Privacy Policy (EU)
I. Privacy Policy for the use of our Website
We take the protection of your personal data very seriously. With this Privacy Policy, we would like to inform you about that personal data that we collect and how and for what purposes it is processed.
This Privacy Policy applies to visits to our website and to other data processing activities, such as visits of our social media pages and when you contact us.
We always treat your personal data in accordance with the statutory data protection regulations and this Privacy Policy.
- Data Controller and Data Protection Officer
Controller of the data processing is as follows:
Global Organics Merchants, LLC dba LoveBiome
5252 North Edgewood Dr
Suite 150
Provo, UT 84604
USAEstablishment in the EU is as follows:
LoveBiome Europe B.V.
Stravinkskylaan 411
WTC, Tower A, 4th Floor)
1077 XX Amsterdam
The NetherlandsIf you have any questions about this policy or our practices, please contact us at: Privacy@LoveBiome.com
- Logfiles
Ensuring the confidentiality and integrity of the personal data processed with our IT systems is of great importance to us. The data is also used to correct errors on the websites.
For these purposes, the following data is logged:
- IP address of the calling computer;
- operating system of the calling computer;
- browser version of the calling computer;
- name of the retrieved file;
- date and time of the retrieval;
- amount of data transferred; and the
- referring URL.
This data is regularly deleted automatically after a few days.
Our website is hosted by a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.
- Contacting us
If you contact us to request information or documents, the information you provide will be stored for the purpose of processing the request.
We need the information requested in a contact form on the website to process your enquiry, to address you correctly and to send you a reply.
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. Our legitimate interest is to communicate with interested parties, visitors and customers.
If the contact or communication is aimed at the conclusion of a contract or takes place within the context of an existing contractual relationship, the legal basis for the processing is Art. 6 (1)(b) GDPR.
Enquiries and orders are stored in our CRM system. The CRM system is regularly checked to see whether data can be deleted. If data is no longer required in the context of a customer or interested party relationship or if a conflicting interest of the customer outweighs this, we will delete the data in question, provided that there are no statutory retention obligations to the contrary.
The legal basis for this storage and processing is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. Our legitimate interest is the marketing of our services.
- Customer/Member portal
When you register to use our customer/member portal, we process the personal data required to set up and manage your account.
The legal basis for the processing of your personal data is Art. 6 (1)(b) GDPR if the data processing is necessary for the performance of a contract.
Your personal data will be stored for the duration of the use of the customer portal. It will be deleted as soon as it is no longer required to achieve the purpose for which they were collected, unless we are obliged to continue storing them due to statutory requirements or the storage of the data is necessary within the statutory period of limitations for the assertion, exercise or defense of legal claims.
- Comments in our Blog
We offer the opportunity to post comments on our blog. If you make use of this opportunity, we may process and publish your post with the date and time you submitted it.
To this end, the following data is collected:
Your comment to a post will be posted with your name (unless we otherwise permit you to use a pseudonym instead of your real name).
The legal basis for the processing of your personal data is Art. 6 (1)(f) GDPR as we have an interest in engaging with customers and members in our blog.
You can request your blog comment to be deleted by emailing us at Privacy@LoveBiome.com.
Note that we reserve the right to delete comments, e.g., in cases where they infringe the rights of third parties and/or are otherwise unlawful.
- Newsletter
You can register to receive by email newsletters or communications we may publish. During registration, the data from the input mask, the IP address and the date and time of registration are transmitted to us. For the processing of the data, your consent is obtained during registration and reference is made to this Privacy Policy.
In order to verify that a registration for the sending of a newsletter or communication is made by the actual owner of an e-mail address, we use the so-called "double opt-in" procedure. In this process, after registration of an e-mail address, a confirmation e-mail is sent to the registered e-mail address. Registration for the newsletter or communications is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address and the date and time of activation of the confirmation link are also transmitted to us.
The registration for newsletters and communications can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us at Privacy@LoveBiome.com.
The legal basis for the processing of data after registration for newsletters and communications is your consent pursuant to Art. 6 (1)(a) GDPR.
We use an external service provider as a data processor for sending and analyzing our newsletter on the basis of a data processing agreement pursuant to Art. 28 GDPR.
- Use of YouTube videos
We have incorporated YouTube videos into our website which are stored on www.YouTube.com.
These are all integrated in the "Privacy Enhanced Mode" which means that no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the above data be transmitted. We have no influence on this data transmission.
When playing the video, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, further data is transmitted. If you are logged into Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
For more information on the purpose and scope of data collection and processing by YouTube, please refer to the YouTube privacy policy. There you will also find further information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.
The legal basis for the provision and use of YouTube videos is Art. 6(1)(f) GDPR.
