert before being made available.
Given the nature of these systems, the outputs may be incomplete or inaccurate and in no case replace the professional assessment of a qualified healthcare professional. They do not constitute promises, confirmations or other legally binding statements of the Provider. Any clinical decision remains solely with the Treating physician (see Section 3).
Warranties, exclusions and limitation of liability
OmixMe will make reasonable efforts to provide the Service on a best-effort basis and to keep the Portal available continuously; however, access may occasionally be limited or unavailable due to planned maintenance, updates, improvements or unforeseen technical problems.
To the maximum extent permitted by law, the Service is provided “as is”, without any guarantee of a treatment outcome or of the completeness of scientific databases and – as stated in Section 3 – without constituting healthcare, a diagnosis or a treatment recommendation.
Nothing in these Terms excludes or limits liability that cannot be excluded under mandatory law (including wilful conduct, gross negligence or damage to life or health), nor the mandatory rights of the Consumer. Subject to the foregoing, OmixMe is not liable for indirect, incidental or consequential damages (including lost profit or loss of data) and its total liability is limited to the amount of the Price of the Service.
Force majeure. Neither party is liable for a failure to perform an obligation caused by an event or circumstance beyond its reasonable control that it could not have reasonably foreseen (“force majeure”), in particular power outages, natural disasters, failures or outages of telecommunications networks, the internet, hardware or software, cyber-attacks or measures of public authorities.
Intellectual property and confidentiality
OmixMe retains all rights to the Service, the Portal and its technology, including the relevant intellectual-property rights. The Client/Institution retains the rights to its own data. Ordering the Service does not grant the Client any rights to use the trademarks, trade names, logos or patents of the Provider or of third parties, unless specifically agreed otherwise.
Each party protects the other party’s confidential information, uses it only to perform these Terms and limits its disclosure to persons with a need to know, with the standard exceptions (public information, lawfully obtained, independently developed information, or information required to be provided by law).
Personal data protection
- OmixMe processes personal data in the manner described in the OmixMe Privacy Policy. In the B2C channel, OmixMe generally acts as an independent controller. Where OmixMe processes personal data on behalf of an Institution (B2B), such processing is governed by the Data Processing Addendum below, which forms an integral part of these Terms. In the event of a conflict on data-processing matters, the Data Processing Addendum prevails.
Consumer protection and alternative dispute resolution (ADR)
A Consumer has the right to contact the Provider with a request for redress if they are not satisfied with the way a complaint was handled or if they believe the Provider has violated their rights, by e-mail at [EMAIL]. The Provider recommends using this contact first before resorting to out-of-court dispute resolution.
If the Provider responded to the request for redress in the negative or did not respond to it within 30 days, the Consumer has, under Act No. 391/2015 Coll. on Alternative Resolution of Consumer Disputes, the right to an alternative (out-of-court) means of resolving the dispute. The Consumer may file the proposal in the manner under Section 12 of that Act; a model form may be used for the submission.
The competent ADR entity is the Slovak Trade Inspection (address for electronic submissions: ars@soi.sk), or another authorised legal entity listed in the list of ADR entities maintained by the Ministry of Economy of the Slovak Republic; the Consumer has the right to choose the entity. The current list is available on the ministry’s website.
The Consumer may also use the online dispute resolution (ODR) platform available at http://ec.europa.eu/consumers/odr. The contact point is the European Consumer Centre Slovak Republic, Mlynské nivy 44/A, 827 15 Bratislava (e-mail: ECCNET-SK@ec.europa.eu).
Governing law and jurisdiction
These Terms and the Contract are governed by the law of the Slovak Republic. For consumers in the EU, the mandatory consumer regulations of the Client’s country of residence remain unaffected (Rome I Regulation, Art. 6).
Disputes are resolved by the competent court of the Slovak Republic; for relationships outside the EU, an arbitration clause may apply. The jurisdiction of the courts of the SR does not affect the Consumer’s right to alternative dispute resolution under Section 14.
Duration, suspension and termination
- These Terms apply from the effective date for the duration of the relationship. OmixMe may suspend access after notice in the event of a material breach. Either party may terminate the relationship in the event of an unremedied material breach (30 days) or in the event of insolvency. After termination, personal data is processed in accordance with the Privacy Policy and the applicable retention rules.
Final provisions
Severability. The provisions of these Terms are severable. If any provision is found to be invalid, unlawful or unenforceable, this does not affect the validity and enforceability of the remaining provisions.
