Cart (0)
Cart

Privacy Policy – BioG

Effective date: 10 December 2025

This Privacy Policy explains how BioG (“we”, “us”, “our”) collects, uses, shares and protects your personal data when you visit our website and purchase our products online in the European Union and the United Kingdom. By using our website, you acknowledge that you have read and understood this Privacy Policy.

1. Data controller

The data controller responsible for your personal data is: BioG.
If you have any questions about this Privacy Policy or our data practices, you can contact us at:
Email: info@biog.local (replace with your real email)
Postal address: [Insert full business address]

If required by law, we may appoint a Data Protection Officer (DPO); in that case, we will publish the DPO’s contact details here.

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Identity data: first name, last name, title.

  • Contact data: billing address, shipping address, email address, telephone number.

  • Account data: username, password, order history, preferences.

  • Transaction data: details of products purchased, payment status, invoice information.

  • Payment data: limited payment details (such as payment method and transaction ID); full card details are processed by our payment service providers and are not stored by us.

  • Technical data: IP address, browser type and version, device identifiers, time zone setting, operating system, and platform.

  • Usage data: information about how you use our website, such as pages viewed, links clicked, and time spent on pages.

  • Marketing and communication data: your preferences for receiving marketing from us and your communication preferences.

We do not intentionally collect special categories of personal data (such as health data) through this website.

3. How we collect personal data

We collect personal data in the following ways:

  • Directly from you: when you create an account, place an order, subscribe to our newsletter, contact us, or fill in forms on our website.

  • Automatically: through cookies and similar technologies when you browse our website (for example, to collect technical and usage data).

  • From third parties: analytics providers, advertising networks, payment processors, and delivery partners, where permitted by law.

4. Purposes and legal bases for processing

We process your personal data only when we have a valid legal basis under the EU GDPR and UK GDPR. The main purposes and legal bases are:

  • To provide our products and services

    • To register you as a customer, process and deliver your orders, manage payments, fees and charges, and handle returns and refunds.

    • Legal basis: performance of a contract with you.

  • To manage your account

    • To create and manage your online account, authenticate you, and maintain order history.

    • Legal basis: performance of a contract; our legitimate interest in providing account functionality.

  • To provide customer support

    • To respond to your enquiries, requests, and complaints.

    • Legal basis: performance of a contract; our legitimate interest in providing customer service.

  • To send marketing communications

    • To send you emails or messages about products, offers, promotions, and news where you have subscribed or where permitted by law.

    • Legal basis: your consent (where required); our legitimate interest in promoting our business where consent is not required.

    • You can withdraw your consent or opt out of marketing at any time by using the unsubscribe link in our emails or contacting us.

  • To personalise and improve our website

    • To analyse how visitors use our website, improve performance and user experience, and develop new features and products.

    • Legal basis: our legitimate interest in running and improving our business.

  • To ensure security and prevent fraud

    • To keep our website, services, and users secure, detect and prevent fraud, abuse, or illegal activity.

    • Legal basis: our legitimate interest in ensuring security; compliance with legal obligations.

  • To comply with legal obligations

    • To meet our obligations under tax, accounting, consumer protection, and data protection laws.

    • Legal basis: compliance with legal obligations.

Where we rely on consent, you are free to withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. Cookies and similar technologies

We use cookies and similar technologies to operate and improve our website, remember your preferences, and analyse traffic. Cookies are small text files placed on your device when you visit our website.

Types of cookies we may use include:

  • Strictly necessary cookies: required for basic site functionality, such as adding items to your cart and completing checkout.

  • Performance and analytics cookies: help us understand how visitors use our website so we can improve it.

  • Functional cookies: remember your preferences, such as language or region.

  • Advertising and social media cookies: used to deliver personalised ads and enable social media features, where applicable.

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You can manage your cookie preferences through our cookie banner or your browser settings, but disabling certain cookies may affect website functionality.

6. How we share personal data

We may share your personal data with the following categories of recipients, only to the extent necessary and subject to appropriate safeguards:

  • Service providers: such as website hosting, IT support, payment processors, order fulfilment and logistics companies, email service providers, marketing and analytics providers.

  • Professional advisers: such as lawyers, accountants, auditors, and insurers, where necessary for legitimate business purposes.

  • Public authorities: regulators, law enforcement, or other authorities, where required by law or to protect our rights or the rights of others.

  • Business transfers: in connection with a merger, sale of assets, restructuring, or acquisition, where personal data may be transferred as part of the transaction.

We require all third parties that process personal data on our behalf to protect it and to process it only according to our instructions and applicable law. We do not sell your personal data.

7. International data transfers

If your personal data is transferred outside the European Economic Area (EEA) or the United Kingdom, we will ensure that an adequate level of protection is provided. This may include:

  • Transfers to countries that have been recognised as providing an adequate level of data protection by the European Commission or UK government.

  • Use of standard contractual clauses approved by the European Commission or UK authorities, with supplementary measures where necessary.

  • Other appropriate safeguards permitted by data protection law.

You can contact us for more information about the specific safeguards used for international transfers.

8. Data retention

We keep your personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typical retention periods are:

  • Customer account data: for as long as your account is active and for a reasonable period afterwards (for example, up to 6 years) to handle queries, disputes, and legal claims.

  • Order and transaction data: kept for at least the period required by tax and accounting laws (often up to 10 years in some jurisdictions).

  • Marketing data: kept until you withdraw your consent or object to processing, or for a defined period of inactivity.

  • Technical and analytics data: kept for a shorter period necessary for analysis and security, typically no longer than 24–36 months, unless required for security or legal reasons.

When data is no longer needed, it will be securely deleted, anonymised, or aggregated so that it can no longer identify you.

9. Your rights under EU and UK data protection law

If you are in the EU or UK, you have the following rights regarding your personal data, subject to certain conditions and exceptions:

  • Right of access: to obtain confirmation whether we process your personal data and to receive a copy of it.

  • Right to rectification: to have inaccurate or incomplete personal data corrected.

  • Right to erasure: to request deletion of your personal data where there is no good reason for us to continue processing it (also known as the “right to be forgotten”).

  • Right to restriction: to request that we restrict the processing of your personal data in certain circumstances.

  • Right to data portability: to receive the personal data you provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.

  • Right to object: to object to processing based on our legitimate interests or for direct marketing at any time.

  • Rights related to automated decision-making: to request meaningful information about automated decisions that significantly affect you and, where applicable, to request human review.

To exercise these rights, please contact us using the details in section 1. You also have the right to lodge a complaint with a supervisory authority, such as your local data protection authority in the EU or the Information Commissioner’s Office (ICO) in the UK.

10. Children’s privacy

Our website is not intended for children under 16 years of age, and we do not knowingly collect personal data from children under this age. If you believe that a child has provided personal data to us, please contact us so that we can delete it where required by law.

11. Security of your personal data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption, secure storage, regular security reviews, and staff training. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Third-party websites

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those websites, and we are not responsible for their privacy practices. You should review the privacy policies of any third-party websites you visit.

13. Marketing communications

If you subscribe to our newsletter or agree to receive marketing messages, we will use your contact details to send you information about our products, offers, and events. You can withdraw your consent or opt out of marketing at any time by clicking the unsubscribe link in our emails or by contacting us. Even if you opt out of marketing, we may still send you non-marketing messages related to your orders or account.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technical developments. When we update the policy, we will revise the “Effective date” at the top and, where appropriate, notify you by email or through a notice on our website.

Please review this Privacy Policy periodically to stay informed about how we protect your personal data.