PRIVACY POLICY
​
We are NostraBiome SRL (NostraBiome). We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect will be processed by us. Please read this privacy policy carefully to understand our views and practices and your rights regarding your personal data. By visiting our website or mobile applications (our Site), using our services, or by otherwise providing us with your personal information, it will be processed as described in this policy.
1. COLLECTION AND USE OF PERSONAL INFORMATION
1.1 -We may collect personal information that you provide us when you:
-
purchase, order, test, return, exchange or request certain information about our products and services;
-
contact us;
-
visit or register with our Site or participate in another feature of our Site;
-
enter into a contest or sweepstakes or respond to one of our surveys;
-
participate in consultations with a nutritional therapist offered as part of our services;
-
submit your health records (such as blood and other similar test results) to us or authorize third parties to do so on your behalf, or
-
provide us with comments or suggestions.
1.2 - We may also collect personal information about you from service providers who provide us with e-commerce related services related to the Site.
1.3 - Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
1.4 - We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
-
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
-
Contact Data includes billing address, delivery address, email address and telephone numbers.
-
Financial Data includes bank account and payment card details.
-
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
-
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
-
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
-
Usage Data includes information about how you use our website, products and services.
-
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
-
Special Categories of Personal Data includes details about your race or ethnicity, information about your health, and genetic and biometric data.
​
1.5 - We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
1.6 We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
1.7 Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
1.8 In addition, we will use your contact information to send you newsletters, emails, push notifications and in-app notifications about our products, services, sales and special offers if you sign up to receive them and have not opted out.
1.9 We may combine information we obtain about you through our websites with the information obtained through our apps and custom microbiome and blood tests for the purposes described above. We also may use the information we obtain in other ways for which we provide specific notice at the time of collection or otherwise with your consent.
We require certain essential information so that we can provide services to you, so if you do not provided such information to us or remove it from our site or ask us to remove it we will not be able to provide the services to you.
-
Purpose/Activity
Type of data
Lawful basis for processing including basis of legitimate interest
-
To register you as a new customer and open your account
(a) Identity
(b) ContactPerformance of a contract with you
-
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(c) keeping you informed about the status of your order(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us) -
To provide our services and products to you including:
(a) collect and analyze your health, biometric and genetic data by collecting your blood,stool, skin, sputum, saliva DNA and other samples from you directly or via our partners
(b) prepare personalized recommendations based on such data in (a) above(a) Special Categories of Personal Data
(b) Identity
(b) Contact(a) Your explicit consent
(b) Performance of a contract with you
(c) Necessary for our legitimate interests (to improve and develop our products/services and grow our business) -
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey
(c) Communicating with you about your account or transactions and sending you information about features and enhancements
(d) Complying with and enforcing applicable legal requirements, relevant industry standards and our policies, including this Privacy Policy and Terms and Conditions.(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) -
To enable you to partake in a prize draw, competition or complete a survey
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business) -
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Identity
(b) contact information
(a) Identity
(b) Contact
(c) Technical(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation -
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) TechnicalNecessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
-
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
(a) Technical
(b) UsageNecessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
-
To develop algorithms, compile databases, undertake machine learning and training of artificial intelligence.
(a) Special Categories of Personal Data
(b) Identity
(b) Contact(a) Your explicit consent
(b) Performance of a contract with you
(c) Necessary for our legitimate interests (to enable us to offer more precise and efficient analysis and personalization of our services and products and grow our business) -
To make suggestions and recommendations to you about goods or services that may be of interest to you
(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and CommunicationsNecessary for our legitimate interests (to develop our products/services and grow our business)
​
2. LEGAL BASIS FOR DATA PROCESSING
- If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our Sites and services, manage our relationship with you and communicate with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our Sites and our services, undertaking marketing, or for the purposes of ensuring the security of our Sites and services and detecting or preventing illegal activities such as fraud. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
- If we ask you to provide Personal Data to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data). In some instances, you may be required to provide us with Personal Data for processing as described above, in order for us to be able to provide you all of our services, and for you to use all the features of our Sites.
- We must obtain your explicit consent in order to process the Special Categories of Personal Data and to use automatic profiling and artificial intelligence processing and training. We obtain your consent by you signing up to the service and accepting the Terms & Conditions. If you choose to withdraw your consent in accordance with the YOUR RIGHTS section below, we will be unable to provide our services to you.
- In certain cases we retain your Personal Data as long as we have an ongoing legitimate business need to do so for example to provide services or products to you, or as required or permitted by applicable laws, such as tax and accounting laws. When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
- If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us on: business@nostrabiome.com
​
3. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Our business may require us to transfer your Personal Data to countries outside of the European Economic Area ("EEA"), including to countries that may not provide the same level of data protection as your home country such as the United States and China. We take appropriate steps to ensure that recipients of your Personal Data are bound to duties of confidentiality and we implement appropriate measures to ensure your Personal Data will remain protected in accordance with this Privacy Policy, such as Commission approved standard contractual clauses. A copy of those clauses can be obtained by contacting business@nostrabiome.com.
4. YOUR RIGHTS
- You have the following data protection rights, which you can exercise at any time by contacting us on business@nostrabiome.com, below:
-
The right to access, correct, update or request deletion of your Personal Data.
-
The right to object to processing of your personal information when it is based on our legitimate interests provided that there are no compelling reasons for that processing, and separately the right to object to direct marketing.
-
The right to ask us, in some situations, to restrict processing of your personal information or request portability of your personal information.
-
The right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us on business@nostrabiome.com.
-
If we have collected and process your personal information with your consent, then you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
-
The right to complain to a data protection authority at any time about our collection and use of your personal information. For more information, please contact your local data protection authority. We ask that you bring any complaints or concerns to our attention and allow us time to resolve the issue before you raise that concern with a data protection authority.
- We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
- If you are aware of changes or inaccuracies in your information, you should inform us of such changes so that our records may be updated or corrected.
- We will adhere to updating, providing information or deleting your account within 30 days of request.
​
5. COOKIES
- We utilize "cookies" which, if you allow their use, store small amounts of data on your computer when you visit the Site. Cookies assist us in tracking which of features of the Site you like best. Therefore, cookies enable us to customize our content according to your preferences. You have the ability to accept or decline cookies by modifying your browser settings. Our Site is viewable even if you disable the cookie function on your browser. However, if you disable cookies, main functionality like account login and checkout will not work.
- We may use cookies for a number of purposes, including but not limited to: keeping track of preferences you specify while you are using the Site; delivering advertisements and content relevant to your interests; providing general internal and customer analytics; maintaining information in both identifiable and anonymous forms; accessing your information when you "sign in" to provide you with customized content; conducting research to improve our content, products and services; supporting security measures such as requiring re-logging into the Site after a certain amount of time has elapsed; and assisting in identifying possible fraudulent activities.
- Part of this technology utilizes internet "cookies." Cookies are stored on your hard drive in the form of a text file. Most cookies are "session cookies" meaning that are automatically deleted when you close your browser. Other cookies are called "persistent" because they do not expire. Typically, these cookies allow us to provide targeting information about products and pricing. However, you can easily remove them by following the directions in your browsers help file. While this statistical data is collected, it is important to note that we do not sell, rent or lease any of your personal information.
​
6. PROMOTIONAL INFORMATION AND MARKETING MATERIALS
We would like to inform you of products and services, sales and special offers that might benefit you. When you register online or participate in a survey, you will have the opportunity to sign up for e-mails about our products, services, sales and special offers.
​
7. SECURE ORDERING
- When you submit personal information on our website, your information is protected both online and offline. We can only access your credit card (but not your actual credit card information) to issue credits, never for actual charges. Only you can produce a charge by placing an order in your password-protected account.
- While on a secure page, such as our order form which is hosted in a secure data facility, the lock icon of your web browser becomes locked. This indicates that the connection between your web browser and our web server is secured. While on a secure page, the 'http' on your browser changes to 'https'.
- When you submit sensitive information (such as credit card number), that information is encrypted and is protected with the encryption software which meets or exceeds industry standards – (Secure Socket Layer).
- We do not hold any credit card numbers on our Site or on the associated back-office systems used by us to process your orders. We keep the last 4 digits of your credit card for future reference and to help us communicate with you.
- For any repeat orders of our services made by you via our Site if you opt in to have your details stored for future payments our payment processing agent securely holds your credit card details and provides us with a unique token that represents that particular card and this token is only valid for payment to us.
- We take reasonable and appropriate steps to protect your personal information from unauthorized disclosure or access. However, no data transmitted over the Internet or stored on a server can ever be 100% secured. Therefore, while we strive to protect your privacy and personal information, we cannot guarantee the security of any information transmitted or disclosed to us online. If you opted to register with us, you established a password for your account, in which case your online account information will be protected by your password. We suggest that you do not disclose your password to anyone. You are responsible for the confidentiality of your account and password and are fully responsible for all activities that occur under your account and password. We suggest creating challenging passwords such as those with alphanumeric combinations. In the event that this website is closed down, all personal data will be destroyed or you will be notified of any new manner of use of the data.
​
8. NostraBiome WEBSITE & THIRD PARTIES
Like most retailers, as you visit our websites, we are collecting information about that visit. This information may include your IP address, the type of device and software used to access our Site, your internet service provider, how you interact with our Site such as what pages you visit or what links you follow to arrive on or leave our Site. We collect this information to improve our delivery of information and services to you. In order to collect this information, we utilize technology from third party companies like Google. This software is employed to evaluate – anonymously and in aggregate – how people use the bioniq family of websites. We gather this information to make sure the websites are optimized based on the technologies the majority of people are using to access our websites.
​
9. DISCLOSURE OF PERSONAL INFORMATION
We may conduct direct marketing of bioniq's products or services via email, direct mails, telemarketing, fax and /or other form of communication to you. We may provide your personal information to any of our affiliated businesses. We enter into marketing relationships with advertisers or other companies that provide products or services that we believe may be of interest to our customers. With your consent we may send you mail, email or call you with information about product and services offered by these advertisers or other companies if you have provided us with your name and address, email address or phone numbers. If you no longer wish to receive any future promotional or direct marketing materials from bioniq or any of our affiliated businesses, or do not wish to receive such materials through any particular means of communication, please send your request to bioniq Customer Services through the following communication channel: By Email: business@nostrabiome.com.
10. ACCESS TO PERSONAL INFORMATION BY COMPANIES THAT WORK WITH OR ON BEHALF OF bioniq
- Some of our operations, such as our electronic commerce, may be managed by service providers who are unaffiliated companies. These companies may share personal information with their affiliates and with service providers whom they engage to perform services related to our Site or the operation of our business. Examples of these services include payment processing and authorization, fraud protection and credit risk reduction, product customization, order fulfilment and shipping, marketing and promotional material distribution, Web site evaluation, data analysis and, where applicable, data cleansing. These companies may have access to your personal information on a confidential basis only to the extent necessary to perform their functions. In no event will we authorize these companies to use your personal information for any reason other than to provide you with those specific services.
- If your purchases are being shipped to you, your shipping information will be shared with our delivery service providers. Our delivery service providers are asked not to use your personal information for any purpose other than making the delivery.
- Your personal information may also be used by a certified third party providers such as medical laboratories who conduct blood test, phlebotomists, nutritionists. These companies may have access to your personal information on a confidential basis only to the extent necessary to perform their functions. In no event will we authorize these companies to use your personal information for any reason other than to provide you with those specific services.
11. SALE OF BUSINESS
In the event that we or some of our assets are sold or transferred or used as security, your personal information may be transferred to third parties as part of that transaction.
12. DISCLOSURE OF PERSONAL INFORMATION IN LEGAL PROCEEDINGS
If we or any of our service providers is requested by law enforcement officials or judicial authorities to provide personal information on individual users, we or the applicable service provider may, without your consent, provide such information. In matters involving claims of personal or public safety, we or the applicable service provider may provide your personal information to appropriate authorities without your consent or court process. We or our service providers also will provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or in litigation involving us, the applicable service provider, or otherwise as required by law. We may also disclose personal information to assist in debt collection where you owe a debt to us.
13. PRIVACY POLICY AND OUTSIDE LINKS
Our Site may include links to the websites of our business partners, vendors and advertisers. These other sites are outside of our control. Please be aware that these websites may collect information about you, and operate according to their own privacy practices which may differ from those contained in our Privacy Policy. Remember to consult that website's own privacy policy, as once you are outside the Site, any information you submit is no longer in our control.
14. BIOMARKER INFORMATION
We use your biomarker test information and self-reported information to provide you with bioniq recommendations, preparation of your individual formula for supplements, customize your user experience, and enhance our Services. Self-reported information is used to customize your user experience. We may include your anonymized test information and self-reported information in disclosures to third parties for the purpose of research or other applications, but no identifying information will be shared without your prior knowledge and consent.
15. PRIVACY POLICY MODIFICATIONS
From time to time we may modify or amend this Privacy Policy in order to comply with new laws or regulations or to reflect future changes in our business practices. Any changes in our policies will be communicated in this page so please check back on occasion. We also may post a notice on our Site or send an email describing the changes.
16. CONTACT US
If you have any requests, questions or concerns about our use of your Personal Data and this Privacy Policy, please contact us at: business@nostrabiome.com.
For the purposes of data protection legislation, the data controller is NostraBiome SRL, Nicoale Balcescu, nr.11, Arad, Romania