BioGaia Probiotics - Privacy notice

General

BioGaia AB (“BioGaia”) is committed to respecting and protecting your privacy.

This privacy notice sets out how BioGaia processes your personal data for example in conjunction with your use of biogaiagroup.com (our “Site”). It also explains your privacy rights and how to the law protects you.

We process your personal data primarily so that you can communicate with us and for evaluation of the Site. In some cases, we will also process your data for marketing purposes or to fulfil a legal obligation. More details in this respect are set out below.

About us

BioGaia is the personal data controller for the company’s processing of personal data. All personal data is collected and processed in accordance with Regulation (EU) 2016/679 (the “GDPR”).

If you have questions about how we process your personal data, or if you wish to exercise your rights, you can contact us using the contact information below:

BioGaia AB
Corp. ID No. 556380-8723
P.O. Box 3242
SE-103 64 Stockholm
e-mail: [email protected]

What is personal data, and what is processing?

Personal data is information that, either directly or indirectly, can identify a physical person. Personal data can thus be names, addresses, e-mail addresses, personal identification numbers, IP addresses, and so on. Processing is everything we do with your personal data. For example, processing can be collection, storage, registration, sorting, revision, transfer or erasure of data.

What personal data do we collect, and why?

BioGaia collects personal data only for specific purposes. Those purposes, together with our legal basis for processing the data, and the relevant data retention periods, are set out below:

Job applications
When you apply for a job at BioGaia, we collect your name, contact details, e-mail address and CV.
Purpose: To evaluate and make decision regarding recruitment of new employees.
 Legal basis: The processing is our legitimate interest to evaluate and offer a jobseeker employment at BioGaia.
Storage period: Your personal data is stored as long as it’s necessary for the recruitment process.

Business partners
To manage our existing business relations, and to evaluate potential business partners, we collect data regarding your name and e-mail address.
Purpose: We will also use your personal data to fulfil our contractual obligations with our business partners.
Legal basis: To manage our business relations is supported by our legitimate interest as a business.
Storage period: Your personal data is stored 7-10 years, in accordance with applicable accounting regulations and for the protections of our legal rights.

Marketing via newsletter
When you sign up for our newsletter, we collect data regarding your name and e-mail address in order to provide you with relevant information about BioGaia and our products.
Purpose: Letting you know about BioGaia and our products that could be of interest to you.
Legal basis: Your consent when signing up for the newsletter.
Storage period: Your personal data is stored until you unsubscribe from our newsletter, and for two months afterwards.

Shareholders and Annual General Meeting
When you register as a shareholder, when you interact with us in relation to your shareholding in BioGaia, and registrations of participants of the annual general meeting, we collect data regarding your name, social security number, and e-mail address. If you are a major shareholder, we may also process your personal data by publishing names and shareholdings in annual reports and on our Site.
Purpose: To provide you with relevant information as a shareholder and to be able to attend the annual general meeting.
Legal basis: Legal obligation,
Storage period: Your personal data is stored in accordance with applicable regulations and as long as it is needed to fulfil the purpose of the processing. Personal data for registrations of participants of the annual general meeting is stored for 12 months.

Analysis, development and operations of the Site and our services
For the purpose of developing our operations, we collect data about your user behavior.
Purpose: We do this in order to: i) evaluate, develop and identify how you use the Site; ii) detect, prevent and investigate fraud and security monitoring; and iii) develop and improve our business operations.
Legal basis: Processing is necessary in order to satisfy our legitimate interest in developing and operating the Site.
Storage period: Personal data is stored for two years.

We also use cookies to collect personal data about your behavior on the Site. For more information about cookies, see below.

Who do we share personal data with?

BioGaia may share your personal data with third parties. These parties are either

Data Processors

These are allowed to process personal data only for the specific aims and purposes defined by us. Our processors, and the data they receive, include:

– Platform and technology suppliers: IP addresses, contact information and purchase history

Data controllers

These companies use personal data for their own purposes and are independently responsible to you for the personal data processing they carry out.

BioGaia may share your personal data with:

– other companies in the BioGaia Group, if required for completion of the purposes and the legal basis indicated above; and

– government agencies, to the extent that it results from law or other legal obligation incumbent upon us.

On rare occasions, we may share personal data when we believe it is necessary to comply with the law, regulation or legal request (including a court order or government inquiry), or to enforce or apply our terms of use or other agreements. In addition, we may use, make available or transfer personal data to third parties in conjunction with reorganisation, merger, sale, joint venture, conveyance, transfer or other disposition of all or part of our operations, assets or shares (including in conjunction with bankruptcy or similar proceedings).

Our ambition is for your personal data to always be processed within the EU/EEA.

In the event that personal data for which BioGaia is responsible is to be transferred to a country outside the EU/EEA, we will only do so in those cases where the transfer country and recipient are deemed to maintain an adequate level of protection under the rules of the GDPR, or the transfer takes place in accordance with the standard contractual clauses as defined by the EU Commission to regulate such transfers.

Third country transfers

If you interact with us on social media, this means that your personal data – your picture and name, for example – will be transferred to a country outside the EU/EEA, normally the US. The transfer will take place in accordance with applicable privacy protection legislation, including the GDPR. However, the GDPR is not valid in the third country, which could entail an increased risk as regards privacy, concerning situations such as the possibility of government authorities in the third country having access to your personal data and your possibilities of exercising control over your personal data. This transfer is necessary in order for you to be able to contact us on social media so that we can fulfil your request.

The transfer between us and social media services is based on the EU Commission’s standard contractual clauses, and is supplemented with technical and organisational protective measures. Read more about the EU Commission’s standard contractual clauses here.

If you accept cookies and other similar technology for marketing and/or analysis such as the Facebook pixel or Google Analytics, your personal data may be transferred to a third country – more specifically, the US. The transfer then takes place based on the consent you provide when you accept the use of cookies. To terminate future transfers to third countries, you can contact us using the contact information below, or block all cookies via the settings in your web browser. More information on blocking cookies is available on your browser’s help pages. You can also read more about cookies in our cookie notice; see below.

How is your personal data protected?

All personal data you provide to us is protected using both organisational and technical security measures. These measures are used to store, process and communicate the data securely. In the event that you would like to know which security measures we apply, you can contact us using the contact information above.

Your rights

Right to access

You can always request access to your personal data, which includes the right to request information on where we retrieved the data from, the scope, and which recipients your personal data has been distributed to, as well as the legal basis.

Right to erasure

You also have the right, in certain cases, to demand that we erase some or all of your personal data, provided that it is not necessary for us to retain this data in order to fulfil our legal obligations. You have the right to request that your data be erased if:
–       your personal data is no longer necessary for the purpose behind the processing;
–       you withdraw your consent on which the processing is based;
–       you object to the processing and we are not considered as having a legitimate interest;
–       the personal data has been processed unlawfully.

To the extent that continuing to process your personal data is necessary – for example, to fulfil our legal obligations – we are not obligated to remove your personal data. This means that some information may be stored until we are no longer obligated to process it.

Right to rectification

You have the right to have erroneous personal data concerning you corrected without unnecessary delays. When you discover errors in the data about you that we have registered, you can contact us via e-mail to have your data corrected. You also have the right to supplement incomplete data that we have on you.

You must provide us with correct data and inform us in the event your data changes so that we can update it in accordance with the GDPR.

Right to limitation

You have the right to request that we limit our processing of your personal data. A limitation can be imposed for several reasons.
–       If we cannot fulfil your request for erasure owing to our legal obligations, you can request limited processing of the data we have.
–       If you believe that the data we have on you is incorrect and request correction, you can request limited processing during the time we take to check whether the personal data is correct.
–       If you objected to a legitimate interest, you can request limited processing during the time we take to check whether our legitimate interest outweighs your interest in having the data erased.

Data portability

Under certain conditions, you have the right to extract and transfer your personal data in a structured, generally used and machine-readable format to another personal data controller. One condition for data portability is that the transfer is technologically possible and can take place automatically, and that BioGaia processes your personal data on the basis of your consent or to fulfil an agreement.

Right to object

You have the right to object at any time to our processing of your personal data on the basis of legitimate interest. Continued processing of your personal data requires that we demonstrate a legitimate reason for the processing in question. Otherwise, we can only process the information to establish, exercise or defend a legal claim. You also have the right to object to direct marketing, including profiling.

Right to withdraw consent

In the event we base our processing on your consent as a legal basis, you can withdraw your consent at any time either by contacting us or by unsubscribing from our online mailings.

Right to complaint

If you feel we are processing your personal data incorrectly, you can submit a complaint to our supervisory authority, the Swedish Authority for Privacy Protection (www.imy.se).

Contact information

If you wish to exercise any of your rights, please contact us via e-mail at [email protected]. In the event you request that your personal data be erased, it is not certain that we will be able to communicate with you in accordance with the above.

Minors

This Site is not aimed at persons under the age of 18 years, and we will not process personal data that could be linked to minors.

Changes

We have the right to change this privacy notice at any time by publishing a new version on the Site. In the event it is required, we will inform you of current changes. This privacy notice was updated on 19 August 2022.

Cookie	Duration	Description
__extblt	1 year	This cookie is used to be able to launch new site functionality to a smaller part of the visitors.
_abck	1 year	This cookie is used to detect and defend when a client attempt to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions.
ak_bmsc	2 hours	This cookie is used by Akamai to optimize site security by distinguishing between humans and bots
bm_sz	4 hours	This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions
cart_currency	14 days	Shopify sets this cookie to remember the user’s country of origin and populate the correct transaction currency.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
productCountry	session	This cookie is used to display the products in the country of each site visitor on the Product main page.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
_mcid	1 year	This is a Mailchimp functionality cookie used to evaluate the UI/UX interaction with its platform
localization	14 days	Flickr sets this cookie to to track usage of photo galleries embedded from Flickr.
xtc	1 year 1 month	AddThis uses this cookie to register the user’s sharing of content via social media.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjSession_1654128	30 minutes	No description
_hjSessionUser_1654128	1 year	No description
_parsely_session	30 minutes	This cookie is used to track the behavior of a user within the current session.
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
uvc	1 year 1 month	Set by addthis.com to determine the usage of addthis.com service.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.