Changes to the Terms. The Provider is entitled to amend these Terms from time to time; it will inform of significant changes via the website or by e-mail. The Client is bound by the Terms in effect at the time of the order. Where a change is required by law or by a public authority, it also applies to previously placed orders. If the Client does not agree with a change, they must stop using the Service; by continuing to use it, the amended Terms are deemed accepted.
Precedence of the Slovak version. In the event of any conflict between the Slovak language version of these Terms and any other language version, the Slovak language version prevails (see also point 1.5).
Contact. For questions, contact SAMETA s.r.o., Čulenova 7936/5, 811 09 Bratislava, e-mail [EMAIL].
Data Processing Addendum (DPA)
Applies where OmixMe processes personal data as a processor in a B2B relationship. It forms an integral part of the Contract.
1. Definitions
The terms “controller”, “processor”, “data subject”, “personal data”, “processing”, “personal data breach” and “special categories of personal data” have the meaning given in the GDPR.
“Data Protection Law” means the GDPR, Act No. 18/2018 Coll. and other applicable personal-data protection regulations.
“Customer” means the Institution (B2B) which, as controller, orders the Service and on whose behalf OmixMe processes personal data;
“Client” has the meaning given in the Terms (the data subject whose biological material/data is analysed).
“Customer Data” means the personal data processed by OmixMe on behalf of the Customer under the Contract and this DPA, which generally relate to Clients as data subjects.
“SCC” means the Standard Contractual Clauses adopted by the European Commission.
2. Subject matter, scope and roles of the parties
The subject matter, duration, nature and purpose of the processing, the types of personal data and the categories of data subjects are set out in Annex A. In a B2B relationship, the Customer (Institution) is the controller and OmixMe processes Customer Data as a processor; where the Customer itself acts as a processor, OmixMe acts as a sub-processor. Each party is independently responsible for compliance with its obligations under Data Protection Law.
3. Processing on instructions
OmixMe processes Customer Data solely on the documented instructions of the Customer (including instructions set out in the Contract, this DPA and Annex A), except where processing is required by Union or Member State law; in such a case OmixMe informs the Customer of that legal requirement before processing, unless that law prohibits it. OmixMe promptly informs the Customer if, in its opinion, an instruction infringes Data Protection Law.
4. OmixMe’s obligations as processor
OmixMe shall in particular: (a) process Customer Data only for the purposes and to the extent necessary to provide the Service and in accordance with the Customer’s instructions; (b) ensure that persons authorised to process Customer Data are bound by an obligation of confidentiality and are appropriately instructed and trained; (c) implement and maintain appropriate technical and organisational measures under Article 32 GDPR (Annex C); (d) comply with the conditions for engaging sub-processors under Section 8; (e) provide the Customer with assistance under Sections 9 and 10; (f) upon the end of the provision of the Service, delete or return Customer Data under Section 13.
5. Customer’s obligations as controller
The Customer shall in particular: (a) process and provide Customer Data in accordance with Data Protection Law and be responsible for its accuracy, quality and lawfulness and for the existence of a valid legal basis (including explicit consent for special categories of data); (b) provide the necessary information to data subjects and obtain the necessary consents; (c) give OmixMe complete and lawful instructions and secure its own user accounts and use of the Service.
6. Confidentiality
OmixMe keeps Customer Data confidential and discloses it only to persons with a need to know who are bound by an appropriate obligation of confidentiality (contractual or statutory), including after the end of their engagement.
7. Security of processing
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks to the rights and freedoms of data subjects, OmixMe implements and maintains appropriate technical and organisational measures under Article 32 GDPR, in particular the measures set out in Annex C (encryption, pseudonymisation, access control, logging, restoration of availability and regular testing of effectiveness). Given the processing of special categories of data (health and genetic data), OmixMe applies heightened safeguards.
8. Sub-processors
The Customer grants OmixMe general written authorisation to engage sub-processors to process Customer Data. The current list of sub-processors is maintained in the OmixMe List of Sub-processors (Annex B). OmixMe informs the Customer of any intended change involving the addition or replacement of a sub-processor at least 10 days in advance, and the Customer may object to such a change in writing on reasonable data-protection grounds; the parties will attempt to resolve the objection in good faith. OmixMe concludes with each sub-processor an agreement imposing data-protection obligations substantially equivalent to this DPA and remains responsible to the Customer for the performance of the sub-processor’s obligations.
