Biofy Privacy Policy

Biofy Privacy Policy

Update July 2023
Biofy Privacy Policy describes the collection, usage, and sharing of personal data from individuals who interact with our services, express interest in biofy or its offerings, or are the target of our marketing efforts. It also includes details about your rights as a data subject and provides contact information for any inquiries you may have.
The scope of this Privacy Policy is limited to biofy's own practices and does not extend to other businesses or Third Party Services that are not owned or controlled by biofy. These Third Party Services may include websites, services, or applications that can be accessed through biofy's Services. We recommend reviewing the privacy policies of any Third Party Services you use or access. Please note that the content and privacy policies of Third Party Services are beyond our control, and any third-party policies linked to this Privacy Policy are provided for informational purposes only and do not imply our endorsement or responsibility for their content or practices.
Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws. If you are a United States resident of California, Virginia, Colorado, Connecticut or certain other U.S. states, please see the sections titled California Privacy Rights, and Virginia/Colorado/Connecticut and certain other U.S. State Privacy Rights for specific disclosures with respect to our collection, use, and disclosure of your information and additional rights you have under applicable U.S. laws.

ACCESSIBILITY: IF YOU ARE HAVING ANY TROUBLE ACCESSING THIS PRIVACY POLICY, PLEASE CONTACT US AT [email protected]

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a comprehensive data privacy regulation that empowers individuals in the European Union (EU) to have greater control over their personal information. As a user of biofy.bio, it’s essential for you to know that we are committed to protecting your privacy and complying with the principles set forth by the GDPR.

What does this mean for you?

1. Transparency: We believe in transparency about how your data is collected, processed, and stored.

2.Control: You have the right to control your personal information. This includes the right to access, correct, and, in certain circumstances, delete your data.

3.Security: We take the security of your data seriously. We implement measures to ensure the confidentiality, integrity, and availability of your information.

4.Legal Grounds: We process your data based on lawful grounds, such as your explicit consent, the necessity for contractual obligations, legal compliance, or our legitimate interests.

5.Your Rights: Under the GDPR, you have rights, including the right to access your data, request corrections, and object to certain processing activities.

6.Data Breach Notification: In the unlikely event of a data breach, we will promptly inform you and the relevant authorities.

7.International Data Transfers: If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place.

Our Commitment:

Your privacy matters to us, and we are dedicated to upholding the principles of the GDPR. If you have any questions or concerns about how we handle your data, feel free to contact us.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA) is a privacy law that enhances and expands upon the existing California Consumer Privacy Act (CCPA). At biofy.bio, we want you to be informed about your privacy rights, and we are committed to complying with the CPRA.

Key Aspects of CPRA:

1.Expanded Rights: The CPRA introduces new rights for California residents, including the right to restrict the use of sensitive personal information and the right to correct inaccurate data.

2.Sensitive Personal Information: CPRA introduces a category of sensitive personal information, giving you more control over how such data is processed.

3.Opt-Out of Automated Decision-Making: You have the right to opt-out of businesses’ use of automated decision-making technology that may have legal or significant effects on you.

4.Data Retention Limits: The CPRA imposes limits on the retention of personal information, promoting responsible and secure data management practices.

ng elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Your Control and Choices:

1.Access and Deletion: You have the right to request access to the personal information we hold about you and the deletion of that information.

2.Opt-Out of Sales: If we engage in the sale of your personal information, you have the right to opt-out.

For any quires please contact us at` [email protected]

Our Commitment:

We value your privacy and are committed to upholding the rights afforded to you by the CPRA. If you have any questions or concerns regarding your data, please don’t hesitate to contact us.

Contact Information

Our Privacy Policy describes the collection, usage, and sharing of personal data from individuals who interact with our services, express interest in biofy or its offerings, or are the target of our marketing efforts. It also includes details about your rights as a data subject and provides contact information for any inquiries you may have.

Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws. If you are a United States resident of California, Virginia, Colorado, Connecticut or certain other U.S. states, please see the sections titled California Privacy Rights, and Virginia/Colorado/Connecticut and certain other U.S. State Privacy Rights for specific disclosures with respect to our collection, use, and disclosure of your information and additional rights you have under applicable U.S. laws.

If you have any questions about this Privacy Policy, please contact us by email: [email protected]

biofy Group Services

biofy Services biofy collects personal data about you from the following sources, as described in this Privacy Policy, when you (i) register for the Site and the Services, through your user account with biofy, including registering through a third-party service (your “Account”); (ii) use the Services; or (iii) view or interact with a biofy link, QR Code, Link in Bio or other biofy Product (either our biofy.io links or one of our branded domains) on a third-party website. We collect the following types of information from you, some of which might be considered personal data under applicable law:

When You Register for a biofy Account

When you create an Account, we collect the personal data from you, such as your name, phone number, company name, industry, job title, company size, email address, phone number and sign-in information. If you create an Account using your login information from a third-party account, such as Google, Facebook, Apple, or Twitter, we will access and collect the personal data about you that the third-party account provides (which is based on your privacy settings with the third-party account), so that you can log into your Account with us. We use your contact information to send you information about our Services and communicate with you about your Account, your activities on our Site and Services and policy changes. You may unsubscribe from receiving certain types of these messages through your Account settings, although biofy reserves the right to contact you when we believe it is necessary, such as for administrative and account management purposes.

We may receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.

You have the opportunity to add sub-users to your Account. If you create a sub-user, the following personal data of the sub-user will be processed: Name, email address, IP address of the user’s device, date and time of sub-user creation, login information, employer, phone number.

Some features of the Services allow registered users to provide their own content to the Services, such as written descriptions of URLs, comments, images and video. Unless you request deletion of your personal data as described in this Privacy Policy, all content submitted by you to the Services may be retained by biofy, even after you terminate your Account and may continue to be shared by third parties, as described in this Privacy Policy.

When you create a biofy Link, QR code or Link in Bio (collectively “biofy Products”)

One feature of the Services is the ability to create shortened uniform resource locators (URLs) of websites, QR codes linking to a URL, or a Link in Bio linking to a URL (“biofy Products”). When you create a shortened link, QR code, Link in Bio or other biofy product, biofy collects and stores both the original URL and any shortened URL and, if you are logged in to your Account, we will associate that information with your Account. biofy also collects and stores your IP address, your geolocation data (which we derive from your IP address), the time and date on which you shortened the original URL and/or created the biofy Product, and if you share a biofy Product on a social networking platform, the name of the platform and your username on that platform.

When You Interact With a biofy Product

biofy automatically collects personal data about the interaction (such as clicks or views) with every biofy Product created through the Services (either our biofy.io links or one of our branded domains) on a third-party website. This information includes, but is not limited to: (i) the IP address and location derived from the IP address; (ii) internet or other electronic network activity information like the referring websites or services; (iii) the time and date of each access; (iv) device settings, such as browser type, operating system, and language; and (v) cookies, as described in our cookie policy, and mobile advertising identifiers. As described in this Privacy Policy, we use this personal data to provide the Services, to understand and analyze how our Services are used and to identify trends, and to detect, deter and prevent malicious, fraudulent or unlawful activity. Please see the “Information We Share” section below for a description of how we may share information we collect when you create, view or interact with biofy Products.

Usage Across Devices

We use the information we collect to make inferences that a unique individual has created or interacted with biofy links, QR codes or Links in Bio on different devices so that we can detect, deter and prevent malicious, fraudulent or unlawful activity and analyze how users use our Services. For example, if you created a biofy Product on a computer connected to your residential WiFi network, and you soon thereafter clicked on a biofy Product on a mobile device connected to the same WiFi network, we may infer that a single individual created and clicked on the biofy Product because both events were associated with the same IP address in the same time period.

Other Uses

We also may use personal data to pursue legitimate interests, such as direct marketing, research (including marketing research), network and information security, prevention of fraudulent, malicious and unlawful activities, or any other purpose, as disclosed to you at the time you provide personal data or we contact you for the first time.

Information We Share

The Services are designed to help you share information with others. The following categories of personal data generated through your use of the Services are shared publicly, within biofy and with the following categories of third parties for the business purposes described below.

biofy Group Companies – Personal data related to your Account and possible subscriptions for Services of biofy Europe will be shared within biofy to be used for our joint purposes as described under “Data Sharing and Joint Processing within biofy”. Please note that if you hold a biofy Account(s) and/or use biofy Services managed by us or other biofy entities, such personal data is combined with personal data collected in connection with biofy Services. Sharing and combining the personal data is based on biofy’s legitimate interests in finding synergies generated from performing, planning, and developing business in group level, and in promoting sales by cross and up-selling complementary products of group companies.

biofy Products You Create – Much of your activity on and through the Services is public by default. For example, when you create a biofy Product, the original URLs you have shortened and the corresponding biofy Product are publicly available, including the possibly included personal data.

Account Information – Where permitted by law, if you register a biofy Account with an email address on a domain owned by an organization, (for example, an employer or educational institution where you have an email account), we may share your email address and information about your Account, such as the number of links you have created, with that organization to explore the organization’s interest in creating or managing an enterprise account or for related purposes.

Customer Support – We use various tools for communication and to provide you with customer support. To use customer support, you must provide at least one valid email address. This data processing can include the following data: Name, email address, contract information, job title, employer, customer ID, payment information, communication data. Data is processed to provide the services, offer customer support, communication with interested persons, responding to inquiries and customer relationship management. If the purpose of the contact is to conclude a contract or if you already have an account then we retain your information as needed to verify and provide you access to the services. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, to the extent further storage is not permitted or required by law. Personal data collection in connection with customer support will be shared within biofy to be used for our joint purposes as described under “Data Sharing and Joint Processing within biofy.

Email Verification – We use an email verification service. The email address of a user is processed for the purpose of verification and to filter invalid and spam email addresses/domains. All email addresses which are provided to the verification service by us are automatically deleted after the verification process.

Email Marketing – For some services, we use email marketing providers to send transactional emails. When you register for our services, the data you enter during registration is transferred to our email marketing provider. This enables us to send you relevant emails, e.g. to confirm your registration or unsubscribe from our services. Further personal data may be stored and evaluated as a result, especially the user’s activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and operating system). For this purpose, your data will also be stored by our email marketing provider. Your data will not be passed on to third parties for the purpose of sending mails within the scope of using our services, nor will the vendor obtain the right to pass on your data.

Information You Elect to Share – When creating a biofy Product, you can share that biofy Product through Third Party Services. Any information that you elect to distribute through Third Party Services, such as a social network post you create, may then become accessible to users of those services. You can also access other Third Party Services through the Services, for example by clicking on links in the Statistics page for a biofy Product. We recommend that you review the terms of services and privacy policies of such Third Party Services that you access through the Services since biofy does not control and is not responsible for the privacy practices of these Third Party Services.

Information Shared with Service Providers – We may employ and contract with third parties to perform certain tasks on our behalf and under our direction (our “Service Providers”). We may need to share information about you with our Service Providers in order to fulfill certain business purposes, like providing our product with research and analytics on user behavior and providing advertising products and services to users, processing payments, and providing email marketing and support services. Our agreements with these Service Providers authorize them to use your information only as necessary to provide services to us. Transfers to subsequent third parties are covered by our agreements with our service providers.

Payment Processing – For the transmission and verification of purchases, the data processed include bank account details, billing/shipping address, card expiration date, customer name, CVC code, date/time/amount of transaction, device ID, email address, IP address/location, customer ID, payment card details, tax ID/status, unique customer identifier. We share your data in these cases to allow the payment processing services necessary to process the payments for your account.

