1. PREAMBLE

1.1. This Privacy Policy is an integral part of the General Conditions, accessible here ,so that the definitions used in these are reused in this Privacy Policy.

1.2. The purpose of this Privacy Policy is to inform Customers about how their Personal Data is collected in particular from the Website, how they are processed by GB Belgium  and finally the rights enjoyed by Customers regarding these treatments as defined below.

1.3. In the context of the processing of Personal Data, GB Belgium acts as data controller, as defined by the Regulations on Personal Data.

2. DEFINITIONS

The following terms, whether used in singular or plural in this Privacy Policy, will have the following definition:

Intermediate Archiving : designates the movement of Personal Data which is still of administrative interest for GB Belgium (for example in the event of litigation and / or in the event of legal obligation) in a separate database, logically or physically separated and from which , in any event, access is restricted. This archive is an intermediate step before the deletion of the Personal Data concerned or their anonymization.

CGV : means the General Conditions of Sale accessible at the following address: https://www.Swissbiol.com/en/terms-and-conditions

Personal Data (s)  :Refers to the Customer’s personal data, within the meaning of the Personal Data Regulations, collected and processed by GB Belgium   in the context of the creation and management of their Personal Profile and the use of its part of the Services.

Confidentiality policy : means this confidentiality and personal data protection policy for Customers implemented by GB Belgium which is an integral part of the GTC.

Terminal (aux) : designates (s) the material equipment (computer, tablet, smartphone, telephone, etc.) used by the Customer to consult or view the Website and / or contact GB Belgium.

Terms starting with a capital letter that are not defined in this article have the meaning given to them in the GTCS.

3. LEGAL BASES FOR PROCESSING

In accordance with the Personal Data Regulations, the processing operations designated in this Privacy Policy are supported by a specific legal basis.

3.1. The processing is necessary for the execution of the sale and / or the services that the company GB Belgium has undertaken to provide to the Customer under a contract to which the Customer is a party, materialized by the acceptance, by the latter , of the GTC.

The Personal Data entered by the Customer is necessary for the performance of a number of processing operations related to the execution of the contractual relationship between the Customer and GB Belgium.

3.2. Processing is necessary for the purposes of the legitimate interests pursued by GB Belgium such as monitoring website traffic, monitoring customer relations, personalizing the display of the Website in particular to respond to Orders and Serenity Offers, l improvement of the Website and management of arrears and the creation of evidence in the event of disputes with the Client.

3.3. The processing is necessary to enable GB Belgium to comply with its legal obligations, in particular accounting and tax, as well as to fight against fraud.

4. THE PURPOSES OF THE PROCESSING

The Customer’s Personal Data is necessary to allow him access to the Website and / or contact GB Belgium  by any means of communication, in particular by telephone, and the placing of Orders, and to allow GB Belgium to / from:

carry out operations relating to its commercial relationship with the Client, that is to say concerning invoices, accounting, monitoring of the “client relationship” with the Client, such as carrying out satisfaction surveys, management complaints, use of the Website and sending parcels following an Order, etc. ;

carry out operations relating to prospecting, that is to say the management of technical prospecting operations (which notably includes technical operations such as standardization, enrichment and deduplication);

carrying out commercial solicitation operations;

the development of trade statistics; marketing analysis and tools (including classification, score, etc.)

the management of requests to exercise the rights designated in article 9 below;

litigation management;

the fight against fraud.

5. STORAGE OF PERSONAL DATA

5.1. The Website is hosted by the company Infomaniak, the general conditions of which are available by clicking here <General Conditions >.

5.2. All precautions have been taken to store Personal Data of Customers in a secure environment and prevent it from being distorted, damaged or from unauthorized third parties having access to it.

6. COLLECTION OF PERSONAL DATA ON THE WEBSITE

6.1. GB Belgium collects all or part of the following Personal Data when browsing the Website as t placing an Order by a Customer, which is kept for a period of three (3) years or last telephone contact, etc. ):

Last name ;

First name;

Address  ;

Email address ;

Telephone number ;

Behavior on the Website ;

Payment identifier ;

The connection data (date, time, IP address, pages viewed) of the Customer when browsing the Website.

