Data in Foundation 29

The General Data Protection Regulation was a revolution in the technological environment, and it was necessary to establish a regulatory framework that would adapt to the needs of the environment in which we found ourselves. The main objective of this regulation was to create a more secure environment for the processing of personal data and to unify the collection of data from persons within the territory of the European Union. In the words of the European Union: “This is an essential regulation to promote the fundamental rights of citizens in the digital age and to facilitate business by simplifying the rules for companies in the digital single market.”

At Foundation 29, we take the security of personal data incredibly seriously. We approach all of our tools with the highest level of transparency, and our first focus is making sure we serve as guarantors of the rights of our users. Throughout the process of working with your data, we are aware of how seriously you take your privacy and implement appropriate security measures to ensure your data is protected at all times.

Our Principles


Patient data is solely the property of the patients, and they control what happens with their data. At Foundation 29, our responsibility to protect our users and their data by providing them with extensive and appropriate security standards


We are responsible for transparent explanations of how we use patient data, both through our website and with our tools. Our practices regarding the treatment of data are in compliance with international data protection regulations (GDPR) and in many cases exceed the security and transparency required by that legislation.


We keep data secure through trusted storage providers that are verified and meet all security standards.


Patient data plays a key role in Foundation 29. We are aware of the importance of the correct use of the data. When patients trust us with their data, they are also contributing to the development of research and the discovery of new therapies.

Data We Collect

Hand-drawn illustration of a person raising both arms.


-Name and surname of the user or, failing that, “nickname”
-Medical history
-Genetic information

Hand-drawn illustration of a doctor holding a magnifying glass.


We collect the necessary data to support the diagnostic support platform:
-Patient typology
(by disease or undiagnosed)

Hand-drawn illustration of a person using a laptop while seated.


We collect your identification data exclusively:
– Name
– Surname
– Tax id number
– Phone
– Email address
– Card details
– Address

Exercising Your Data Rights

Foundation 29 makes a responsible treatment of your data. Your data belongs to you, so by virtue of the treatment we make of your data, we inform you that you can exercise the following rights:

  1. right of access to your personal data in order to know which ones are being processed and the processing operations carried out on them
    the right to rectify any inaccurate personal data;
  2. the right to have your personal data deleted, where this is possible;
  3. the right to request the limitation of the processing of your personal data when the accuracy, legality or necessity of the processing is doubtful, and in all other cases provided for in the RGPD;
  4. the right to the portability of your data, when the legal basis that enables us to process them.

To exercise any of these rights you must send a written request to The request must state your full name and address and indicate the rights you wish to exercise. Likewise, when you consider that the exercise of your rights has not been effective, you may file a complaint with the Spanish Data Protection Agency.