1. HOW WE USE YOUR PERSONAL DATA?
1.1. This Section provides the following information:
- 1.2.
We process your account data (“account data”). The account data may include your name and email address, phone number and other data that you provide while registering as well as your purchase history. We obtain such data directly from you. We process account data for the purposes of operating our website, providing our services, ensuring the security of our website and services and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract as well as our legitimate interest, namely monitoring and improving our website and services.
- 1.3.
We process information relating to provision of services by us to you (“service data”). The service data may include your contact details (such as your email address), bank account and transaction details as well as other information that you provide to us while filling up the relevant questionnaires (such may include sensitive personal data, related to your health, in case such data is necessary to provide the relevant service). The service data is processed to provide services as well as keep proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business. In case of sensitive personal data, related to your health the legal basis for processing is your explicit consent.
- 1.4.
We may process information that you provide to us for the purpose of subscribing to our email messages and newsletters (“messaging data”). The messaging data is processed to send you the relevant messages and newsletters. The legal basis for this processing is your consent. Also, if we have already sold goods or provided services for you via our website and/or apps, and you do not object, we may also process messaging data on the basis of our legitimate interest, namely seeking maintain and improve customer relations.
- 1.5.
We may process information relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. The correspondence data is processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business, ensuring uniform and high quality consultation practice and for investigating disputes between you and our employees.
- 1.6.
We may process information on your use of our website and/or apps as well as on your device (“device data”) when you are browsing our website or use our apps. Device data may include IP address, geographical location, browser type and version, operating system, device type, screen resolution and (in case you agree to share such) your location data as well as information on the motion activity, use of our website and apps (i.e. referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use). We obtain such data through the use of cookies and similar technologies. Device data is processed to enhance the apps and the website as well as to set default options. We also use such data to have a better understanding of how you use our website and services as well as for securing both the website and the apps. The legal basis for this processing is our legitimate interest, namely the proper management of our website, apps and business.
- 1.7.
We may process any of your personal data identified in this notice where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
- 1.8.
We may process any of your personal data identified in this notice where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
- 1.9.
In addition to the specific purposes for which we may process your personal data set out in this Section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- 1.10.
Should the purpose or legal basis of data processing activities indicated in this paragraph change, we will inform you and, if the consent was the legal basis for data processing, will re-obtain your consent.
- 1.11.
Sometimes we may aggregate, anonymize or de-identify your personal data in such a way so that it cannot reasonably be used to identify you. Such data is no longer personal. We may use such data without restriction in any way allowed by law, including, but not limited to share such data with our partners or research institutions, share in articles, blog posts and scientific publications, aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users and evaluate or modify our services.
- 1.12.
We are following the principle of data minimisation: personal data processed is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- 1.13.
Personal data is stored either on the servers of the Company or of our contractors, who are bound by specific contractual clauses regarding the processing of personal data as well as by the confidentiality obligations.
- 1.14.
We are using a number of technical and organisational means to protect your personal data. Organisational security measures include restricting access solely to authorised persons with a legitimate need to access personal data, singing confidentiality agreements, arranging trainings, creating and implementing relevant policies and procedures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, implementing access control and authentication tools, ensuring physical security etc.
2. WHEN WE PROVIDE YOUR DATA TO OTHERS?
- 2.1.
Depending on the payment method chosen by you, your personal data may be disclosed to and processed by our group company KARMA PROCESSING INCORPORATED, company code 7138602, registered address 16192 Coastal Highway, Lewes, Delaware 19958, County of Sussex, office address 1000 West Street, Suite 1200, Wilmington, Delaware, 1980, email:
[email protected], or KILO GRUPĖ, UAB, company code 303157579, registered address Antakalnio g. 17, Vilnius, Lithuania, office address 1000 West Street, Suite 1200, Wilmington, Delaware, 1980, email:
[email protected], insofar as reasonably necessary for the purposes of collecting, processing, and administrating payments for the services.
- 2.2.
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- 2.3.
We may disclose your personal data to our anti-fraud, risks and compliance providers insofar as reasonably necessary for the purposes of protecting your personal data and fulfilling our legal obligations.
- 2.4.
We may disclose your personal data to our payment service providers. We will share service data with our payment services providers only to the extent necessary for the purposes of processing your payments, transferring funds and dealing with complaints and queries relating to such payments and transfers.
- 2.5.
We may disclose your personal data to other service providers insofar as it is reasonably necessary to provide specific services (including, providers of servers and maintenance thereof, email service providers, service providers used for data analysis or marketing, call centres, customer satisfaction surveys or market research). We take all the necessary measures to ensure that such subcontractors would implement proper organisational and technical measures to ensure security and privacy of your personal data.
- 2.6.
In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- 2.7.
Persons, indicated in this Section may be established outside the Republic of Lithuania, European Union and European Economic Area. In case we will transfer your personal data to such persons, we will take all the necessary and in the legal acts indicated measures to ensure that your privacy will remain properly secured, including where appropriate, signing standard contractual clauses for transfer of data. To find out more information regarding appropriate safeguards you may contact us via email:
[email protected].
3. HOW LONG WE STORE YOUR DATA?
3.1. Your personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. In any case it shall be kept for no longer than:
4. MARKETING COMMUNICATION
5. YOUR RIGHTS
5.2. Your principal rights under data protection law are the following:
5.10. The right to data portability. To the extent that the legal basis for our processing of your personal data is:
6. ABOUT COOKIES
7. COOKIES THAT WE USE
7.1. In the website we use cookies of three main types, for the following purposes:
8. COOKIES THAT WE USE
8.2. We may use:
9. HOW CAN YOU MANAGE COOKIES?
10. THIRD PARTY WEBSITES
11. CHILDREN PERSONAL DATA
12. CALIFORNIA PRIVACY ADDENDUM
12.1. If you are a California consumer or resident, in addition to the information provided in this privacy policy, you may have the additional rights and information provided to you under the California Consumer Privacy Act:
13. UPDATING YOUR DATA
14. CHANGES TO THE NOTICE