The Google contracting party is its European subsidiary, namely Google Ireland Limited (and not Google, Inc. in the US).

All data will be processed and hosted on servers of Google in Belgium.

The Google Cloud Platform is secured and certified under the standards of ISO27001 (Information Security Management), ISO27017 (Cloud Security), ISO 27018 (Cloud Privacy) and SSAE18 / ISAE3402 Type II (SOC2/3). OncoDNA is in the process of including this new application landscape into the scope of its ISO27001 (Information Security Management) certification.

Google Cloud Platform has demonstrated adherence to the EU Cloud Code of Conduct that was developed by Scope Europe, an independent third-party association, to contribute to an environment of trust and transparency in the European cloud computing market and to simplify the risk assessment process of Cloud Service Providers (CSPs) for cloud customers.

All data are encrypted at rest and in transit.

Google does not use the encoded data for other purposes than those necessary to fulfil its contractual and legal obligations.

Google does not provide any government entity with direct "backdoor" access. Each and every one of the government requests are reviewed and evaluates on international, human rights standards, the Google’s policies, and the law.

OncoDNA Group has the right to audit compliance of Google.

Before onboarding new sub-processors, Google conducts an audit of their security and privacy practices to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Google has assessed the risks presented by the sub-processors, these are required to enter into the EU Model Contractual Clauses in addition to the appropriate security, confidentiality and privacy contract terms.

It is possible that, in the context of technical support, some of our customer’s data are transferred to Google’s sub-processors located outside the European Union, including third country which do not offer an adequate level of data protection in the sense of Article 45 of the GDPR. Google and OncoDNA have taken adequate measures to ensure data are always exchanged in compliance with the Data Protection Laws, by entering into the EU Model Contractual Clauses. For the sake of clarity, such Google’s sub-processors will have no access to our customer’s data unless OncoDNA enables it subject to the appropriate risk mitigation measures. To the greatest extent possible, OncoDNA will always prevent such access, when the purposes of such processing can be achieved in the same way.

Confidentiality clauses with our employees are implemented and we ensure that only the necessary authorized members have access to the data.