Privacy Policy
Last Update: 2023-06-12
Ani Biome is committed to respecting your privacy.
Ani Biome is a brand owned by Cidrani d.o.o., Štihova 13, Ljubljana, SI11613173 who this Privacy Policy is issued on behalf of. This Privacy Policy (“Privacy Policy”) describes how Ani Biome (“Cidrani”, “we”, “us”), that is the relevant department of Cidrani d. o. o. responsible for processing your data, collects, processes, stores, and uses your personal data, including any data you may provide through our website or mobile application and any data collected automatically when using our services (collectively, the “Service”) provided or any other interaction with Ani Biome, whether online or offline. Our Privacy Policy is designed to help you (“you”, “user”, “Client”) better understand how we collect, use, store, process, and transfer your information when using our Service, and how you can contact us if you have any questions or concerns.
It is important that you read this Privacy Policy so that you are fully aware of how, when, and why we are using your personal data. This Privacy Policy is incorporated by reference into the Ani Biome terms of service (“Terms” or “Terms of Service”), which can be accessed through our website and mobile application. Other privacy policies may be provided to you on occasions when you are using specific products or services.
By using our Services, you agree, accept, and consent to all of the policies and procedures described in these documents. If you do not agree with or are not comfortable with any aspect of this Privacy Policy or the Terms of Service, you should immediately discontinue use of our Services.
YOUR PRIVACY MATTER
DATA CONTROLLER /Voditelj obrade osobnih podataka je: Cidrani d.o.o., Ljubljana, Štihova 13, SI11613173.
Kontakt podaci voditelja obrade:
Adresa e-pošte za kontakt: danijelaånibiome.ai
Kontakt Službenika za zaštitu osobnih podataka: danijela@anibiome.ai
DATA PROCESSOR: Cidrani d.o.o., Ljubljana, Štihova 13, SI11613173.
If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at the following addresses:
E-mail: ani@anibiome.ai
Mail: Cidrani d.o.o., Ulica Koste Vojnovića 33, 10000 Zagreb, Croatia
CHANGES TO THE PRIVACY POLICY
We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material changes to this Privacy Policy if and where this is required by applicable data protection laws. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Policy.
WHAT DATA DO WE COLLECT?
Personal data, or personal information (“Personal Information”), means any information you may provide to us.
We may collect, use, store, analyze, process, and transfer different kinds of data about you via different services of ours, depending on which services you request. We will indicate to you when your personal information is required in order for us to provide you certain services. If you choose not to provide such data, we may not be able to provide the services you have requested.
We have grouped the data together as follows:
Contact Data - first and last name, billing and shipping address (city/town, postal code, street adddress, apartment No (if applicable)), email address and telephone number;
Account Data - your username and password.
Sensitive Data - all information you provide us about yourself when making an account as well as while you are using the app Ani DailyTM such as physical condition-related information, diet-related information,data of an individual relating to racial or ethnic origins, sexuality, a confidential state of physical and psychological health status, its history, records as can be seen in the table below:
|
DATA |
LEGAL BASIS OF PROCESSING |
|
Date of birth |
|
|
Type of birth |
|
|
Ethnic Group |
|
|
Sex |
|
|
Gender |
|
|
Health status |
|
|
Smoking |
|
|
Diet |
|
|
Food Sensitivity |
|
|
Weight |
|
|
Height |
|
|
Pregnacy |
|
|
Blood biomarkers |
|
Financial Data - bank account, credit card information ((i) credit card No, (ii) credit card expiry date, (iii) credit card CVC No) and information about payments to or from you and the details of your transactions when purchasing services from us;
Technical Data - the internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-ins and versions, computer operating system and platform, and other information about the technology of the devices you use to access our online media.
Usage Data - information about how you use our websites (e.g., browser type, domains, page views, etc.), products, and services;
Marketing and Communications Data - your preferences in receiving marketing from us and our partners and your communication preferences, and all information you share while engaging with our client service (“Client Service”);
Questionnaire Data - the entire history of your replies to the Ani Daily Vitality Scan via Ani DailyTM;
Biological Data - data collected through the use of biological scans of the face, eyes, tongue and all derived data from the wearables (https://docs.tryterra.co/reference/v2). Scans are being processed only within your device and only during the software data analysis to obtain the measure results, and they are not stored longer or somewhere else. Biological Data is not used for any other purpose, especially not to identify individuals.
Aggregate Data - data collected from a group of individuals and compiled into data collections or summaries. No particular individual can reasonably be identified when evaluated as a whole. It is widely used for data analysis and machine learning models development;
User Content Data - information you create or content that you post or upload on our website, social media, or public forums that relate to us, such as blogs, data, text, software, documents, audio, photographs, graphics, video, messages, discussions, emails, or other materials that you create or provide to us through public or private transmissions.
De-identified Data - forms of data after removing personal identifiers, which is followed by assigning a randomly chosen unique code for each data. In this way, your personally identifying information is prevented from being revealed in any way (including accidentally). We will not try to re-identify your data, except as necessary and for the purpose of providing the Service to you. Also, we prohibit downstream recipients (third-parties) from trying to re-identify your data.
Anonymized Data - subcategory of de-identification whereby data can never be re-identified. It does not contain any identifiable information and there is no way to link the information back to identifiable data. We use Anonymized Data for analysis and improving our machine learning models.
HOW YOUR DATA IS COLLECTED AND USED?
Purposes of collecting Personal Information are to:
- a) provide you with the Service
We use your data for activities necessary to provide the Service. These include testing and analyzing data, customizing your Ani Daily Vitality Scan and monthly plans of AgeBioticsTM, and improving our Services.
These activities may include, but are not limited to:
- opening and maintaining your Ani Biome account;
- enabling the purchase of our Service (e.g., processing payments and making personalized AgeBioticsTM boxes);
- communicate with you (e.g., to notify you via mobile application);
- implement your requests to “Client Service”;
- facilitate your use of our website and mobile applications (including authenticating your visits, providing personalized content, and tracking your use of our Services);
- facilitate the covered Services of our third-party partners;
- enforce our Terms of Service and other agreements;
- conduct data analysis to improve existing Services or develop new Services; and
- improve our data analytics and machine learning models to help us provide more precise and accurate personalized interventions to you.
We may also use your information to troubleshoot errors or problems, analyze the use of our website, collect recurring Membership Fees, improve or optimize the client experience and client service, or evaluate the effectiveness of our marketing campaigns.
- b) provide Service by Third Parties
Ani Biome does not sell or transfer your personal information to third parties.
If you purchased any part of the Service that is provided by our third-party partners, your data will be given to our partners who will provide these Services for you. However, any use of your data shared with or provided to the third party for the purpose of providing the Services (directly or through their service providers) shall be governed by this Privacy Policy, and it shall not contain any identifiable information.
Unless required by law or a court order, Ani Biome will not release your Personal Information to any third party not identified in this Privacy Policy without first receiving your explicit consent by way of acceptance of a Consent Form.
For individuals located in the European Union (“EU”): Our legal basis for processing your Sensitive Data for the purposes described above is based on your consent. Please read below on Data Privacy for EU Residents Under GDPR for further details.
- c) improve Service, analysis methods and machine learning models
We are constantly working on improving our Service and enhancing the capacity and accuracy of our data analysis methods and artificial intelligence engine we use for the purpose of delivering more accurate and personalized recommendations to you.
Our artificial intelligence engine and machine learning models perform multiple analyses of aggregated anonymized data from our information database, carefully selected high-quality scientific literature, the expert knowledge of our science and technical team, and feedback from our Clients to develop precise and personal interventions for you and your gut microbiome to support your vitality and increase healthspan. In this way, we are able to guide you and provide better and more accurate individualized Services.
- d) provide Client Service and Support
When you contact Client Service, we may use or request additional Personal Information to verify your identity, answer your questions, resolve disputes, and/or investigate and resolve problems or complaints. In certain cases, we may need to use a client’s Personal Information to resolve another client’s inquiry. For example, if a client reports the conduct of another client that violates our Terms of Service, we will process the personal information of both clients separately and respond to each client separately as appropriate. We will not share your personal information with another client or a third party without your explicit consent.
- e) Testimonials
We value our Clients’ feedback and may send you surveys, polls, or requests for testimonials to improve and optimize our Services. We may use your Personal Information to send you surveys, questionnaires, and requests for testimonials that we use to optimize our Service and perform quality control activities. You are in control of the information you would like to share with us. If you do not wish to receive these requests, you can manage them by a request to our Client Service using the details provided in this Privacy Policy.
- h) Marketing and communications
By creating an Ani Biome Account and using our Service, you agree to receive Service-related email about new features, add-ons, promotions, contests, and other notifications about our Services. You may unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the "Unsubscribe" link in the footer of the email or send a request to our Client Service using the information provided above. You may not opt out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, important Ani Biome policies, or service-related emails.
We may also use the Personal Information you provide to personalize your user experience and to enable us to recommend or deliver the type of content, new features, or Service offering in which you are most interested. We may also use your Personal Information to compile usage statistics and other data about the use of our Services and for other types of marketing and communication purposes, without asking for and receiving your explicit consent (e.g., targeted advertising that uses advertising networks and third-party providers that help us deliver targeted online advertising or measure the effectiveness of advertising campaigns). We will not use your Sensitive Information for marketing and communication purposes.
As a data controller, we will only use your Personal Information if we have a legal basis for doing so.
Therefore, your Data will be be used with the following purposes:
|
PURPOSE |
LEGAL BASIS OF PROCESSING |
|
To manage your account
|
Performance of a contract with you |
|
To process and deliver your product or service orders (managing your charges and payments, performance of any contract arranged with you) |
Performance of a contract with you |
|
To notify you of changes in this Privacy Policy |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation |
|
To provide you with updates about your orders or account |
Performance of a contract with you |
|
To contact you with newsletters and other website content |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
|
To use data analytics to improve our websites, products and services, marketing and client experience |
Necessary for our legitimate interests (to develop and improve our website, products and services) |
|
To contact you with promotional offers from us |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
|
To provide you with AgeBioticsTM Calculating the contents of your monthly AgeBioticsTM box according to our personalization algorithm based on Questionnaire Data where appropriate. |
Performance of a contract with you |
|
To provide you with Vitalligence QuotientTM (VQTM) value Calculating various indexes and developing algorithms based on Questionnaire Data, Biometric Data and other data, when applicable |
Performance of a contract with you Necessary for our legitimate interests (to develop our products/services and grow our business) |
|
To develop and improve a machine learning model Building and improving a machine learning model with the purpose of personalizing our Service for you and our other Clients |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to develop our machine learning model to improve our recommendation algorithms) |
We never share any data connected to your identifiable information with any party not included in our Service provider partners without your direct consent unless we need to comply with a legal obligation.
You have the right to request deletion, retrieval or correction of your data at any time; we will always extend your requests to any third party Service provider with whom your data was shared with for the purposes outlined above.
We may process your personal data based on more than one lawful ground depending on the specific purpose for which we are using your data. You can always contact us if you need details about the specific legal ground we are relying on to process your data.
If you have any questions or concerns, we will strive to respond to your inquiries promptly.
Please contact us at ani@anibiome.ai
HOW LONG WE STORE YOUR DATA
We process your data for the purposes specified above until you request deletion of your account, or if you delete your account, or if there is another reason for terminating your use of the Service, as described in our Terms of Service.
One of our main Services is based on building a machine learning model using the collected data of our clients. We also provide a data overview and history of the various vitality-related metrics we calculate from the data in order for you to be able to track the changes in the metrics over time.
You have the right to and can at any time request deletion of most of your personal data. We are required to comply with these requests and remove your personal data from our databases, with the exception of data we are legally required to hold on to for accounting, audit and compliance purposes. See details of your rights in the Privacy Rights for Clients in the European Economic Area section.
COOKIES AND SIMILAR TECHNOLOGIES
Ani Biome uses different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
This helps us to provide you with a good experience when you browse Ani Biome.
We use the following types of cookies:
Cookies Necessary for the Functioning of the Store
|
Name |
Function |
Duration |
|
_ab |
Used in connection with access to admin. |
2y |
|
_secure_session_id |
Used in connection with navigation through a storefront. |
24h |
|
_shopify_country |
Used in connection with checkout. |
session |
|
_shopify_m |
Used for managing client privacy settings. |
1y |
|
_shopify_tm |
Used for managing client privacy settings. |
30min |
|
_shopify_tw |
Used for managing client privacy settings. |
2w |
|
_storefront_u |
Used to facilitate updating client account information. |
1min |
|
_tracking_consent |
Tracking preferences. |
1y |
|
c |
Used in connection with checkout. |
1y |
|
cart |
Used in connection with shopping cart. |
2w |
|
cart_currency |
Used in connection with shopping cart. |
2w |
|
cart_sig |
Used in connection with checkout. |
2w |
|
cart_ts |
Used in connection with checkout. |
2w |
|
cart_ver |
Used in connection with shopping cart. |
2w |
|
checkout |
Used in connection with checkout. |
4w |
|
checkout_token |
Used in connection with checkout. |
1y |
|
dynamic_checkout_shown_on_cart |
Used in connection with checkout. |
30min |
|
hide_shopify_pay_for_checkout |
Used in connection with checkout. |
session |
|
keep_alive |
Used in connection with buyer localization. |
2w |
|
master_device_id |
Used in connection with merchant login. |
2y |
|
previous_step |
Used in connection with checkout. |
1y |
|
remember_me |
Used in connection with checkout. |
1y |
|
secure_client_sig |
Used in connection with client login. |
20y |
|
shopify_pay |
Used in connection with checkout. |
1y |
|
shopify_pay_redirect |
Used in connection with checkout. |
30 minutes, 3w or 1y depending on value |
|
storefront_digest |
Used in connection with client login. |
2y |
|
tracked_start_checkout |
Used in connection with checkout. |
1y |
|
checkout_one_experiment |
Used in connection with checkout. |
session |
Reporting and Analytics
|
Name |
Function |
Duration |
|
_landing_page |
Track landing pages. |
2w |
|
_orig_referrer |
Track landing pages. |
2w |
|
_s |
Shopify analytics. |
30min |
|
_shopify_d |
Shopify analytics. |
session |
|
_shopify_s |
Shopify analytics. |
30min |
|
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
30min |
|
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
30min |
|
_shopify_y |
Shopify analytics. |
1y |
|
_y |
Shopify analytics. |
1y |
|
_shopify_evids |
Shopify analytics. |
session |
|
_shopify_ga |
Shopify and Google Analytics. |
session |
Google Analytics
We use Google Analytics to monitor web behavior, a service that provides information about how many users visit our website and online resources, when they visit, and how they navigate our website. We may also use other Google Analytics tools, such as demographic and interest reports, which allow us to learn more about the characteristics and interests of users who visit our website, and remarketing with Google Analytics, which allows us to provide relevant advertising on various websites and online services.
To learn more about Google’s privacy practices, please go to Google Privacy Policy at: https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at: https://tools.google.com/dlpage/gaoptout.
OPTING OUT
We may use your Contact, Account, Technical, Usage and Marketing and Communications Data to conclude what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
You can exercise your right to prevent such contact and opt out of receiving these communications by clicking on a ‘unsubscribe’ link at the bottom of every such email.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
FAILURE TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at that time.
DISCLOSURE OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below for the purposes set out in the table above.
Internal Third Parties - Daughter company Cidrani d. o. o. Slovenia
External Third Parties - Professional advisors acting as processors including lawyers, bankers, auditors, accountants and insurers who provide consultancy, banking, legal, insurance and accounting services; Service providers acting as processors who provide IT and system administration services;
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data and only permit them to process the specified anonymized data for strictly defined purposes and in accordance with our instructions. Your requests for data disclosure, deletion or correction will always be relayed by us to all relevant third parties. We ensure that all third parties we partner with are GDPR compliant if they are located in the European Economic Area (EEA). Otherwise, we put safeguards in place to ensure that GDPR rights continue to be respected in countries outside the EEA to which personal data is transferred and processed.
Privacy Rights for Clients in the European Economic Area
If you are located in the European Economic Area, you have various rights (under GDPR) as described below.
Your right to be informed (transparency)
This Privacy Policy, together with our Cookie Policy, tells you about the ways in which we use your personal information (which is referred to as “Personal Data” in the GDPR).
Your right of access
You have the right to ask us for a copy of your personal information, which we are required to provide in an easily readable format. There are some exemptions and limitations in what we can provide in response to such requests, which means you may not always receive all the personal information we process. We will inform you if any exemption or limitation applies and what its impact is.
Your right to correction
You have the right to ask us to correct personal information you think is inaccurate. You also have the right to ask us to complete your personal information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. Where it is appropriate that we comply, your request will be fully actioned within 30 days. Please note that we may not always be able to remove your personal information from ongoing or completed research studies. We may also retain some account information related to purchase and service history. This enables us to provide ongoing support regarding prior purchases and services, and is also necessary for accounting, audit and compliance purposes.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances. For example, you can request that we limit the way in which we use your “Personal Data” (as defined by the GDPR) if you are concerned about the accuracy of the data or how it is being used.
Your right to object to processing
You have the right to object to processing of your personal information in certain circumstances. Where it is appropriate that we comply with your request, we will stop processing your information for the use you have objected to.
Your right to data portability
You have the right to receive your personal information which you have provided to us. You also have the right to have us send your personal information to another organization where our lawful basis for the processing is your consent, or where the processing is necessary for the performance of an agreement and the processing is carried out by automated means.
You may request access to the information we maintain about you, update and correct inaccuracies in your information, restrict or object to the processing of your information, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your information to another company. In addition, you also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
You may withdraw any consent you previously provided to us regarding the processing of your information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdraw your consent.
You may exercise these rights by contacting us using the contact details at the beginning of this Privacy Policy. Before meeting your request, we may ask you to provide reasonable information to verify your identity. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
The Company does not transfer personal data to third countries (countries outside the European Union and the European Economic Area) or international organizations. If there is a need for such transfer by external service providers to the Company during its operations, the Company will only carry out such transfer if it is permitted and in accordance with the positive regulations governing that area. Specifically, the Company shares data with the external service provider Stripe (.https://stripe.com/en-hr) for the purpose of fulfilling the contractual relationship with you - payment of the purchase price for our products, in accordance with all data protection standards applicable in the European Union if personal data is transferred from the European Union for the purpose of executing the payment service.
OUR RELATIONSHIP WITH YOU
We are the “controller” with respect to your Personal Information because we determine the means and purposes of processing your information when you use our Services.
DATA SECURITY
Ani Biome takes reasonable measures and has procedures in place to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. All connections to Ani Biome website, softwares, and mobile application are encrypted using 256-bit Advanced Encryption Standard and Transport Layer Security (TLS) technology.
Ani Biome has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the client information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Please keep this in mind when you provide any information to us online.