9. Data subject rights
Taking into account the nature of the processing, OmixMe provides the Customer with reasonable assistance by appropriate technical and organisational measures so that the Customer can fulfil its obligation to respond to data-subject requests in the exercise of their rights under Chapter III GDPR. If a data subject contacts OmixMe directly, OmixMe forwards the request to the Customer without undue delay and does not substantively respond to it without the Customer’s instruction, unless required by law.
10. Assistance with impact assessments and consultations
OmixMe provides the Customer with reasonable assistance in ensuring compliance with the obligations under Articles 32 to 36 GDPR (security of processing, breach notification, data protection impact assessment and prior consultation with the supervisory authority), taking into account the nature of the processing and the information available to OmixMe.
11. Personal data breach notification
OmixMe notifies the Customer of any breach of the security of Customer Data without undue delay after becoming aware of it, and provides the Customer with reasonable information and assistance necessary to fulfil its notification obligations towards the supervisory authority and data subjects under Articles 33 and 34 GDPR. Breaches involving special categories of data are treated as high-risk by default.
12. International transfers
OmixMe prefers processing within the EU/EEA. OmixMe does not transfer Customer Data to a third country outside the EU/EEA without the Customer’s prior instruction or consent, except where required by law. Where such a transfer occurs, it takes place only on the basis of a valid transfer mechanism under Chapter V GDPR – an adequacy decision or the Standard Contractual Clauses (SCC) (Module 2 controller-to-processor or Module 3 processor-to-processor) – supplemented by a transfer impact assessment (TIA) and any additional safeguards. Where the SCC apply, they are deemed incorporated into this DPA and, in the event of a conflict on transfer matters, prevail over the DPA.
13. Deletion or return of data
Upon the end of the provision of the Service, OmixMe, at the Customer’s choice, deletes or returns all Customer Data and deletes existing copies, unless Union or Member State law requires their retention; in such a case OmixMe continues to protect their confidentiality and does not process them for any other purpose.
14. Audit and inspection
OmixMe makes available to the Customer the information reasonably necessary to demonstrate compliance with the obligations under Article 28 GDPR and allows for and contributes to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer and bound by confidentiality. An audit may be carried out at most once a year (except for an audit requested by the supervisory authority or an audit following a personal data breach), on at least 30 days’ prior written notice, during normal business hours, in a manner that minimises disruption to operations, while preserving the confidentiality and security of other customers’ data, and at the Customer’s cost.
15. Liability and order of precedence
The liability of the parties under this DPA is governed by the limitations of liability agreed in the Terms/Contract to the extent permitted by law. In the event of a conflict between this DPA and the Terms or the Contract on matters of processing of personal data, this DPA prevails; in the event of a conflict between the DPA and the SCC, the SCC prevail on transfer matters.
16. Term and effect
This DPA is effective for the duration of the Contract and for as long as OmixMe processes Customer Data. Provisions which by their nature are intended to survive (in particular confidentiality, liability and obligations on termination) remain in force after the end of the DPA.
Annex A – Description of processing
| Item | Description |
|---|---|
| Categories of data subjects | Clients (and, where applicable, their legal representatives) and referring physicians |
| Categories of personal data | Identification/contact data; health data; genetic/omics data |
| Special categories | Health data and genetic data (Art. 9 GDPR) – key to the service |
| Nature and purpose | Multi-omics molecular analysis and creation of an informational report on behalf of the institution |
| Frequency / duration | Per order; for the duration of the Contract |
| Competent supervisory authority | Office for Personal Data Protection of the Slovak Republic |
Annex B – Approved sub-processors
See the OmixMe List of Sub-processors (maintained separately).
Annex C – Technical and organisational measures
encryption in transit and at rest; pseudonymisation of genetic data; separation of the identification and medical databases;
role-based access control; MFA; least privilege / need-to-know;
audit logs; input validation; integrity checks;
backups, redundancy and disaster-recovery procedures;
confidentiality obligations, security training and background checks of personnel.
Annex – Model withdrawal form
(complete and return this form only if you wish to withdraw from the contract)
To: SAMETA s.r.o., Čulenova 7936/5, 811 09 Bratislava, e-mail: [EMAIL]
I/we hereby give notice that I/we withdraw from the contract for the provision of the following service / for the purchase of the following goods: ..............................................................
Date of order / date of receipt: ..............................................................
Name and surname of the consumer(s): ..............................................................
Address of the consumer(s): ..............................................................
Order number: ..............................................................
Signature of the consumer(s) (only if the form is submitted on paper):
..............................................................
Date: ..............................................................
