Privacy Statement

arrow icon

Privacy Statement for Age Labs AS
Last updated: April 11, 2024

The purpose of this privacy statement is to describe how Age Labs processes information about you and how we protect your privacy. Age Labs is a Norwegian life sciences company. We use personal data in our research and development of products, as well as when running tests for our clients and for administrative purposes. Below is a description of the information we process, what we do with it, and how your privacy is protected. If you have any questions about this statement or other matters, please feel free to contact us. See our contact information in the last section.

1. OUR ROLE

Age Labs, with organization number 919 825 723, acts as the data controller when we use personal data for our own purposes, such as in research. This means that we are responsible for ensuring that your personal data is processed lawfully in accordance with the Norwegian Personal Data Act (“personopplysningsloven”, which incorporates the European General Data Protection Regulation, "GDPR", into Norwegian law), and that the processing is necessary to fulfil explicitly stated and relevant purposes.

2. WHAT INFORMATION DO WE PROCESS AND FOR WHAT PURPOSES?

We use your personal data to i) develop algorithms that can measure and detect age-related diseases and biological age, and ii) perform such analyses for clients as well as for administrative purposes. 

2.1.   Research on Algorithms to Measure and Detect Age-Related Diseases and  Biological Age

We collect biological data from public databases, registries, and biobanks to develop our algorithms. This constitutes research and we follow a research protocol approved by our Regional Committee for Medical and Health Research Ethics (REK). We use the information to develop algorithms. This is done by performing measurements on materials (often blood samples) from research participants and then investigating whether the measurement results can be used to determine if a person has a specific "phenotype" or not, where the phenotype could be age, a particular disease, or time until an event may occur. To do this as effectively as possible, we collect detailed information about the disease and the person from whom the sample was analyzed by combining data from different sources such as Norwegian registries and questionnaires that have been completed. Often, Age Labs will use pseudonymized measurement results previously obtained by others.

For these purposes, the following information is processed:

  • Age
  • Risk factors for diseases, for instance:
    • Smoking
    • Diet
    • Physical fitness
    • Diagnoses
    • Medication use
    • Height
    • Weight

The information we use is collected with consent from each individual to the database. We process this information based on GDPR Art. 6(1)(e) and Art. 9(2)(j), in conjunction with the Personal Data Act § 9. It is necessary for us to process personal data to conduct our research activities. The research is of significant societal interest as biological age is one of the most important risk factors for mortality and age-related diseases such as cancer, cardiovascular diseases, and dementia.

The duration of the processing is as long as the research project is ongoing.

2.2.   Performing Analyses for Clients

We act as a data processor on behalf of our customers to perform the requested analyses, processing the following information:

  • Name
  • Mobile number
  • Email address
  • Postal address
  • Age
  • Gender
  • Smoking status
  • Ethnicity
  • Other medical information to the extent necessary to provide a better service to you and other clients.

The duration of the processing will be in accordance with the data processing agreement with our customers. Please refer to your service provider’s privacy policy for further information.

2.3.  When You Visit Our Website

We currently do not use cookies on our website, www.agelabs.com.

2.4. Target Groups Based on Ad Platform Data

Age Labs may establish pages on social media platforms.

These social media platforms will provide us access to view posts, likes, followers, comments, and messages, in addition to aggregated information about visits and activity on our pages, boards, and tailored advertisements. Our processing will be based on our legitimate interest in reaching out to customers and potential customers (GDPR Art. 6(1)(f)).

The social media platforms are responsible for the information you leave there. We will not store this information ourselves, but we will have access to it as long as we maintain our page on the social medium. You can delete information about yourself at any time, for example, by removing content or reactions you have published. Your information will not be deleted merely by you unfollowing our page.

Social media process personal data in the USA and other countries listed in their privacy statements. You can find more information on how social media processes personal data in their respective privacy statements. We encourage you to read these. The basis for transfer relies on EU standard clauses.

The duration of the processing is five years.

2.5.  Recruitment

In the context of recruitment, we process personal data received from job applicants to take measures at the request of the data subject before entering into a contract (GDPR Art. 6(1)(b)), or based on the job applicant's consent, per GDPR Art. 6(1)(a). Sensitive personal data processed in this context is necessary for Age Labs to fulfil its obligations as a potential employer (GDPR Art. 9(2)(b)).

Any ability and personality tests, as well as internet searches, are based on Age Labs' legitimate interest in finding the right candidate, per GDPR Art. 6(1)(f). We will only contact the job applicant's references if we have obtained consent for this (GDPR Art. 6(1)(a)).

For candidates who are hired, specific terms for storage for data apply. For candidates who are not hired, consent is necessary for storage after the recruitment process has ended. 

 2.6. Other Processing

Age Labs is legally required to fulfil certain obligations involving the processing of personal data. Such obligations may, for example, be related to the requirements of the accounting law for storage and compilation, and the requirement to present information to competent authorities in accordance with legislation (GDPR Art. 6(1)(c)).

See section 5 for further information on storage of data.

2.7. Disputes

Age Labs may process personal data necessary in connection with disputes. Personal data about you for this purpose is processed because we have a legal obligation to do so, per GDPR Art. 6(1)(c), or based on our legitimate interest in documenting and promoting our view in a dispute, per GDPR Art. 6(1)(f).

The duration of the processing is five years.

3. SECURITY MEASURES

The protection of your personal data is a high priority at Age Labs. We continuously work to protect your personal data and other confidential information. Our security measures include physical, technical, and administrative measures.

Our employees receive training and guidance on how to handle personal data securely. We have procedures and access controls to prevent the loss or disclosure of your personal data.

Any breach of our security procedures is documented. We have procedures and capacity to detect and handle security and privacy breaches. Should such breaches be detected, they will be reported to our privacy officer, the risk of security breaches will be assessed, and the Data Inspectorate will be notified if necessary. You will also be notified as a user if the security breach poses a high privacy risk to you.

4. DISCLOSURE OF PERSONAL DATA TO OTHERS

We do not pass on your personal data to others unless there is a lawful basis for such disclosure.

Some of our subcontractors may operate outside the EU/EEA. Any transfer of your personal data out of the EU/EEA will be done in accordance with GDPR chapter V.

5. HOW LONG IS YOUR INFORMATION STORED?

Your personal data is stored only as long as required to perform our services or as long as prescribed by law. This means that information about you as a research participant is stored as long as we need it for the research project within the ethics approval of REK. Information from customer service and GDPR requests is kept for three years. Information we are obliged to store according to the accounting law is kept as long as we are obligated to retain it, usually 3, 5, or 10 years. Information from recruitment processes is deleted when the process ends unless you consent to longer storage. Information about you as a customer used to improve the product for five years or as long as the information contributes to improving the product.

6. YOUR RIGHTS

The legal framework provides you with several rights to help you protect your privacy. You have the right to information about how we process your personal data, access to your personal data, the right to request us to correct, delete, or restrict the use of information about you, request the disclosure of information about you, object, withdraw consents, or complain about our use of personal data. Contact us if you wish to exercise any of your rights. If you want to complain about our processing of personal data, you can lodge a complaint with the Data Inspectorate, but we hope that you will contact us first.

7. CHANGES

The content of this statement may be continuously updated, and changes will be published on our website [URL]. In case of significant changes, we will, as far as practically possible, notify you of this by email.

8. CONTACT INFORMATION

If you have any questions about this statement or our processing of personal data, you can contact us or our Data Protection Officer.

Age Labs: info@agelabs.no 

Data Protection Officer: Thale Cecilia Gautier Gjerdsbakk, Bull & Co Law Firm AS