- Cookies and third-party Tools/Functions.
Our website uses cookies and implements third-party tools and functions.
Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies may be small files or other types of information storage. Information is stored in cookies that are related to the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we gain immediate knowledge of your identity.
We also use third-party tools and functions, for example, to expand the functional scope of the website, to analyze the use of the website, and to optimize the content accordingly.
When integrating tools and functions from third-party providers, personal data may be transmitted to the providers of the integrated tools and functions in order to be able to provide the tools and functions.
Cookies and third-party tools and functions are referred to uniformly below as "cookies" for the sake of simplicity.
- Essential and Non-Essential Cookies
When visiting our website, cookies are set that are absolutely necessary for the operation of the website. These essential cookies may be, for example, cookies that are required for the display of the website with a content management system, which are used to recognize language settings, or which are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them.
The technically necessary cookies, including their purpose and storage period or deletion period, are explained to you in our cookie banner, which is displayed when you access the website.
The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. Our overriding legitimate interest are the operation and provision of our website.
We also use non-essential cookies, for example, to collect additional information about the interests of visitors to our websites or about their usage behavior, in order to analyze and optimize our website and generally our customer interactions on this basis.
Non-essential cookies, including their purpose and storage period or deletion period, are also explained to you in our cookie banner, which is displayed when you access the website.
Non-essential cookies are only set if you have expressly consented to the setting of non-essential cookies. You can also select different categories of non-essential cookies that you wish to allow in the cookie banner.
When using non-essential cookies, the legal basis for the storage and reading of information is § 25 (1) TTDSG (in Germany or in Austria § 96 (3) TKG) and, with regard to the processing of personal data, Art. 6 (1)(a) GDPR.
- Description of the Cookies
- Consent Management
On our website we use the service CookieYes. We use CookieYes to inform you about the cookies used on our website and to obtain your consent to use non-essential cookies. To store the consent, a permanent cookie is stored in your browser.
In this process, the following data is automatically logged: IP address in anonymized form (the last three digits are set to „0“), date and time of consent, user agent (information about the terminal device), URL on which the consent was collected, status of consent (which cookies were consented to).
The data collected and processed in the context of the use of CookieYes is processed by Webtoffee as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR in the European Union.
The legal basis for this data processing is initially Art. 6 (1)(f) GDPR, the provision of our website and ensuring the possibility to obtain consent for non-essential cookies. If you give consent, the legal basis for the processing of the data relating to your consent is Art. 7 (1) and Art. 6 (1)(c) GDPR. You can at any time change or withdraw your consent via the Cookie Consent Manager on our website.
Edit your cookie settings under the following link: Cookie Settings
- Google Analytics
We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited ("Google").
JavaScript tags allow us to collect information about your use of the website and the Platform. Google Analytics also regularly uses cookies to collect information about a user's interactions with the website or Platform.
Within the scope of the use of Google Analytics, your IP address and information about the use of the website or Platform, browser type and version, operating system used, the previously visited page and the time of the server request are transferred to Google servers and processed there.
Within the scope of IP anonymization, the collected IP addresses of users within the European Economic Area are shortened before being transmitted to the USA. Only in exceptional cases, in the event of technical malfunctions in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses are not merged with other data from Google.
Google will act for us as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
As explained, this may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1)(a) GDPR.
- Fonts (Google Fonts)
In order to display the content of our website correctly and graphically appealing across browsers, we use the font library Web Fonts of Google Ireland Ltd. in Ireland (hereinafter “Google”). When you call up a website on which a font library is integrated, the required font is loaded into the browser cache in order to display texts and fonts correctly. In doing so, the operator receives the information that the font required for our website or platform was called up from your IP address.
You can prevent the use of such libraries and the associated data transmission by installing a JavaScript blocker (e.g., www.noscript.net). If the use of Web Fonts is not supported or prevented, a default font will be used by your computer.
Google acts for us as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1)(a) GDPR.
- Consent Management
- Essential and Non-Essential Cookies
- Social Media
- Social Media Buttons
Social media buttons of various social media networks (e.g., LinkedIn, Instagram, Twitter and Facebook) are integrated on our website.
If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged into the respective social media network or then log into the page of the respective social media network, the transmitted information can be assigned to your account with the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective privacy policy of the providers of the social media networks. The legal basis for the integration and use of social media buttons is Art. 6 (1)(f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.
- Social Media Pages
We maintain a publicly accessible profile on various social media networks (e.g., LinkedIn, Instagram, Twitter and Facebook).
If you visit our social media pages and are logged into the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.
If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information on the collection and processing of your personal data that takes place there, we refer you to the privacy policy of the respective social media network.