The above Personal Data is also kept in Intermediate Archiving for an additional period of two (2) years in accordance with the common limitation period.

Invoices;

Amount of transactions made and the date and time of these transactions.

The above Personal Data may also be stored in Intermediate Archiving for an additional ten (10) years, in accordance with GB Belgium  ’s tax and accounting obligations.

6.2. All the Personal Data listed in article 1 collected by GB Belgium is essential to place an Order.

7. RECIPIENTS OR CATEGORIES OF RECIPIENT IF THEY EXIST

Identity of the recipient

Country of establishment of the data recipient

Nature of data transferred

Purpose of the proposed transfer

Data recipient categories

Level of protection offered by the country or exception provided for by the Personal Data Regulations

Infomaniak

Swiss

All

Website Hosting

Service provider

Countries with adequate guarantees

Google

United States

Behavior on the Website

Analysis of Customer behavior

Service provider

Privacy Shield

Facebook

United States

Behavior on the Website

Analysis of Customer behavior

Service provider

Privacy Shield

8. SECURITY OF TRANSACTIONS ON THE INTERNET

8.1. In accordance with the GTC, the Website uses the technology of the bank company, to secure Customers’ banking transactions.

8.2. Thus, when paying on the Website, the Customer’s bank details are transmitted encrypted to the Bank company, without GB Belgium   being able to become aware of them. These bank details may be kept for the execution of the Order, in particular for Serenity Offers.

8.3. GB Belgium  does not collect the full number of the Customer’s bank card or its cryptogram.

To exercise their rights such as those identified in article 9, relating to their credit card details, the Customer is invited to contact the Bank company directly.

9. CUSTOMER RIGHTS

In accordance with the Personal Data Regulations, the Customer may, at any time, benefit from the following rights from / to:

access (article 39 of Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms),

rectification (article 40 of Law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms),

erasure (article 40 of Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms),

limitation of processing (article 40 of Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms),

portability (article L224-42-1 of the Consumer Code),

opposition (article 38 of Law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms),

post-mortem directives (article 40-1 of Law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms),

Nevertheless, GB Belgium can oppose manifestly abusive requests (number, repetitive or systematic nature), on the responsibility of Healt Wellness to demonstrate their abusive nature.

9.1. Access rights

The Customer has the possibility of obtaining from GB Belgium the confirmation that the Personal Data concerning him are processed or not and, if necessary, to access said Personal Data as well as the following information:

the purposes of the processing;

the categories of Personal Data processed;

the recipients or categories of recipients to whom the Personal Data have been or will be communicated;

where possible, the envisaged period of retention of Personal Data or, when this is not possible, the criteria used to determine this period;

the existence of the right to request from Healt Wellness the rectification or erasure of Personal Data, or a limitation of the processing of its Personal Data, or the right to oppose this processing;

the right to lodge a complaint with the CNIL;

when the Personal Data are not collected from the Client, any available information as to their source;

the existence of automated decision-making based on processing, including profiling, and, at least in such cases, useful information regarding the underlying logic, as well as the importance and expected consequences of this processing to the customer.

GB Belgium provides, on request, a copy of the Personal Data being processed.

GB Belgium may require the payment of reasonable costs which may not exceed the reproduction costs for any copy requested by the Customer on tangible medium.

When the Customer submits his request electronically, the information is provided in an accessible form, unless requested otherwise.

The Customer’s right to obtain a copy of their Personal Data may be limited by the need for GB Belgium to preserve the rights and freedoms of others.

9.2. Right of rectification

The Customer has the possibility of obtaining from GB Belgium, as soon as possible, the rectification of Personal Data concerning him which is inaccurate, outdated or incomplete. He also has the possibility of having the incomplete Personal Data completed, including by providing an additional declaration.

9.3. Erasure rights

The Customer has the possibility of obtaining from GB Belgium the erasure, as soon as possible, of Personal Data concerning him when one of the following reasons applies:

Personal Data is inaccurate, incomplete, ambiguous or outdated;

the collection, use, communication or conservation of his Personal Data is prohibited;

the Customer exercises his right of opposition under the conditions recalled below and there is no overriding legitimate reason for the processing;

Personal Data must be erased to comply with a legal obligation;

Personal Data has been collected from a minor.