Service Optimization – We use a variety of third party vendors in order to optimize our service. Vendors are used to evaluate the flow of visitors to our online offerings and may include behavior, interests or demographic information about visitors as pseudonymous values. With the help of these analyses, we can recognize, for example, which online offer, content or functions of our products are most frequently used or invite re-use. Likewise, we can understand which areas need optimization. Software may be used for analyzing and optimizing online offerings based on feedback functions and pseudonymously performed measurements and analyses of user behavior. In addition to web analytics, we may also use testing procedures, for example, to test and optimize different versions of our online offering or its components.

This processing may include IP address, random unique identifiers, experiment and event data associated with these identifiers (such as device type, variation and experiment IDs, browser and OS version and elements of the site being tested), device screen resolution, device type (unique device identifiers), operating system, browser type, geographic location (country only), preferred language, mouse events (movements, location and clicks), referring URL and domain, pages visited, date and time when website pages were accessed. The legal basis for the processing of personal data is the user’s given consent. In certain cases, your data will be processed on the basis of our legitimate interests of providing efficient, economical and recipient-friendly services and the improvement of our service.

Single Sign On – For some services, we allow users to elect to use single sign on services such as Google OAuth. Single Sign on Services allow users to log in to other online presences with their profile without having to create separate accounts.

Tax and Legal – Your personal data may be transferred to third parties for tax and legal reasons. Possible recipients are professionals (e.g. lawyers, tax consultants and auditors). In addition, data may be transferred to authorities (e.g. tax authorities) for tax and legal reasons. Such data transfer only takes place to recipients who are legally bound to secrecy.

The data may include the email address, IP address of the user’s device, date and time of registration, login information, address, contract information, payment information.

We have a legitimate interest in sharing personal data with professional consultants and auditors for the purpose of appropriate tax and legal consultation, and in some cases we are legally required to share this data.

Trust & Safety Compliance – We may share certain biofy links, QR Codes, Link in Bio and/or related URLs, and the data collected when you create or interact with a biofy Product to help detect, deter and prevent malicious, fraudulent or unlawful activity.

With Your Consent – We will share information about you when you direct or otherwise instruct us to do so, such as when you share QR Codes or content with others through the Services, if you intentionally use or direct us or the Services to interact with third parties, or if we notify you that the information you provide will be shared in a particular manner and you provide such information (like sharing/posting it with a third-party Service).

The legal basis for processing of customer data for the Services and related communications is that the processing is necessary for performance of the requested service and management of the customer relationship subject to biofy Terms of Service. The legal basis for other communications with the customer, such as marketing, is our legitimate interests to promote sales and increase awareness of biofy Services, and communicate with our interest groups. Where such communications require consent, for example if we wish to market via email our Services to a new customer who is a natural person in the EU, the legal basis is your consent. The legal basis for improving, monitoring and analyzing the Services, and to prevent malicious, fraudulent or unlawful activity is our legitimate interests to ensure security and lawfulness of our Services, including protecting data of our customers and users, and preventing unauthorized or wrongful use.

This personal data is used to authenticate users to allow access to biofy’s Services, to identify users to provide customer support, and store events and log information about your use of the Services for purposes of audit in case of a security or other incident to have a trail of actions performed by us and our users, to maintain support records, to promote sales and increase awareness of biofy’s Services, and for purposes of service and product improvement, and to prevent malicious fraudulent or unlawful activity. The data is removed upon request, except for data (such as user name) stored in application logs and audit trails, which are deleted according to our standard data management cycle. We retain the personal data we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable legal obligations. Aggregated data sets that do not contain personal data are stored for an indefinite period for the purpose of business analysis. The personal data is erased from or anonymized in our systems upon request of the data subject or the customer they represent, or if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the data subject, whichever occurs first.

Contracts, Purchase Orders and Invoicing

For any individual that acts as the contact person for our customer, supplier, partner or other entity that we conduct or wish to conduct business with, we process the following information:

  • Basic information (such as name, title, company name, work location and contact information)
  • Business connections
  • Communications

The individual acting as the contact person in a primary source of information, but the personal data may also be collected from your employees, your colleagues, and our (other) customers, suppliers and partners. The personal data is used to discuss business, pursue business opportunities, send notifications related to our services and otherwise communicate with you, contracting, invoicing and making payments. The processing is based on our legitimate interests to comply with contractual obligations, or the terms of agreements we have (or have had), maintaining relationships, and operating our business. In addition, the invoicing related personal data will be used in accounting and reporting, which processing shall be based on our obligations under the law.