You can assert your data subject rights in accordance with Chapter III. of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is Art. 6 (1)(f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.
- Social Media Buttons
- Video Conferences and Webinars
If you participate in a video conference, webinar or online meeting etc. organized by us. (hereinafter "video conferences") organized by us, we process your personal data in the course of your participation.
When you participate in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference.
If you participate in a video conference organized by us, you usually have to provide at least a name when registering. However, you can also use a pseudonym. Your IP address will also be processed to enable your participation and login information and device/hardware information will be stored. Your email address and profile picture will also be processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed.
To enable participation in the video conference, data from your terminal's microphone and any terminal video camera and, if you share your screen, information from this "screenshare" is processed. You can switch off or mute the camera or microphone yourself at any time. You always decide yourself whether and which parts of your screen are shared.
Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio and presentation recordings are processed. There will always be an indication of the recording if one is made and, if necessary, the explicit consent of the participants to the recording will always be obtained.
You may have the opportunity to use the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to record them.
The legal basis for data processing when conducting video conferences is Art. 6 (1)(b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our members).
Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. Our legitimate interest in these cases is the effective implementation of video conferences.
We use one or more service providers as data processors for the implementation of video conferences on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
- Transfer of Data outside the EEA
For the purposes described in this Privacy Policy we may transfer personal data to a third country that may not provide the same level of data protection as the country in which your personal data was originally collected. This may include the US where our corporate office is located.
Third countries are countries in which the GDPR is not directly applicable, i.e. countries outside the EU or the European Economic Area (EEA). Data will only be transferred to third countries if there is either an adequate level of data protection, consent or another legal basis, in particular an appropriate safeguard pursuant to Art. 46 GDPR.
When we transfer your personal data to other countries or jurisdictions, we will protect that data as described in this Privacy Policy and in accordance with applicable law.
- Age Restriction
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.
- Your Rights
You have the rights explained below with regard to the personal data processed by us concerning you:
- Right of Access
You can request information in accordance with Art. 15 GDPR about your personal data that we process.
- Right to Rectification
If the information concerning you is not (or no longer) accurate, you may request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you may request that it be completed.
- Right to Erasure
You may request the erasure of your personal data in accordance with Art. 17 GDPR.
- Right to Restriction of Processing
In accordance with Art. 18 GDPR you have the right to request restriction of processing of your personal data.
- Right to Object to Processing.
You have the right to object at any time on grounds relating to your particular situation to the processing of your personal data which is carried out on the basis of Art. 6 (1)(e) or (f) GDPR in accordance with Art. 21 (1) GDPR. In this case, we will not further process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert and exercise or defend against legal claims (Art. 21 (1) GDPR).
In addition, according to Art. 21 (2) GDPR, you have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing; this also applies to any profiling, insofar as it is related to such direct marketing.
- Right to Withdraw Consent
Insofar as you have given your consent for processing, you have a right to withdraw your consent pursuant to Art. 7 (3) GDPR.
- Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format ("data portability") as well as the right to have this data transferred to another controller if the conditions of Art. 20 (1)(a) and (b) GDPR are met.
- Exercise of Rights
You can exercise your rights by notifying the above contact details for the data controller or the data protection officer.
- Right to Complain to the Data Protection Authorities
If you believe that our processing of your personal data violates data protection law, you also have the right to complain to a data protection supervisory authority of your choice pursuant to Article 77 of the GDPR.
- Right of Access
- Retention and Deletion
We adhere to the principles of data avoidance and data economy and only store your personal data for as long as is necessary to achieve the respective purpose of the data processing purposes or as stipulated by the storage periods provided by law.
If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be routinely anonymized or deleted in accordance with the statutory provisions.
- Information Security
We take appropriate technical and organizational measures in accordance with the state of the art to ensure a level of protection for the personal data we process that is appropriate to the risk of the respective processing and to protect the data we process against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data that you send to us.
Our employees receive regular training on data protection and information security and are committed to confidentiality and data protection.
A restrictive rights and roles concept on a "need to know" basis ensures that employees only have access to the personal data they absolutely need to perform their duties.
- Amendment of this Privacy Policy
We reserve the right to amend this Privacy Policy from time to time so that it always complies with current legal requirements and/or in order to implement changes to our services in the Privacy Policy, e.g., when introducing new services. When visiting the website or using our services, the current privacy policy always applies.
Order information
- Examples of Personal Information collected: name, billing address, shipping address, payment information, email address, and phone number.
- Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor Bydesign.
Customer support information
- Examples of Personal Information collected:
- Purpose of collection: to provide customer support.
- Source of collection: collected from you.
- Disclosure for a business purpose: