Personal Data We Collect Directly From You.
We collect personal data ("Personal Data") directly from you for instance when you sign up for an account with us, request information from us, subscribe to emails or newsletters, browse or interact with us through our Website or otherwise. We process Personal Data to meet our legal, statutory and contractual obligations as well as to offer and provide products and services to you, including through our Website and its offerings, and collect Personal Data as is necessary for us to process your information as set out in this policy.
Personal Data is information by which an individual can be identified or which can be related to an identifiable individual and includes but is not limited to your name, address, postal code, personal email, home and mobile phone numbers, home or work address or telephone number, as well as demographic information, gender, preferences, interests and favourites. If you email us (or contact us otherwise), we may retain a record of such email (or other) communication (including attachments), including your email address, name, content of your email and our response.
Any purchases you make through our third-party E-commerce platform, Shopify, will be subject to the Shopify's terms and conditions and other policies as outlined below.
Information We Collect Automatically.
We collect Personal Data about your use of our Website through cookies, web beacons, and other tracking technologies, including details of transactions, orders, fulfillment, as well as record details of your visits to our Website including to traffic data, location data, cookies, communication data, information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to advertising for analysis. Where this is limited to statistical data about our users' browsing actions and patterns, it does not identify any individual.
We use this information primarily to maintain quality of the service, and to understand how you use our Website. We also may use this information to generate general statistics regarding use of this Website. We may combine this information with other information that we collect about you. We also collect information when you view content on or otherwise interact with our Website, even if you have not created an account. For more detailed information about the various tracking technologies we use and how they work, please see below.
How We Use Your Personal Data.
Under the GDPR we are permitted to process Personal Data if we have a legal basis for doing so and only to the extent and for as long as is necessary for the purposes for which the data was collected. Except for the purposes stated below, we will never use, sell or disclose your Personal Data without your consent unless required to do so by law:
- To perform a contract with you or take pre-contractual steps at your request, such as providing services to you, order fulfillment, communication with you (including via email, about your use of our services or administrative information, such as notifying you about changes in our terms or notice); responding to inquiries and customer service; carrying out our obligations and enforcing our rights; and other customer service obligations.
- In accordance with our legitimate interests in offering and providing products and services to the public, such as providing you with news and promotions, contacting you about information or products we think you may be interested in and for other promotional purposes; create tailored content for you on our Website; to further understand how visitors visit the Website (aggregated and individually); for research and analytical purposes; to protect employees, property and operations; to protect our rights and interests, and/or that of our affiliates, and the rights and interests of other visitors to our Website, as well as to enforce our policies and Terms; to pursue available remedies or limit the damages that we may sustain; to keep business records (such as tax and accounting); to comply with applicable legal obligations in any relevant jurisdiction and to respond to lawful requests from government authorities; and to protect privacy, safety or property and to process Website visitor data to conduct, develop and grow our business activities and interests to improve our services, while limiting the use of Personal Data as described in this policy.
- As required by the GDPR and any relevant domestic legal jurisdiction, whether within or outside of the EU, such as to keep business records, respond to requests from public and government authorities; to protect privacy, safety or property.
How We Share Your Information.
We may share your information, including Personal Data in the following manner:
- With parent companies, affiliates, or subsidiaries for research and marketing, including marketing our products as well as their own products and services, and other purposes consistent this policy. Biomic Sciences, LLC is a wholly owned subsidiary of the Seraphic Group, Inc, a Virginia corporation.
- With companies that provide services to help us with our business activities such as shipping your order, taking payments, storing and securing data or offering customer service, performing Website analytics, assisting us with client communications, marketing and advertising, and evaluating the success of our marketing/advertising campaigns. In such cases, the processing of your data by such third parties may be governed by their privacy policies, which you are advised to read (and see also Third Party Links, below).
- With third-parties for their own marketing purposes, with your consent where required.
- With a successor in interest, if we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the acquiring company.
- In order to comply with the law a judicial proceeding, court order or other legal process, such as in response to a subpoena.
- Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of any of our policies of Terms.
- As aggregate or anonymised data about visitors to the Website with third-parties for marketing, research or other purposes.
Transfer and Disclosure of Your Data.
