Privacy Policy
Privacy Policy
Last updated: September 22, 2022
This Privacy Policy describes how Ani Biome collects, processes, stores, and uses your personal data, including any data you may provide through our website or mobile application and any data collected automatically when using our website or mobile application.
It is important that you read this Privacy Policy so that you are fully aware of how, when, and why we are using your personal data. Other privacy policies may be provided to you on occasions when you are using specific products or services.
Controller
Ani Biome is a brand owned by Cidrani d. o. o., who this Privacy Policy is issued on behalf of. When we mention “Cidrani”, “Cidrani Biome”, “Ani Biome”, “us”, “we”, or “our'' in this Privacy Policy, we are referring to the relevant department of Cidrani d. o. o. responsible for processing your data.
If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us at the following addresses:
E-mail: dora@anibiome.ai
Mail: Cidrani d.o.o., Ulica Koste Vojnovića 33, 10000 Zagreb, Croatia
You have the right to make a complaint at any time to the relevant data protection supervisory authority as listed below depending on your location. However, we would appreciate a chance to deal with your concerns before you approach the relevant authority.
|
Country / Region |
Website |
|
European Economic Area |
https://edpb.europa.eu/about-edpb/about-edpb/members_en |
|
U. K. |
www.ico.org.uk. |
Changes to the Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material changes to this Privacy Policy if and where this is required by applicable data protection laws. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Policy.
Third-party Links
Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.
Collection and Usage of Your Personal Data
Types of Data Collected
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, analyze, process, and transfer different kinds of data about you via different services of ours, depending on which services you request. We have grouped the data together as follows:
- Identity Data
- Includes first name, last name, username, or similar identifier.
- Contact Data
- Includes billing and delivery address, email address and telephone number.
- Financial Data
- Includes bank account, credit card information and information about payments to or from you and the details of your transactions when purchasing goods and services from us.
- Technical Data
- Includes the internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-ins and versions, computer operating system and platform, and other information about the technology of the devices you use to access our websites.
- Account Data
- Includes your username and password.
- Usage Data
- Includes information about how you use our websites, products, and services.
- Marketing and Communications Data
- Includes your preferences in receiving marketing from us and our partners and your communication preferences.
- Questionnaire Data
- Includes the entire history of your replies to the Ani Biome Questionnaire.
- Stool Metagenomics Data
- Data from metagenomic analysis of your stool samples as provided by our third-party metagenomic profiling partners. This includes the DNA sequences of the V3-V4 variable region of the bacterial 16S small subunit rRNA genes, and the taxonomic profile (types and quantities of bacteria present in your sample) of your stool metagenome resulting from bioinformatics analysis of the DNA sequences.
- Plasma Glycan Data
- Includes the data from the analysis of protein glycation (the types and quantities of sugar molecules attached to plasma proteins) in your capillary blood samples as provided by our third-party plasma glycan profiling partners.
How the Data is Collected
We collect the mentioned types of data by using different methods which we have grouped together as follows:
- Automated Technologies
- As you interact with our website and online store, we automatically collect your Technical Data and Usage Data. We collect this data by using cookies, server logs and similar technologies.
- Direct Interactions
- Your Identity, Contact, Financial, Account, Marketing and Communications, and Questionnaire Data may be directly given by you by filling in forms, via email or telephone correspondence or otherwise.
- Third Party Services
- Your Stool Metagenomics or Plasma Glycan Data will be given by our partners who will provide these services for you if you request our Belly or Age services, respectively.
How We Use Your Data
Your Identity, Contact, Financial, Technical, Account, Usage, and Marketing and Communications Data will be used with the following purposes:
|
Purpose |
Legal basis for processing |
|
To manage your account Registering you as a new customer, opening or closing your account, troubleshooting problems with your account. |
Performance of a contract with you |
|
To process and deliver your product or service orders Managing your charges and payments, performance of any contract arranged with you. |
Performance of a contract with you |
|
To notify you of changes in this Privacy Policy |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation |
|
To provide you with updates about your orders or account |
Performance of a contract with you |
|
To contact you with newsletters and other website content You can always opt out of receiving this content. |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
|
To use data analytics to improve our websites, products and services, marketing and customer experience |
Necessary for our legitimate interests (to develop and improve our website, products and services) |
|
To contact you with promotional offers from us You can always opt out of receiving this content. |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
Your Questionnaire, Stool Metagenomics, and Plasma Glycan Data will be used in the following manners:
|
Purpose |
Type of Data |
Legal basis for processing |
|
To provide you with our Microdrink Subscription services Calculating the contents of your monthly microdrink box according to our personalization algorithm |
Questionnaire Data |
Performance of a contract with you |
|
To provide you with the Ani Biome Belly service Calculating various indexes based on your stool samples’ taxonomic abundance profiles (types and quantities of bacteria in your stool sample) and creation of a graphical report to be delivered to you |
Stool Metagenomics Data |
Performance of a contract with you |
|
To provide you with the Ani Biome Age service Calculating various indexes based on the types and quantities of glycans (sugars) attached to the proteins in your capillary blood samples, including calculating your biological age; creation of a graphical report to be delivered to you |
Plasma Glycan Data |
Performance of a contract with you |
|
To develop and improve a machine learning model Building and improving a machine learning model with the purpose of personalizing product recommendations and lifestyle advice and optimizing metabolic health for you and our other clients and customers |
(a) Questionnaire Data (b) Stool Metagenomics Data (c) Plasma Glycan Data |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to develop our machine learning model to improve our recommendation algorithms) |
We never share any data connected to your identifiable information with any party not included in our service provider partners without your direct consent unless we need to comply with a legal obligation.
We guarantee that all of our service provider partners only collect, process and store your data as described in this document. You have the right to request deletion, retrieval or correction of your data at any time; we will always extend your requests to any third party service provider with whom your data was shared with for the purposes outlined above.
We may process your personal data based on more than one lawful ground depending on the specific purpose for which we are using your data. You can always contact us if you need details about the specific legal ground we are relying on to process your data.
How Long We Store Your Data
One of our main services is based on building a machine learning model using the collected data of our customers. We also provide a data overview and history of the various health-related metrics we calculate from the data in order for you to be able to track the changes in the metrics over time.
Because of these reasons, we may store your data indefinitely, or until the services based on the machine learning model are discontinued. You have the right to and can at any time request deletion of most of your personal data. We are required to comply with these requests and remove your personal data from our databases, with the exception of data we are legally required to hold on to for accounting, audit and compliance purposes. See details of your rights in the Privacy Rights for Clients in the European Economic Area section.
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
|
Name |
Function |
Duration |
|
_ab |
Used in connection with access to admin. |
2y |
|
_secure_session_id |
Used in connection with navigation through a storefront. |
24h |
|
_shopify_country |
Used in connection with checkout. |
session |
|
_shopify_m |
Used for managing customer privacy settings. |
1y |
|
_shopify_tm |
Used for managing customer privacy settings. |
30min |
|
_shopify_tw |
Used for managing customer privacy settings. |
2w |
|
_storefront_u |
Used to facilitate updating customer account information. |
1min |
|
_tracking_consent |
Tracking preferences. |
1y |
|
c |
Used in connection with checkout. |
1y |
|
cart |
Used in connection with shopping cart. |
2w |
|
cart_currency |
Used in connection with shopping cart. |
2w |
|
cart_sig |
Used in connection with checkout. |
2w |
|
cart_ts |
Used in connection with checkout. |
2w |
|
cart_ver |
Used in connection with shopping cart. |
2w |
|
checkout |
Used in connection with checkout. |
4w |
|
checkout_token |
Used in connection with checkout. |
1y |
|
dynamic_checkout_shown_on_cart |
Used in connection with checkout. |
30min |
|
hide_shopify_pay_for_checkout |
Used in connection with checkout. |
session |
|
keep_alive |
Used in connection with buyer localization. |
2w |
|
master_device_id |
Used in connection with merchant login. |
2y |
|
previous_step |
Used in connection with checkout. |
1y |
|
remember_me |
Used in connection with checkout. |
1y |
|
secure_customer_sig |
Used in connection with customer login. |
20y |
|
shopify_pay |
Used in connection with checkout. |
1y |
|
shopify_pay_redirect |
Used in connection with checkout. |
30 minutes, 3w or 1y depending on value |
|
storefront_digest |
Used in connection with customer login. |
2y |
|
tracked_start_checkout |
Used in connection with checkout. |
1y |
|
checkout_one_experiment |
Used in connection with checkout. |
session |
Reporting and Analytics
|
Name |
Function |
Duration |
|
_landing_page |
Track landing pages. |
2w |
|
_orig_referrer |
Track landing pages. |
2w |
|
_s |
Shopify analytics. |
30min |
|
_shopify_d |
Shopify analytics. |
session |
|
_shopify_s |
Shopify analytics. |
30min |
|
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
30min |
|
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
30min |
|
_shopify_y |
Shopify analytics. |
1y |
|
_y |
Shopify analytics. |
1y |
|
_shopify_evids |
Shopify analytics. |
session |
|
_shopify_ga |
Shopify and Google Analytics. |
session |
Opting out
We may use your Identity, Contact, Technical, Usage and Profile Data to conclude what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
You can exercise your right to prevent such contact and opt out of receiving these communications by clicking on a ‘unsubscribe’ link at the bottom of every such email.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Failure to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at that time.
Disclosure of your Personal Data
We may share your personal data with the parties set out below for the purposes set out in the table above.
- Internal Third Parties
- Daughter company Cidrani d. o. o. Slovenia
- External Third Parties
- Professional advisors acting as processors including lawyers, bankers, auditors, accountants and insurers who provide consultancy, banking, legal, insurance and accounting services.
- Service providers acting as processors who provide IT and system administration services
- Third-party partner companies providing our Age and Belly services (providing your Stool Metagenomics Data and Plasma Glycan Data)
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Your requests for data disclosure, deletion or correction will always be relayed by us to all relevant third parties. We ensure that all third parties we partner with are GDPR compliant.
Privacy Rights for Clients in the European Economic Area
If you are located in the European Economic Area, you have additional rights as described below.
Your right to be informed
This Privacy Policy, together with our Cookie Policy, tells you about the ways in which we use your personal information (which is referred to as “Personal Data” in the GDPR).
Your right of access
You have the right to ask us for a copy of your personal information, which we are required to provide in an easily readable format. There are some exemptions and limitations in what we can provide in response to such requests, which means you may not always receive all the personal information we process. We will inform you if any exemption or limitation applies and what its impact is.
Your right to correction
You have the right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete your personal information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. Where it is appropriate that we comply, your request will be fully actioned within 30 days. Please note that we may not always be able to remove your personal information from ongoing or completed research studies. We may also retain some account information related to purchase and service history. This enables us to provide ongoing support regarding prior purchases and services, and is also necessary for accounting, audit and compliance purposes.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances. For example, you can request that we limit the way in which we use your “Personal Data” (as defined by the GDPR) if you are concerned about the accuracy of the data or how it is being used.
Your right to object to processing
You have the right to object to processing of your personal information in certain circumstances. Where it is appropriate that we comply with your request, we will stop processing your information for the use you have objected to.
Your right to data portability
You have the right to receive your personal information which you have provided to us. You also have the right to have us send your personal information to another organization where our lawful basis for the processing is your consent, or where the processing is necessary for the performance of an agreement and the processing is carried out by automated means.
- You may request access to the information we maintain about you, update and correct inaccuracies in your information, restrict or object to the processing of your information, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your information to another company. In addition, you also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- You may withdraw any consent you previously provided to us regarding the processing of your information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
- You may exercise these rights by contacting us using the contact details at the beginning of this Privacy Policy. Before meeting your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.