For the processing of personal data by plusbiome AG (we, our or plusbiome) through the use of our products and services, including our website availableat https://plusbiome.com (the Website) and the plusbiome mobile application accessible on the App Store and Google Play Store (the Mobile Application).
1. Introduction
We recognise the importance of your privacy and of transparency in our processing of your personal data.
This privacy notice (Privacy Notice) informs you of the personal data we collect when you access and use of our products and services, and how we process such data. It applies generally to our activities relating to our users’ personal data, but we may also have additional privacy notices that apply in relation to specific products and services.
By using our product and services, you expressly acknowledge that we may collect and process your personal data in accordance with this Privacy Notice.
2. Who is responsible for the processing of your personal data
Plusbiome AG, Postfach, 4005 Basel, Switzerland, is responsible for the processing of your personal data. You will find our contact details below in Section 11.
3. How we collect your personal data
We collect the personal data that you provide to us.
We collect the personal data that you provide to us when you use the Website, the Mobile Application and/or the services provided through the Website and the Mobile Application (the Services), for example when you place an order, communicate with us, create and/or manage your account, through web forms or questionnaires you fill, or when you subscribe to our newsletter.
Some information is mandatory and some are optional.
It is mandatory that you complete the data fields identified by an asterisk. If one or more mandatory data fields are not completed, we will not be able to provide access to the Services. You are not required to complete the optional data fields in order to access the services provided through the Website and/or the Mobile Application. These fields may be completed at any time through your account settings.
Certain personal data are collected in an automated manner.
We automatically collect personal data, for instance when you use our Website, including by means of tools, web forms, cookies and other active elements, as further described in this privacy notice.
You may define certain authorisations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities. You may also define certain settings for the automated collection of your personal data through the cookies setting plugin available on the Website. For more detailed information, please see the cookie section below (section 11).
The personal data we process may contain sensitive data.
The information which you provide directly, or which is collected from you through Services you use, may contain sensitive data about you, in particular health data (such as information relating to your wellbeing, digestive problems, weight, activity, sleep, and so on) (Sensitive Data).
We will process such Sensitive Data in accordance with applicable data protection laws, as specified in this Privacy Notice.
4. How we process your personal data
We process your personal data by automated means for the purposes indicated in this Privacy Notice and in accordance with applicable law.
We process your personal data in accordance with applicable law, in particular, Swiss data protection law and if applicable the EU General Data Protection Regulation (GDPR) and/or the UK General Data Protection Regulation, using computers or computer tools, in line with the purposes set out in this Privacy Notice.
We do not make decisions exclusively on the basis of automated processing which has legal effects on the data subject or affects him significantly (automated individual decision). We may process your personal data to create a profile about you and provide you with a more personalized experience when using our Services (profiling). You may have the right to object to such activities, in accordance with applicable data protection laws (see section 12 below for additional information on your rights).
We may process your personal data to erase any information that allows us to identify you (anonymisation) and we may then use such anonymous data for purposes not contemplated by this Privacy Notice (including for data mining, benchmarking, analytics purposes, or developing and marketing new services). You may object to the anonymisation of your personal data for this purpose at any time (see section 12 below for additional information on your rights).
We take the technical and organisational appropriate security measures to prevent unauthorised access, disclosure, modification, alteration or destruction of your personal data, as specified in Section 10 below.
5. On which legal ground do we process your personal data
We process your personal data only if we have a valid legal ground to do so.
We will only process your personal data if we have a valid legal ground for doing so. Depending on the processing in question, we will only process your personal data if:
- Data processing is necessary to fulfil our contractual obligations to you or to take pre-contractual measures at your request (Contractual Necessity);
This is the case in particular when processing your personal data is strictly required to provide you with the Website and/or the Mobile Application and related Services, as further specified in section 6 below. When the GDPR applies, Contractual Necessity is based on Article 6(1)(b);
- Data processing is necessary for the fulfilment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing (Legitimate Interest);
Our Legitimate Interests include in particular (i) ensuring that the Website and/or the Mobile Application and related services are provided in an efficient and secure way (e.g. through internal analysis of the Website and/or the Mobile Application’s stability and security, updates and troubleshooting, as well as support services); (ii) improving and developing the Website and/or the Mobile Application (including monitoring our performance or the use of the Website and/or the Mobile Application and our Services, and for statistical purposes); (iii) benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); (iv) achieving our corporate goals; and (v) for the other Legitimate Purposes explicitly described in section 6 below. When the GDPR applies, Legitimate Interest is based on Article 6(1)(f) GDPR;
- We have obtained your prior consent in a clear and unambiguous manner (Consent); or
When the GDPR applies, Consent is based on Article 6(1)(a) GDPR;
- Data processing is necessary to comply with our legal or regulatory obligations (Legal Obligation);
Finally, we will process your personal data if we are required by law to do so, as further specified in section 6 below. When the GDPR applies, Legal Obligation is based on Article 6(1)(c) GDPR.
In addition, we will only process your Sensitive Data if we have obtained your explicit consent for one or more specified purposes, or if we can rely on another lawful justification in accordance with applicable data protection laws.
6. Purposes for which we process your personal data?
We process your personal data for legitimate and clearly identified purposes.
Your personal data is collected and processed for the purpose of providing our Services and for the other legitimate purposes explicitly specified below and is not further processed in a manner that is incompatible with those purposes at the time of collection, only to the extent relevant to achieve these purposes.
We process your personal data for the following purposes:
To operate the Website and/or the Mobile Application and provide the related Services.
We mainly process your personal data to provide the Services and operate the Website and the Mobile Application, based on our Contractual Necessity to do so, including for creating and maintaining a user account, interacting with you, providing you with the requested information and Services, making the products, goods and services available, as well as for customer and user management purposes.
We will also collect information on the country and/or time zone from which you access our Services. We do not track your precise location.
In addition to the personal data which you provide when logging-in to your account or interacting with the Website and/or the Mobile Application (e.g. when you fill in questionnaires or forms), we automatically collect technical information about your interactions with the Website and/or the Mobile Application, such as the content that was accessed, the date and time of access, and information about your web browser. We process this data to control the use of our Services and manage their stability and security, based on our Legitimate Interest to do so. We may also use this information to improve our products or Services, as described in more details below.
Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such event, unless data must be retained for a valid reason (such as evidentiary or tax purposes). This does not include log files, which are automatically deleted or anonymized 30 days after their collection.
To process product orders and payments.
To place an order, you must provide the information requested from you (e.g. contact information, billing and delivery addresses, payment method and related information).
We also automatically collect data related to your use of the Website and/or the Mobile Application in accordance with our Cookie Policy (see section 11 below).
We use third-party services for payments and the dispatch of orders. For example, depending on the payment method selected, you will be redirected to the website of an online payment provider which is responsible for processing the payment. We transmit to these third parties only the data necessary for the operations they perform.
The processing of the order, inventory and billing data is based on our Contractual Necessity to provide you with the requested goods and Services. We are also required by law to store certain information such as invoices, contracts and other information relevant to accounting for a certain period of time (generally for 10 years) Data relating to uncompleted orders is stored for 12 months and then deleted.
To contact you and respond to your queries.
You have the option of contacting us via the Website, the Mobile Application or by e-mail. In this context, we process the data which you provide to us (including your contact information and the subject-matter of the request). This data is used for the purpose of providing you with the requested information and services, based on our Contractual Necessity.
The retention period depends on the reason for your request and its context. Requests relating to orders will be retained for the period specified for orders. Other requests are, as a rule, retained for 3 months, unless there is a legal ground for retaining them longer (such as evidentiary or tax purposes).
To send you our newsletter and other advertising information.
If you subscribe to our newsletter, we will collect your contact details (name and e-mail address) and use it to provide you with our newsletter, based on your Consent. You may unsubscribe from the newsletter service at any time, in which case your contact details will be deleted.
We also process the time of registration and your opt-in confirmation based on our Legal Obligation to demonstrate compliance. We also analyze your use of our newsletter, e.g. whether you have opened it or clicked on certain links, and process this data to optimize and improve our newsletter, based on our Legitimate Interest
We use the third-party services of HubSpot to provide our newsletter service. HubSpot will have access to your login data in order to provide you with the service. Its privacy policy is applicable in connection with this. It is available at https://legal.hubspot.com/privacy-policy.
Independently from your subscription to our newsletter, we may also contact you by email to inform you about our activities if you have previously subscribed for the use of our Services or purchased a similar product via our Website if you have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by contacting us (see contact detail in section 13). The legal basis for the corresponding processing of your data is our Legitimate Interest to advertise certain sales offers and activities relating our previous interactions with you.
For internal analysis and statistical purposes in order to improve our Website and/or Mobile Application and Services.
Unless you object to such processing, we may process your personal data, in particular data relating to your use of the Website and/or the Mobile Application and your habits and preferences (e.g. our device information [serial number, software version, bug/crash reports], the content you accessed, date and time of access and your preferences), for internal analysis and statistical purposes, in order to better understand the needs of our users and to optimise their experience, and to improve the ergonomics and functionality of the Website, the Mobile Application and the Services in general. You may object to such processing activities at any time (see section 12 below for additional information on your rights).
We do not link this information to you or your account. We use analytics tools provided by known market providers – such as Firebase and Google Analytics – which provide to us only aggregated, non-identifiable data. The privacy policy of those service providers is applicable in this context. You will find information on Google’s privacy practices relating to Firebase and Google Analytics here.
You will find additional information in Section 11 in relation to the use of cookies for this purpose, including on the duration for which data collected this way are stored.
To provide you with target information or advertisement based on the content you published and your interactions with the Website.
Provided we have collected your valid Consent, we use as part of our operation of the Website the services of third parties, such as Google, Youtube or Facebook, which may place cookies on your device in order to provide you with a personalised advertisement based on your interaction with the Website. The privacy policies of those providers are applicable in relation to their activities. You may withdraw your consent at any time (see section 12 below for additional information on your rights).
You will find additional information in Section 11 in relation to the use of cookies for this purpose, including on the duration for which data collected this way are stored, and the link to the privacy policies of those external service providers.
To comply with our other legal obligations or for other legitimate interest.
We may further process your personal data if we have a Legal Obligation to do so or for other Legitimate Interests. This will, for instance, be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or the establishment, exercise or defence of legal claims. The personal data that we process for this purpose are those that we collected for one the purposes indicated elsewhere in this section. We retain the personal data for the duration of the legal obligation imposed on us.
If we have obtained your consent.
In addition to the above, we may process your personal data if we have obtained your prior unambiguous consent for specific purposes. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
7. The circumstances in which we disclose your personal data to third parties
We may disclose your personal data to third parties if this is necessary for the operation of the Website and/or the Mobile Application or to comply with a legal obligation.
We may disclose your personal data to third parties in connection with the operation of the Website and/or the Mobile Application and to subcontractors such as IT service providers, cloud service providers, database providers, automated marketing solutions providers and consultants, including Amazon Web Services (cloud/storage provider), Atlassian Corporation (software development and project management) Google Analytics (data analytics tool), Firebase (app development tools), Freshdesk (support/ticketing services), Just Uno (conversation platform), and the service providers listed in section 11 in relation to the cookies they place. Detailed information on these providers can be found in the previous section.
We may also enable you to use third-party services directly from the Website and/or the Mobile Application, in particular through the social plug-ins of Youtube, Google LLC and Facebook, in which case you acknowledge that third-party operators of such services may access some of your personal data related to the Website and/or the Mobile Application.
Our Website and/or Mobile Application may also contain links to other websites. This Privacy Notice applies only to our actions and does not apply, in particular, to the practices of third-party companies, individuals, or any other websites that may be referenced on the Website and/or the Mobile Application. You should carefully review the privacy policies of any other websites you visit from the Website and/or the Mobile Application to learn more about their personal data processing practices. In such circumstances, the collection and use of your personal data is governed by the privacy policy of those other websites. We are not responsible for their privacy practices.
We may also disclose your personal data to third parties where we have a legal obligation to do so or a legitimate interest in doing so.
We may also disclose your personal data where we have a legitimate interest in doing so, for example (i) to respond to a request from a judicial authority or in accordance with a legal obligation; (ii) to bring or defend against a claim or lawsuit; or (iii) in the context of restructuring, in particular, if we transfer our assets to another company.
8. International Transfers
Your personal data is stored in your area or residence, but may in certain circumstances be disclosed in other countries.
If you are a resident of the European Union, Switzerland or the United Kingdom, we store your personal data on servers located in the European Union. Personal data of other users is generally stored in the United States.
In principle, we do not transfer your personal data to other countries or make it available there. However, in certain circumstances, in particular, in connection with the operations of our subcontractors, your personal data may be made available to recipients located abroad (e.g. Google and Amazon Web Services are headquartered in the U.S). In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission.
If you transmit information and data to us, you are expressly deemed to consent to such data transfers. You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 13 below.
9. How long we store your personal data?
Your personal data will not be stored longer than necessary.
We will erase or anonymise personal data as soon as it is no longer necessary for us to fulfil the purposes set out in section 6 of this Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 6 above. If you suppress your user account, we will delete your personal data within 30 days after such event, unless data must be retained for a valid reason.
In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.
10. Security
We maintain physical, technical and procedural safeguards to keep secure your personal data.
We are committed to the security of your personal data and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We use two-factor authentication whenever possible, antivirus protection, and have a strong password policy in place. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Notice. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data. When you enter sensitive information, we encrypt it using Transport Layer Security (TLS) technology.
Although we take appropriate steps to protect your personal data, no website or application is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.
The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment and this Privacy Notice applies to your use and disclosure of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk.
If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Website and/or the Mobile Application).
11. Our use of cookies or other analytical tools
We use Cookies, other analytical tools and similar technologies in connection with the Website and/or the Mobile Application.
We use various types of cookies, other analytical tools or similar technologies (collectively, Cookies), some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties.
These technologies are generally used to monitor and analyse your interactions with the Website and/or the Mobile Application and/or to enable us to improve the Website and/or the Mobile Application and their functionalities, including customising the Website and/or the Mobile Application and related services, depending on your interactions. We may also use cookies to measure and monitor the traffic and use of the Website and/or the Mobile Application and their performance.
Cookies are generally divided into four categories:
- Essential Cookies. Some cookies are placed on your electronic devices to make the website and/or mobile solution capable of being used, by providing basic features such as page browsing and accessing secure areas. The website and/or mobile solution cannot function properly without this type of Cookies.
- Functionality Cookies. Some Cookies enable the Website to remember choices persons make, for example, user name, and language or text size. These cookies are known as “functionality cookies” and help to improve a person’s experience of the Website and/or the Mobile Application by providing more personalised service.
- Advertising Cookies. These Cookies are used to better understand customer interests and to display more relevant advertisements.
- Analytics/productivity Cookies. Analytics/productivity Cookies, such as those linked to Google Analytics, help understand how users interact with the website and/or mobile solution by anonymously collecting and reporting information.
Our use of cookies may vary depending on the functionalities of the Website and/or the Mobile Application you access.
You can manage Cookies through the settings of your web browser and/or electronic device, as well as through the interface available on the Website.
If you do not want cookies to be stored on your electronic device, you can configure your internet browser or electronic device to refuse and/or restrict them. You may also set the use of Cookies on the Cookie management page of the Website. However, some cookies are essential to the functioning of the Website, and they may operate differently if you refuse or completely restrict Cookies.
For more information, please visit the website http://www.allaboutcookies.org. You can also see the help section of your internet browser or electronic device for more specific instructions on how to manage Cookies.
The following Cookies are used:
Name | Owner | Purpose / Description | Duration and expiry | Type |
Woocommerce_cart_hash | Woocommerce (link to privacy notice) | Determines when cart contents/ data change | Session | Necessary |
Woocommerce_item_in_cart | Determines when cart contents/ data change | Session | Necessary | |
Wp_woocommerce_sessions | Contains a unique code for each customer to identify cart data/databse | 2 days | Necessary | |
Store_notice [notice_id] | Allows customers to dismiss store notice | Session | Necessary | |
HubSpotutk | HubSpot (link to privacy notice) | Track visitors Identity. Passed to HubSpot on form submission and when used deduplicating contacts | 13 months | Analytics |
_hssc
| used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), session start timestamp. | 30 mins | Functionality | |
__hssrc
| Whenever HubSpot changes the session cookie, this cookie is also set. HubSpot sets it to the value “1”, and uses it to determine if the user has restarted their browser. If this cookie does not exist when HubSpot manages cookies, they assume it is a new session. | Session | Functionality | |
__hs_testcookie | used to test whether the visitor has support for cookies enabled | Session | Necessary | |
hsPagesViewedThisSession | used to keep track of page views in a session.
| Session | Necessary | |
hsfirstvisit
| This cookie used to keep track of a user’s first visit | 10 years | Necessary | |
| Cookie is used to help record visit for analytical/ targeting purposes (link to privacy notice) | Until deleted | Marketing | |
Google Adwords | Cookie is used to help record visit for analytical/ targeting purposes (link to privacy notice) | 1.5 years | Marketing | |
Bing | Bing
| Targeting (link to privacy notice) | 90-390 days | Advertising |
__Secure-3PAPISID | Youtube (link to privacy notice) | Builds a profile of website visitor interests to show relevant and personalized ads through retargeting. | 1.5 years | Advertising |
__Secure-3PSID | 1.5 years | Advertising | ||
LOGIN_INFO, APISID, SSID, SAPISID, | These cookies are used by Youtube as part of their embedded services on the Website (sharing etc.). More information about Youtube’s use of cookies can be found in their cookie policy | 1.5 years | Advertising | |
1P_JAR | Based on recent searches and previous interactions, custom ads are shown on Google sites. | 20 day | Advertising | |
HSID | Used by Google in combination with SID to verify your Google user account, if you have one, and your most recent login time to your Google account. | 1.5 years | Functionality | |
SIDCC | Security cookie that protects the user data from unauthorised access | 6 months | Necessary | |
SID | This cookie is used by Google in combination with HSID to verify your Google user account, if you have one, and your most recent login time to your Google account. | 1.5 years | Functionality | |
PREF | This cookie is used by Google to set each of its users’ preferred language preferences. | 1.5 years | Functionality | |
CONSENT | Stores visitors’ preferences and personalizes ads. | 17 years | Functionality | |
Ce_clock | CrazzyEgg (link to privacy notice)
| Stores the difference between the user local clock and the Crazyegg server clock for more precise events time tracking, and the user IP for IP blocking purposes. | 24 hours | Analytics/ Performance |
Ce_assets
| Stores an index of assets urls (stylesheets, images, fonts) that where already collected for the current recording. | Session | Analytics / Performance | |
_ga | Google Analytics (link to privacy notice)
| Used to compute visitor, session, campaign data and to keep track of the use of the website for website analysis reporting. It stores a number generated randomly to identify unique visitors | 2 years | Analytics |
_gid | Used to store information about the use of a website by visitors and creates an analytical report on the functioning of the website. It stores the number of visitors, their source and the page visited in pseudonymised form. | 1 day | Analytics | |
_gat | Attribute Cookie. Contains the unique identification number of the account or website to which it relates. This is a variant of the gat_cookie which is used to limit the amount of data stored by Google on high traffic websites. | 1 minute | Analytics | |
Google Tag Manager | Analytical/ Performance cookie (link to privacy notice) |
|
|
12. Your rights with regard to the processing of your personal data
You have the right to access your personal data we process and may request without limitation that they be removed, updated, or rectified.
Unless otherwise provided by law, you have the right to know whether we are processing your personal data. You may contact us to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.
By accessing your user account (if any), you can review, update, correct or delete the personal data available within your user account.
If you would like us to delete your personal data from our system, please send a request pursuant to the contact details below and your request will be accommodated unless we have a legal obligation to retain the record. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.
If you wish us to erase your personal data from our systems, you may send us a request to the contact details below, which we will comply with unless we need to retain your data for legal or other legitimate reasons.
Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent.
You will find further details of your rights in sections 4 and 5 of this Privacy Notice in connection with each processing activity we perform.
The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances In particular if the GDPR applies to the processing of your personal data the GDPR grants you certain rights as a data subject if the respective requirements are met:
- Right of access (Art. 15 GDPR) – you have the right to ask us for copies of your personal data.
- Right to rectification (Art. 16 GDPR) – you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure (Art. 17 GDPR) – you have the right to ask us to erase your personal data in certain circumstances.
- Right to restriction of processing (Art. 18 GDPR) – you have the right to ask us to restrict the processing of your personal data in certain circumstances.
- Right to data portability (Art. 20 GDPR) – you have the right to ask that we transfer to you or another organization, in a structured, commonly used and machine-readable format, the personal data that you provided to us. The right to dataportability is, however, not absolute and notability does not include the data which we generate internally.
- Right to object to processing (Art. 21 GDPR) – you have the right to object to the processing of your personal data which is based on our Legitimate Interests, in certain circumstances. In such case, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defence of legal claims.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
You have the right to lodge a complaint with the competent authority.
If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.
Although this is not required, we recommend that you contact us first (see section 13) as we might be able to respond to your request directly.
13. Contact Us
If you believe your personal data has been used in a way that is not consistent with this policy, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us.
14. Changes to this Privacy Notice
This Privacy Notice may be subject to amendments, in particular with to adapt it to any new commercial or technological practise or change in law, in which we will inform you by any appropriate means, including by email and/or via the Website and/or the Mobile Application (e.g. banners, pop-ups or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the Website and/or the Mobile Application.
