Privacy Policy

Last updated: 29th January 2023

Introduction

PrecisionBiotics is part of Novonesis OneHealth, the Human Health Unit of one of the world’s leading biotech companies, the Novonesis Group. Learn more about us @ https://biosolutions.Novonesis.com/

Novonesis A/S, Krogshoejvej 36, DK-2880 Bagsvaerd, Denmark (“we” or “us”), is responsible for the processing of your personal information provided to or collected by us in connection with your use of any PrecisionBiotics Websites (collectively referred to as sites or Websites) or any other electronic interaction you have with us, including our online shop.

https://www.precisionbiotics.com/ie/

https://www.precisionbiotics.co.uk/

and our Healthcare Professional site as follows:

https://www.precisionbiotics.science

We are committed to protecting your personal information and the following describes how we collect, process, and store your personal information in accordance with applicable laws, including, ePrivacy directive, the EU General Data protection Regulation no. 679/2016 (GDPR) and the UK Data Protection Regulation (UK GDPR).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit these websites, send us an email or opt to participate in one of our surveys. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please exit our site and do not introduce any personal details.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the Site. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted. Only subscribers to our “sign me up” newsletter will receive specific emailed notice of each such change or modification.

If you feel something is not addressed in this Privacy Policy or have further questions, our Data Protection Representative can be reached at dataprotection@precisionbiotics.com

Responsibility over data collected

As defined by the GDPR, Novonesis (we) are Controller and Processor of the data collected via our websites and email exchange which means we determine the purposes and means of the processing of the personal data of our users.

In order to provide you the best service possible, your personal data is transferred to our service providers, which assumes the role of Data processors as they provide us back-office applications for websites, your accounts and subscriptions, and other IT tools and booking HCP meetings. All our service providers are bound by contractual agreements to keep your data private and secure.

For our UK business our PrecisionBiotics online shop @ https://www.precisionbiotics.co.uk/is currently run for us by The Hut Group (THG). Whereas The Hut Group operate the online shop and is the merchant of record responsible for the sale of goods to you, we remain responsible for the processing of your personal information as a data controller. In that context, THG is merely the data processor acting in accordance with our instructions, facilitating also the services provided by other data processers, e.g., for third party payment processing. THG (as data processor) will have access to your data in order to fulfil the transaction, process your purchase, and send you the goods you have purchased and otherwise dealing with customer queries and other store related matters. They will not use your data for any other purposes. You can find their details in the Terms and Conditions on the store section on the site or learn more about them @ https://www.thg.com/privacy-policy/

For our business in Ireland @ https://www.precisionbiotics.ie for the purchase our products, you will be redirected to a third-party partner platform (Pamex). Should you choose to purchase on the Pamex platform they assume the role of Controller. You can visit Pamex site to see their privacy policy or view it @ www.pamex.ie/our-privacy-policy/ PrecisionBiotics does not provide any information to Pamex and does not receive any customer data regarding your purchases on their platform, we only receive volume sales reporting.

For subscriptions to our newsletters, we use Mailchimp, a third-party service provider, to assist us in sending emails and managing our email list. It helps us collect sign up forms, store your personal data within our Mailchimp account to allow us to create and use distribution lists, send marketing email campaigns and place online advertisements. When you subscribe to our newsletters, your personal data will be transferred to and processed by Mailchimp. Mailchimp therefore acts as a data processor on our behalf and is committed to protecting the privacy and security of your data. Mailchimp processes personal data on our behalf in accordance with their Privacy Policy and applicable data protection laws. This includes storing and transmitting data securely, as well as providing us with analytics and reporting regarding email campaigns. Please see Mailchimp privacy statement available @ https://www.intuit.com/privacy/statement/

In addition to Mailchimp, we may use other third-party services in conjunction with our email marketing activities. We ensure that any third-party services we utilize comply with data protection laws and maintain the security and confidentiality of your personal data.

We use Stripe, a third-party payment processor, to assist us in securely processing your payments when you purchase our products online. We may share your personal data with Stripe to facilitate payment processing. Stripe acts as a data processor on our behalf and is committed to protecting the privacy and security of your data. Stripe processes personal data on our behalf in accordance with their Privacy Policy and applicable data protection laws. This includes securely storing your payment information, facilitating payment transactions, and providing us with transaction details for accounting and record-keeping purposes. Please see Stripe’s privacy policy available @ https://stripe.com/en-ie/privacy

In addition to Stripe, we may use other third-party services in conjunction with our payment processing activities. We ensure that any third-party services we utilize comply with data protection laws and maintain the security and confidentiality of your personal data.

At PrecisionBiotics, we value your feedback and strive to continuously improve our services. To gather insights and opinions from our users, we use SurveyMonkey and Microsoft Forms to create and manage surveys. The data collected in surveys is used solely for the purpose of improving our services, products, and user experience. Find out more about Microsoft Forms and SurveyMonkey @ https://www.microsoft.com/en-us/microsoft-365/online-surveys-polls-quizzes https://www.surveymonkey.com

What legal basis allows us to collect user data?

We process personal data based on consent according to Art. 6(1)(a) GDPR, which you are free to give or refuse. You will see consent options when you visit our website for the first time. This means that we process your data with your authorization only.

You can change your decisions at any time. This is how you may change your authorization decisions:

· Should you wish to alter your cookie consent, you can exit the site, clean all the cookies from your internet browser, then re-enter our site, selecting the desired configuration.

· Should you wish to unsubscribe our newsletter, follow the instructions on the footer of the last email received.

· You can consult, revise, and correct the personal data that you have provided us directly through your online shop account. Alternatively, you can send an email to customerservice@precisionbiotics.com, including if you wish to close your account.

· You may also at any time raise any issue by emailing Novonesis’ Data Protection Representative at dataprotection@precisionbiotics.com or writing to us - see last section for full contact details.

If you chose to purchase from our online shop, we process data necessary for the performance of a contract (Art. 6(1)(f) GDPR), in so far as a purchase is subject to our terms and conditions and data is required to secure and legitimize the transaction.

We obtain your consent before adding you to our email list. By providing your personal data and subscribing to our emails, you acknowledge and agree to receive marketing communications from us via email.

We also process data for compliance with a legal obligation (Art. 6(1)(c) GDPR) to which we are subject to ensure business administration, record keeping and compliance.

Based on the data collected on the site with your consent, we may process anonymized data to pursue the Legitimate interest (Art. 6(1)(f) GDPR) for improvement and customization of our websites, the services offered, and the products marketed.

Consent is also the base for the realization of our surveys. You could be contacted with an invite to participate in a survey if you have consented to receiving our communications or provided that consent associated with the acquisition of a product package.

See below: Your rights as a data subject, to obtain more information regarding further rights and the Data retention periods to understand how long we keep your data for.

What are the purposes for us collecting personal data?

Our dedication is to developing precision food supplements based on advanced data science and the highest scientific standards. We proudly let the world know what we have to offer through our websites that are our main shop window to the world, and an important mechanism for our clients to interact with us. To do all this we need data therefore, all data collected is processed aiming at:

· Providing you with a pleasant, efficient, and dedicated online shopping experience

· Providing you with updates on new products and promotions, should you want to receive them

· Providing you with an easy mechanism to get in touch with us

· Efficiently fulfilling your Healthcare profession service requests and purchase orders, thereby meeting our contractual obligations with you

· Efficiently responding to business, marketing and Careline enquiries

· Providing us with business, security, and interaction records

· Allowing us to understand your preferences and experience on our site better by means of analytics

What information do we collect and why?

When interacting with any PrecisionBiotics websites, we may collect information about you in a variety of ways, depending on your use of our sites:

Personal Data

Please note you are under no obligation to provide us with personal information of any kind, as you may opt to navigate our Sites for information purposes. Should you choose to engage with us, we may collect Personally identifiable information (PII), such as:

Your name, e-mail address and other identification or personal details (contact information, marketing preferences, feedback on the use of our product when voluntarily provided by you, e.g., in connection with sign-up for our newsletter or in connection with other interactions with us, e.g., using the chat or other communication functions, entering competitions, online surveys or product related queries. This allows us to intact and provide you with information. You may at any time choose to stop these interactions (see how below: Your rights as a data subject)

Should you opt to perform a purchase directly our online shop, to undergo the transaction, we will additionally collect billing address, shipping address, phone number, purchases and purchase history, payment information, IP address and e-mail address. This enables the transaction and delivery of your purchases.

Your personal data will not be used for an automated decision-making, including profiling. Although, anonymized, it may be used for business analytics.

Financial Data

When you purchase, order, return, exchange, or request information about our services from one of our Sites, Financial information, such as data related to your payment method (e.g., valid credit card number, card brand, expiration date) is collected. We do not store the financial information that we collect. All financial information is stored by the payment processor you have selected, and you are encouraged to review their privacy policy and contact them directly in the case of having any related questions.

Derivative Data

This refers to information that our servers automatically collect when you access our Sites, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site. This allows us to have statics regarding the performance of our sites.

Use of Cookies, Log Files , Tracking and re CAPTCHA

Cookies and other technologies -Cookies are pieces of data that a website can place on your browser or device that the website can then read on future visits to facilitate the use of the website for the user. Our websites use cookies to store user information to provide users with personalized experiences and collect our users' web history. Cookies are used to keep track of your computer settings, such as which account you are logged on to, notifications, website access preferences. etc. We use cookies for Authentication, Security, Advertising, Performance, Analytics and Research. We also use social marketing and social media insights using third party cookies such as: Facebook and Google.

Using first party cookies and third-party cookies, we analyse and track users’ use of the Site, determine the popularity of certain content and better understand online activity. By accessing our sites, you consent to the collection and use of your information by these third-party providers. You are encouraged to review their privacy policy and contact them directly for responses to your questions.

We may also use third party website analytic tools such as GA4 on our website that also deploy cookies to collect certain information concerning your use of our site.

We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode this mode may set cookies on your computer.

When answering one of our surveys via SurveyMonkey and Microsoft Forms, cookies that are necessary for a survey to operate correctly and securely are collected through SurveyMonkey platform and Microsoft Forms which are both certified as a Trusted Site. As these are not under our control, we encourage you to understand these cookies at https://www.surveymonkey.com/mp/legal/survey-page-cookies/ and https://privacy.microsoft.com/en-us/privacystatement#maincookiessimilartechnologiesmodule

If you do not want any information to be collected and used by tracking technologies, you may disable this on your browser settings or install an Opt-out tool, or alternatively, you may install an install a cookie tracker tool that allows you to have more control over cookies.

You may regularly clean the cookie history for your browser is you so desire. If you do not wish to have all categories of cookies placed on your computer, you may either set your preferences accordingly through the cookie consent functionality provided on the Website or set your browsers to refuse cookies before using the Website.

To understand more about our cookies, please consult our Cookie policy.

Web beacons -We further deploy other technologies, such as web beacons for email tracking sent by the system. A Web Beacon is made up of a clear file, usually a 1×1 pixel, that can track users like a cookie and is used on web pages and emails to unobtrusively check that a user has accessed some content.

When you subscribe to our newsletters, our service provider, Mailchimp will automatically place single pixel gifs, also known as web beacons, in every email we send to you. These are tiny graphic files that contain unique identifiers that enable Mailchimp to recognize when our Contacts have opened an email or clicked certain links. These technologies record each Contact’s email address, IP address, date, and time associated with each open and click for a campaign. Mailchimp uses this data to create reports for us about how an email campaign has performed and what actions Contacts took.

Social plugins - Social plug-ins are small pieces of software which create a link between your visit to our websites and the social media platform of a Third-Party Provider. When you visit our site, initially no personal data will be passed on to the providers of these plug-ins. Only when you press one of the plug-ins, personal data will be transferred. Through the integration of a plug-in, the plug-in provider receives the information that you have accessed a specific page of our online offer. Furthermore, the following data are transmitted (IP address, date and time of the request, time zone difference to the Greenwich Meantime, content of the request (concrete page), access status / http status code, amount of data transferred, request source website, browser, Operating system and interface, language, and version of the browser software). We use social plug-ins of the following Third-Party Providers: Facebook; LinkedIn; Pinterest; YouTube; Instagram

Log files –as any other websites, we gather information and store it in log flies which allows us to log user activity, which may be required for security, statistical and possibly legal purposes. Information collected in logfiles includes IP (internet protocol), browser type, internet service provider, operation system, geographic location, entering exit pages, files viewed and activity (including consent and closing account). We use this information to manage our website, analyse trends, understand the efficiency of the site by understanding our visitors’ use of it, and gather demographic statistics of our visitors, this all enables us to provide continuous improvement to our users.

CAPTCHA-Some of our sites use the Google's CAPTCHA system as a security tool to protect our site and our users from abusive bots and spam.

What are Cookies, Log Files, Tracking and CAPTCHA for?

These technologies enable us to:

· Retain your shopping history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in.

· Retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive.

· Keep a record of the articles on our website that you have clicked on and use that information to target advertising on this website to you that is relevant to your interests, which we have identified based on articles you have read.

· Some of our sites use the Google's CAPTCHA system as a security tool to protect our site and our users from abusive bots and spam. CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". This is active when you click on the box verifying that you are not a robot, and then clicked on the images that the reCAPTCHA directed you to choose. In using this service, the Google Privacy policy applies. < link: https://policies.google.com/privacy?hl=en-GB >

Information collected via our surveys

We perform surveys to help us improve the quality of the products we offer.

Should you consent to participating in one of our surveys the data collected will solely be used for the purpose of the study which will be described at the start of the survey.

The survey will collect your email, and details regarding your experience with our products, but depending on the nature of the survey the information maybe anonymised or, in the case you acquired one of our product packages, used to track and evaluate your personal experience with the use of the product.

Survey data will be stored on the survey platform, who’s servers are located in the UK, during the execution of the survey and deleted at the latest 12 months after the end of the survey. The associated anonymised reports will be downloaded from the platform and kept securely in our files for historical analysis.

Only a restricted group qualified Novonesis personnel will have access to the data provided in the personalised surveys.

Our survey data will not be shared with any entity outside the Novonesis Group and will always be treated with confidentiality.

What information we receive about you from other entities?

Through your interaction on our websites, we may also receive information about you from other entities.

Social Media

You may decide to share information with us through your social media account, as you do when you opt to sign into our online shop using your Facebook or Google account. We only receive access to minimal information to ensure the feasibility of actions associated to having an account on our online shop.

Information provided to us from our sub processors

From the sub processor that operates our online shop we will receive information relating to your purchases of our products and feedback. This may include your name, address and email address and other information such as the category of item purchased or event to which it relates. This information will be by used by us to indicate your likely interests so we can provide a more relevant service to you.

From the Survey Monkey Platform that is used to perform our surveys, we receive the complied information in the form of the survey report.

How do we use your information?

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Pending your use of our sites and options, we may use information collected about you via the Site in various ways:

· Create and manage your account.

· Fulfil and manage purchases, orders, payments, and other transactions related to the Sites

· Email you regarding your account or order, delivery or in response to a query.

· Organize and ensure the delivery of your purchased products.

· Perform transactional associated business activities as needed.

· Process payments and refunds.

· Respond to product and customer service requests.

· Send you a newsletter.

· Provide support for the Site.

· Generate a personal profile about you to make future visits to the Site more personalized.

· Send you a satisfaction questionnaire regarding our service and products delivered.

· Offer new products, services, and/or recommendations to you.

· Notify you of updates to the Sites, Policies, Terms, and conditions.

· Deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Site to you.

· Increase the efficiency and operation of the Sites.

· Monitor and analyse usage and trends to improve your experience with the Sites.

· Compile anonymous statistical data and analysis for use internally or with third parties.

· Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.

· Request feedback and contact you about your use of the Site.

· Resolve disputes and troubleshoot problems.

· Inform you regarding promotions, and contests.

· Assist law enforcement if required or provide evidence of conformance if required

Disclosure and transfers of data

Our processing facilities and those of our partners are situated within the European region. In some cases, we will be transferring personal data to countries outside the EU/EEA, in connection with our business. Such transfers will only take place under the governance of a lawful international data transfer agreement, that protects your rights and ensures the security of your data.

Should you use social media log-in features, or social-media plugins, the social media platforms may store your data in non-EU countries.

We may on occasions pass your Personal Information to third parties exclusively to process work on our behalf or to other affiliates in the Novonesis group to perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes. We require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and relevant data protection laws.

We may disclose your Personal Information to meet legal obligations, regulations, or valid governmental requests. If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

Should we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur, and that the transferee may decline honour commitments we made in this Privacy Policy.

How is your information secured?

We implement appropriate technical, organizational and physical measures to safeguard the personal data we collect. This includes encryption, secure storage, access controls, and regular monitoring to prevent unauthorized access, disclosure, or alteration of your data.

We have chosen sub processors that ensure security by design and information security practices. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties.

As an online User, the security of your data also depends on the security features of your device, and your practices. We recommend following good online security practices. Learn more @ https://www.gov.ie/en/campaigns/be-safe-online/

We rely on you to help us and help others. If you suspect a personal data breach or notice something irregular with our site or our brands, please contact our Data Protection Representative atdataprotection@precisionbiotics.com immediately.

How long do we keep your personal information?

We will only retain your personal data for as long as is necessary for the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax and accounting or reporting requirements. We may retain your personal data, or records of transactions and consent for a longer period in the event of a complaint or to protect our organization in case of litigation.

In considering how long we keep your personal data, we will consider its relevance to our business and to legal and regulatory obligations, which apply to us. We have implemented technical and organizational measures to keep it safe.

Your rights as a data subject

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. If we are processing your information for criminal law enforcement purposes your rights may be conditioned.

We have implemented the necessary technical features and operational procedures to support the exercising of your rights.

You are not required to pay any charge for exercising your rights.

We have one month to respond to you.

If we process your personal data, then you have the following rights:

· Right of access – you have the right to request a copy of the information that we hold about you.

· Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

· Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.

· Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.

· Right of portability – you have the right to have the data we hold about you transferred to another organisation.

· Right to object – you have the right to object to certain types of processing such as direct marketing.

· Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.

At your request, we can confirm what information we hold about you and how it is processed.

You can request the following information:

· Identity and the contact details of the person or organisation (Novonesis) that has determined how and why to process your data.

· Contact details of the data protection representative, where applicable.

· The purpose of the processing as well as the legal basis for processing.

· If the processing is based on our legitimate interests o, information about those interests.

· The categories of personal data collected, stored, and processed.

· Recipient(s) or categories of recipients that the data is/will be disclosed to.

· How long the data will be stored.

· Details of your rights to correct, erase, restrict or object to such processing.

· Information about your right to withdraw consent at any time.

· How to lodge a complaint with the supervisory authority (Data Protection Regulator).

· Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.

· The source of personal data if it wasn’t collected directly from you.

· Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

To access what personal data is held, identification will be required. This is to protect you against the risk that your personal information is shared with anyone else than you.

All requests should be made to Novonesis’ designated data protection representative. Please see contact details below.

Data Protection Queries, Requests and Complaints

Data Protection Queries,Requests and Complaints

Queries and requests

If you have questions, comments or wish to enforce your data protection rights, you may contact Novonesis’ designated Data Protection Representative at dataprotection@precisionbiotics.com or by phoning +353-21-2066012 or 0330-0578598 or writing to us at the address further below.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Novonesis or Novonesis’ business partners, you have the right to complain to Novonesis’ designated Data Protection Representative.

Novonesis

Novonesis A/S (PrecisionBiotics is part of Novonesis OneHealth)

Krogshoejvej 36

DK-2880 Bagsvaerd

Denmark

Att.: Legal

Email:dataprotection@precisionbiotics.com

Telephone: +353-21-2066012 or 0330-0578598

Website:

www.Novonesis.com/en

If you do not get a response within 30 days, you can complain to the Data Protection Regulator.

The details for each of these contacts are:

Information Commissioners Office:

Wycliffe House,

Water Ln,

Wilmslow, UK.

SK9 5AF

Telephone: LoCall 0303 123 1113

Email: icocasework@ico.org.uk

Office of Data Protection Commission:

21 Fitzwilliam Square South

Dublin 3

D02 RD28

Telephone: LoCall 1800 437 737