If you provide any Personal Data, whether through this Website or otherwise, it is possible that Personal Data may be transferred from your current location to the offices and servers of the Seraphic Group and its affiliates, agents and service providers located in other countries, outside the EU, and specifically within the USA. While we take appropriate measures to ensure that Personal Data shall be protected in accordance with the GDPR, you should be aware that the country to which such Personal Data may be transferred may not have equivalent data protection laws. Nevertheless, in the event we are required to transfer your data outside of the EU, we will ensure that any such transfer will be carried out in accordance with the GDPR and, where necessary we will seek your prior consent.
We take privacy seriously and take reasonable measures to protect your personal data Information from unauthorised access, alteration, disclosure or destruction, including providing: SSL, TLS, encryptions, restricted access, firewalls, anti-virus/malware and password policies.
Consequences of Not Providing Your Data.
You are not obligated to provide your Personal Data to us and you may ask us to delete or destroy such data, subject to any other legal basis or obligation we have for retaining it. However, as this information is required for us to provide you with our services we cannot perform such services without it.
How Long We Keep Your Data.
We maintain personal data only for as long as is necessary and in accordance with our retention policies. We may be required under applicable laws and regulations to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed upon request by you. We keep any personal data you have provided in order to receive direct marketing until such time as you notify us to delete it or you withdraw your consent.
Third Party Links.
The Website contains links to Third Parties ("Third Parties") who may act as controllers or processors: internal Third Parties such as Seraphic, Inc., and external Third Parties, such as Shopify, our E-Commerce Platform ("Shopify"),PayPal, our credit card processor, Linnworks.com ("Linnworks"), our fulfillment provider, and Klaviyo.com, our mailing list provider.
Shopify's terms and conditions can be found on https://www.shopify.com/legal. PayPal's terms and conditions can be found on https://www.paypal.com/uk/webapps/mpp/ua/legalhub-full. Linnworks' terms and conditions can be found on https://www.linnworks.com/us-terms. Klaviyo's terms and conditions are found at https://www.klaviyo.com/legal.
Any access to and use of Third Parties is not governed by this Notice but instead is governed by the privacy policies of those third-party websites. Read the terms of service, privacy statements and or cookies policies of websites you choose to link to from this Website so that you can understand how those other websites collect, use and share your information. We are not responsible for any terms policies, statements or other content on websites other than this Website.
Subject to any overriding legal obligations requiring us to retain or otherwise process your data;
- Where we rely upon consent as the legal basis for processing your Personal Data, you have the right to withdraw your consent at any time.
- You can object to data processing where we are relying upon legitimate interests to process Personal Data.
- You can object to direct marketing by us (see below).
- You may request access to and get a copy of your Personal Data to request that we correct any inaccuracies relating to you and you may request that we delete such Personal Data.
- You can receive your Personal Data in a readable and commonly used format and can also require that we transit it to another controller where feasible. Any such request must be in writing and will be responded to within 30 days once we have verified the identity of the person making the request.
- You can restrict the processing of your Personal Data (and allow for storage only), in certain circumstances.
- You also have the right to lodge a complaint with the appropriate regulator should you consider that the processing of your Personal Data infringes applicable data protection law.
Please contact us at firstname.lastname@example.org if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your Personal Data.
Please note that certain services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain Personal Data.
Where Third Parties, or we, send you marketing messages, you may opt out at any time by following the opt-out links provided in such messages. Where you opt out of receiving marketing messages from us or third parties, this will not apply to Personal Data provided to us as a result of any other transaction.
If you have any questions about security on this Website or wish to exercise your data subject rights, you can contact us at any time at email@example.com. In certain circumstances it may be necessary to submit an inquiry or request in writing.
Notice of Privacy Statement Changes.
We may update this policy to reflect changes to our privacy practices. If we make any material change, we will notify you by email (sent to the email address specified in your account) or post the updates prominently on this Website. We encourage you to periodically review this page for the latest information on our privacy practice.
Our Website is not designed for children under eighteen (18) years of age and we do not knowingly collect their personal data. If we discover that a child under eighteen (18) has provided us with personal data, we will delete such information from our systems. If you are under the age of 18 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify us, and we will delete all such Personal Data.