 

Website and Contact Requests

biofy Inc and biofy Europe process personal data gathered when you use or access their respective websites, including any and all subdomains of the sites (each “Site”, as applicable), respectively.

Each time Site is accessed, our system automatically collects data and relevant information from the computer system of the calling device.

The following data is collected:

  • Browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The IP address of the user
  • Date and time of access
  • Web pages from which the user’s system accessed our website
  • Web pages accessed by the user’s system through our website

This data is stored in the log files of our system. This data is not stored together with other personal data of the user. The temporary storage of the IP address by the system is necessary for the delivery of the website to the computer of the user. For this purpose, the user’s IP address must be kept for the duration of the session. The storage in log files is done to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our IT systems. An analysis of this data for marketing purposes does not take place. The legal basis for the temporary storage and other processing described above of data and logfiles is our legitimate interest to maintain functionality and ensure security of our website.

If you subscribe to our newsletter, request materials available from the website, send us a contact request, interact with our chat bot or otherwise contact us, we will likely add you to our list of commercial contacts. Please see the section “Newsletter, Events and Marketing” of this Privacy Policy to learn more about personal data processing in that regard. Please note that our services and resources are designed for business customers only (and should not even be interesting to consumers), and thus we presume that everyone contacting us and interested in our services represent a business, not a private individual. Personal data derived from our websites and contact requests are deleted upon request of the contact, if the data is identified as out of date, or if the contact is no longer deemed a suitable candidate for our services.

If you connect with us using various social media platforms and/or professional networks, please note that biofy does not control or have influence over how those platforms process your personal data. We recommend that you contact those third party platforms directly for information on their processing. Here are some links for your convenience:
Twitter: 
YouTube: 
LinkedIn:

B may use third-party APIs and software development kits (“SDKs”) to provide certain functions in our Services. We use cookies and similar technologies for the following purposes: Technically necessary; Comfort; Statistics; Marketing. When we use cookies and/ or similar techniques for processing personal data, the types of personal data processed may vary, depending on the categories of cookies or similar techniques. Non-essential cookies are used only with your consent. You have the option of preventing cookies from being

Please see our Cookie Policy and EU Cookie Policy to learn how biofy and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base.

Newsletters, Events and Marketing

If you subscribe to our newsletter or for other materials (such as blogs, newsletters available on our websites), we will process the given contact information to send the newsletter or provide the materials. Such processing is based on your consent and the necessity to fulfill our obligation to provide the subscribed material(s). The contact information is retained and possibly shared as described below.

We use following information to communicate on and promote our services (as compatible with the original purposes, if data is collected in another occasion):

  • Basic information (such as name, title, company name, work location, contact information)
  • Basic business information
  • Business connections (to our former, current and potential customers and other relevant entities)
  • Expressed interest to our products and services (such as download of specific materials)
  • Communications
  • Events
  • Marketing preferences (such as subscribed newsletter(s))

The information is obtained from you (e.g. in connection with interaction we have with you, the subscription(s) and website forms, event registrations, demo requests or other contact requests and communications (including on third party platforms, such as LinkedIn), or our cooperation partners (for example, our referral partners may disclose us information on potential customers or organizers of events which we sponsor may disclose us information on participants). Subject to your (cookie) consent, this data may be combined with information on online activity data in our website domains. Such data is gathered with cookies, please see our cookie policies for detailed description.

The personal data above is used to generate leads, target marketing activities to the contacts representing potential and current customers (for example to help our sales teams to target their efforts to contacts with potential interest in our services) and other stakeholders (including our suppliers and partners), and to retarget and customize our marketing. Naturally, the data is used to provide product and service updates, announce new materials, invitations to our events, and otherwise market our products and services and provide related information in different channels, such as emails, phone calls, on social platforms and over display. For example, we may retarget relevant contacts by serving new retail content on LinkedIn based on previous engagement with retail content on the biofy Group websites. In addition, personal data is used, as applicable, for business intelligence, market and customer analysis, reporting and statistical purposes, and to better understand how people interact with our websites and services.

Once we have obtained your consent, the processing is needed to carry out marketing and reach our current and potential customers. You have a right to prohibit use of your contact information in marketing at any time by using the available web-tools (such as the “unsubscribe” button at the end of newsletter) or by sending us a notice (you can find the Contact Information at the very end of this Privacy Policy).

Personal data stored for marketing purposes are deleted upon request of the contact, if the data is identified as out of date, or if the contact is no longer deemed a suitable candidate for our services.

Data Sharing and Joint Processing within Biofy Group

Please note that if you hold a biofy Account(s) and/or use biofy Services managed by other biofy entities, personal data collected by us is combined with personal data collected in connection with such other Services. Sharing and combining the personal data is based on biofy’s legitimate interests in finding synergies generated from performing, planning, and developing business at the group level, and in promoting sales by cross and up-selling complementary products of group companies. The biofy group companies have combined their customer support services to provide more effective global customer support. Your inquiries can be answered by both biofy Europe and biofy Inc. employees and collaborators. You can assert your data subject rights with biofy Inc. as well as with us. The primary responsibility under GDPR for the processing of data lies with the entity which you are contracting or which is communicating with you.

biofy Europe and biofy Inc. are joint controllers according to Art. 26 GDPR. biofy Inc. and biofy Europe GmbH have concluded a joint controller agreement in accordance with the GDPR, in which we have made arrangements about our joint responsibilities with regards to the processing of your personal data. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards.

Personal data may be transferred outside the European Union and the European Economic Area, including, but not limited to, the United States of America as well as other locations and jurisdictions in which we conduct our business or our service providers are located. Such transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.

Business Transfers

 

We may transfer and/or provide information about our users in connection with an acquisition, sale of company assets, or other situation where user information would be transferred as one of our business assets. You will be notified via email and/or a prominent notice on our website. In such a case, the acquirer of biofy may continue to use your information as set forth in this policy or as otherwise allowed by law.

Protection of Biofy and Others

biofy may access, read, preserve, and disclose any information it collects when it has a good faith belief that doing so is reasonably necessary to (i) comply with a law, regulation, or compulsory legal request, including process from a governmental law enforcement or national security agency, (ii) enforce this Privacy Policy or our Terms of Service, including investigation of potential violations hereof, (iii) detect, deter, prevent or otherwise address malicious, fraudulent or unlawful activity, (iv) respond to user support requests, or (v) protect the rights, property or safety of biofy, its users and the public. This includes exchanging information with other companies and organizations for protection from malicious, fraudulent or unlawful activity.

Data Analysis and Business Insights

please note that if you hold a biofy Account(s) and/or use biofy Services managed by other biofy entities, personal data collected by us is combined with personal data collected in connection with such other Services. Sharing and combining the personal data is based on biofy’s legitimate interests in finding synergies generated from performing, planning, and developing business at the group level, and in promoting sales by cross and up-selling complementary products of group companies. The biofy group companies have combined their customer support services to provide more effective global customer support. Your inquiries can be answered by both biofy Europe and biofy Inc. employees and collaborators. You can assert your data subject rights with biofy Inc. as well as with us. The primary responsibility under GDPR for the processing of data lies with the entity which you are contracting or which is communicating with you.

Rights under the GDPR

If you are a resident of the EEA or Switzerland, or otherwise subject to the GDPR, and we process your personal data, you have the right to ask for the following rights:

  • In all cases a right to be informed about processing by biofy that pertains to personal data based on which you may be identified, and access to a copy of such personal data (Art. 15 GDPR).
  • If the personal data that is being processed is incorrect or inaccurate, you are entitled to demand for the data to be corrected (Art. 16 GDPR).
  • