Last updated: June 22nd 2018

Introduction

This Privacy Policy applies to all customer and marketing related activities within Biotec BetaGlucans AS and details how and when we collect and process Personal Data.

Please read this policy carefully to get a clear understanding of how we collect, process, protect and otherwise handle your Personal Data.

Data owner and contact information

Data owner:
Biotec BetaGlucans AS
Company reg no: NO 996 327 191 MVA

Address:
PO Box 6463,
Sykehusveien 23
N-9294 Tromsø

Phone number:
+47 77 64 89 00

Main website:
https://biotec.no

Email:
Contact email for privacy related questions: dpo@biotec.no

Brief overview

This overview is meant to serve as a summarized display of what type of data is collected, when it is collected and through which service or 3rd party provider. For details, please see full policy further down:

Information collected through the use of our Websites

Server access and error logs
Collected data: IP address
Data processor: WP Engine (3rd party service)

Cookies – Website Analytics
Collected data: Anonymised IP address, page view events, shopping cart additions and removals, purchases and location (by region, not exact)
Data processor: Google Analytics

The above is the only cookie that collects personally identifiable data. For information about all cookies on our website, please see our cookie policy.

Website Forms – excluding Mailing list subscriptions
Collected data: Name, address, phone number, email address and message
Data processor: Data owner

Webshop registration
Collected data: Name, address, phone number, email address
Data processor: Data owner

Webshop Payment solution
Collected data: Cardholder’s name, credit card number, credit card expiry date and CVC code, address, email address, order id and purchase amount
Data processor: Stripe.com

Information collected through general contact and order management
Collected data: Name, address, phone number, email address, email- and order content
Data processor: SuperOffice, Office365


Full Privacy Policy

The processing of personal data should always be compliant with EU’s General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to Biotec Pharmacon ASA and its subsidiaries.

Personal data is information that can identify you personally, as in your name, address, email, phone number etc. Through this Privacy Policy we want to inform you, as the data subject, of the nature, scope, and purpose of our collection, use and processing of personal data. Furthermore, if you are a EU/EEA citizen, we want to use this Privacy Policy to inform you of your rights according to GDPR.

1. Collection and use of Personal data

Visiting our websites
Our websites are hosted with the 3rd party service WP Engine. When visiting one of our websites, your IP address will be stored in their server logs for a limited period of time for the purposes of ensuring network and information security.

We use the 3rd party service Google Analytics to collect information about visitors and behavior patterns through anonymized IP addresses. This information helps us to better understand user engagement on our website, pages viewed, documents downloaded, products purchased and the user’s location. We use this information in aggregate to help with making future decisions relating to the website content and design.

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow this) These cookies enable the site’s or service provider’s systems to recognize your browser and capture and remember certain information.

We use cookies on our websites to:

  • Help remember and process the items in the shopping cart.
  • Understand and save user’s preferences for future visits.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.

If you disable cookies, some features will be disabled. This won’t affect your experience of our site but it will make some of our services not function properly.

We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Submitting website forms
There are several forms available on our websites that provide you with the possibility to contact us with different types of inquiries. If you choose to fill in and submit one of these forms, we will collect one or more of the following data (depending on the type of form): your email, name, address, occupation, company/organization and country. This data will only be used for the purpose of responding to that particular request.

In the case that you should submit a comment to one of our blog posts, your name, email address, IP address and comment are recorded. Your name and comment are used for display on the blog post itself, while your email and IP addresses are used internally to combat spam on our websites.

Registering and ordering through our Webshop
If you register in one of our webshops, we will collect your name, address, email and phone number for the purpose of processing your orders. See below under “General contact, order and contact management”

If you pay for a webshop order through credit card, the payment process will be handled by the 3rd party service Stripe. Stripe will collect your name, address, phone number and credit card information for the purpose of processing your payment. We do not store any credit card information on our hosting servers.

General contact, order and contact management
We use Superoffice and Office365 in our order processing routines for email archiving and contact management.

2. Automated decision making

We do not use automatic decision-making or profiling

3. Third party disclosure

We use the third party providers listed in this Privacy Policy to operate our website and conduct our business, and we maintain data processing agreements with these providers to ensure your privacy rights.

Data transfers made to servers outside of Norway and the EU will comply with the secure data transfer rules under the General Data Protection Regulation or the Privacy Shield Frameworks developed between the EU and USA. If there is a change in our use of third party providers affecting your personal data, this Privacy Policy will be updated accordingly

We do not sell, trade, or otherwise transfer your personal data to outside parties unless we provide you with advance notice. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

4. Data retention period

The period your personal data is stored and processed for, will depend upon the purpose behind the data collection, which consent was given and the current legislation. We will only process and store your personal data for the period necessary to achieve the purpose of storage, or as far as this is granted by the laws or regulations to which we are subject to.

If the storage purpose is not applicable, or if a storage period prescribed by legislation expires, the personal data are routinely blocked or erased in accordance with legal requirements.

5. Security

Our websites are scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our sites as safe as possible.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit card information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

6. Your rights as a data subject

  • Right of access and confirmation
    You have the right to obtain confirmation as to whether or not your personal data is being processed and to obtain a copy of the information that is being processed.
  • Right to be forgotten
    You have the right to have your personal data erased, if one of the following applies:

    • Processing of the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
    • If you withdraw your consent to which the processing was based and where there is no other legal ground for the processing
    • If the personal data has been unlawfully processed.
  • Right to rectification
    You have the right to rectification of inaccurate personal data
  • Right to withdraw consent
    You have the right to withdraw your previously given consent to processing your personal data at any time
  • Right to data portability
    You have the right to receive your personal data in a structured, commonly used and machine-readable format or to have it transmitted to another data controller, as long as the processing is based on consent or a contract, and the processing is carried out by automated means
  • Right to object
    You have the right to object to processing of your personal data if the processing is based on a different legal basis than consent. We shall no longer process your personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
  • Right to complain
    If you have questions or concerns regarding the way we handle your personal data, please contact us by email, phone or post. If you remain dissatisfied, you have the right to complain to your data protection authority.

If you want to exercise one or more of the above rights, please contact us at the email address, phone or postal address stated at the top of this Privacy Policy.

7. Changes to this Privacy Policy

When we make changes to our Privacy Policy you will be notified on our Privacy Policy page. If the changes are significant, we may also post a notice on our websites and social media accounts.