9.4. Limitation rights

The Customer has the possibility of obtaining from GB Belgium the limitation of the processing of his Personal Data when one of the following reasons applies:

GB Belgium verifies the accuracy of Personal Data following the Customer’s challenge to the accuracy of Personal Data,

the processing is unlawful and the Customer opposes the erasure of Personal Data and instead requires the limitation of their use;

GB Belgium no longer needs Personal Data for processing purposes, but these are still necessary for the Client for the establishment, exercise or defense of legal claims;

the Customer has objected to the processing under the conditions recalled below and GB Belgium checks whether the legitimate reasons pursued prevail over the alleged reasons.

9.5. Right to data portability

The Customer has the possibility of receiving Personal Data concerning him / her from GB Belgium, in a structured format, commonly used and readable by one when:

the processing of Personal Data is based on consent, or on a contract to which the Client is a party; and

the processing of Personal Data is carried out using automated processes.

The Customer who exercises his right to portability can request that his Personal Data be transmitted directly by GB Belgium to another controller who he designates when technically possible.

The right to the portability of the Customer’s Personal Data must not infringe the rights and freedoms of others.

9.6. Right to object

The Customer may object at any time, for legitimate reasons, to the processing of Personal Data concerning him. It can also oppose any processing intended for commercial prospecting. GB Belgium will then no longer process Personal Data, unless it demonstrates that there are compelling and legitimate grounds for processing which prevail over the interests and rights and freedoms of the Client, or may keep them for the record, the exercise or defense of legal claims.

If a Customer wishes to oppose a processing of his Personal Data for which a button has not been provided by GB Belgium, he can always exercise his right of opposition under the conditions of paragraph 10.

9.7. Limitations on the exercise of rights

The Customer cannot exercise the rights set out in articles 9.2 to 9.6 when the processing of his Personal Data is necessary:

The exercise of the right to freedom of expression and information;

Compliance with a legal obligation which requires the processing of his Personal Data;

For archival purposes in the public interest, for research purposes

Finally, compliance with the Customer’s requests does not prevent GB Belgium from keeping the Personal Data necessary for the establishment, exercise or defense of legal claims.

9.8. Post-mortem guidelines

The Customer has the possibility of communicating to GB Belgium directives, general or specific, relating to the conservation, erasure and communication of his Personal Data after his death, which directives can also be registered with « a third party certified digital trust ». These directives, or sort of « digital will », can designate a person responsible for their execution; otherwise, the Client’s heirs will be designated.

In the absence of any directive, the heirs of the Client may apply to GB Belgium in order to:

access Personal Data processing allowing « the organization and the settlement of the deceased’s estate» ;

receive communication of « digital goods » or « data akin to family memories, transmissible to heirs » ;

cause the Client’s Account to be closed on the Website and oppose the further processing of his Personal Data.

In any event, the Customer has the possibility of indicating to GB Belgium , at any time, that he does not wish, in the event of death, that his Personal Data be communicated to a third party.

10. EXERCISE OF SPECIFIC RIGHTS OF CUSTOMERS

10.1. These rights can be exercised at any time with GB Belgium :

By email to the following address: contact@swissbiol.com

By post to the following address:  GB Belgium, Avenue Louise 523, 1050 Bruxelles Belgium.

Directly from the Client’s Account on the Website.

10.2. For the purposes of asserting his rights under the conditions referred to above, the Customer must prove his identity by mentioning his surname, first name, e-mail address, in particular that indicated in his Account and, where applicable, Customer number .

10.3. A response will be sent to the Client within a maximum of one (1) month following the date of receipt of the request, unless it is incomplete.

If necessary, this period may be extended by two (2) months by GB Belgium, which will inform the Customer, taking into account the complexity and / or the number of requests.

10.4. In the event of the Customer’s request to delete his Personal Data and / or in the event of the exercise of his right to request the erasure of his Personal Data, GB Belgium may however keep them in the form of intermediate Archiving, for the duration necessary to meet its legal, accounting and tax obligations.

10.5. The Customer can also file a complaint with the competent supervisory authority (la CNIL).

11. THE SECURITY OF YOUR PASSWORD

11.1. GB Belgium takes all necessary precautions to ensure the secure storage of the Customer’s password.

11.2 However, the security of this password also depends on its design.

11.3 Also, the Customer is reminded that his password, to be valid, must be composed, at least of 8 characters at least 3 of the following 4 types: capital letters, small letters, numbers, special characters

11.4 Blocking multiple attempts: time delay for accessing the account after several failures, locking the account after 5 failures.

11.5 Mnemotechnical means allow the creation of complex passwords, such as:

keep only the first letters of words in a sentence; for example, the sentence « A Password is remembered! » Corresponds to the password 1mdp @ sr!

by capitalizing if the word is a name (ex: word)

keeping punctuation marks (ex:!)

by expressing the numbers using the digits from 0 to 9 (ex: A -> 1)

12. COOKIES PLACED ON THE CUSTOMER’S TERMINAL AFTER BROWSING THE WEBSITE

12.1 Cookies are used on the Website.

A cookie is information deposited on the Terminal which is used by the Customer to access the Website.

12.3 Cookies are related to the navigation of the Customer on the Website and allow to determine the pages he has visited, their date and time of consultation.

12.4 At no time do these cookies allow GB Belgium to personally identify the Customer.

12.5 The shelf life of these cookies in the Customer’s Terminal does not exceed thirteen (13) months.

12.6 More specifically, the Personal Data collected from cookies issued by GB Belgium or third parties allow:

to establish statistics and volumes of frequentation and use of the Website allowing to improve the interest and the ergonomics of our Services;

adapt the presentation of the Website to the display preferences of the Customer’s Terminal (language used, display resolution, operating system used, etc.);

allow the Customer to access his Account using his pre-registered identifiers;

memorize information relating to a form completed by the Customer on the Website (registration or access to their Account);

to implement security measures, for example when the Customer is asked to connect again to the Website after a certain period of time;

12.7. Thanks to cookies, GB Belgium collects and processes for the purposes determined above, all or part of the following Personal Data:

Information on his browsing and behavior on the Website :

statistics on the consultation of the different pages of the Website ;

full URL tracking to, via and from the Website;

Information concerning the Client (presumed centers of interest, etc.) linked to its activity on the Internet and communicated by third parties (advertisers, advertising management, etc.).

13. GB BELGIUM COOKIES

Service and type of cookie                 Role of the cookie and data collected                        Duration

PHPSESSID                                            Client Identification                                                       3 months

Cookieconsent_                                    Acceptance of the cookie banner                               1 year

14. THIRD PARTY COOKIES

Service and type of cookie                 Role of the cookie and data collected                          Duration

_ga (Google Analytics)                      Analysis of Customer behavior                                     13 months

_gid (Google Analytics)                       Analysis of Customer behavior          

_ym_d                                                  Date of first connection by the Customer                1 year

_ym_isad                                               Presence of ad blocker                                                  2 days

_ym_uid                                                Client Identification                                                       1 year

_ym_visorc_ *                                     Refresh user sessions                                                   30 minute

 15. OPPOSITION TO COOKIES

15.1. The Customer is informed, during his first visit, that he has the right to oppose the registration of cookies which are incidental to the operation of the Website and this in particular by configuring his Internet browser to do this.

15.2. When the Customer browses the Website, information may be recorded, or read, in his Terminal, subject to his choices.

15.3 You will find more help on the dedicated pages of your browser (below the most common browsers):

Internet Explorer: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies

Google Chrome : http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647

Safari : https://support.apple.com/kb/PH19214?locale=fr_FR&viewlocale=fr_FR

Firefox : http://support.mozilla.org/fr/kb/Activer%20et%20désactiver%20les%20cookies

Opera : http://help.opera.com/Windows/10.20/fr/cookies.html

15.4   The Customer can also configure his browser so that it sends a code indicating to websites that he does not wish to be followed (Do No Track « option ») :

Internet Explorer™ : http://windows.microsoft.com/fr-fr/internet-explorer/use-tracking-protection#ie=ie-11

Safari™ : http://support.apple.com/kb/PH11952

Chrome™ : https://support.google.com/chrome/answer/114836

Firefox™ : https://support.mozilla.org/fr/kb/comment-activer-option-ne-pas-pister

Opera : http://help.opera.com/Windows/12.10/fr/notrack.html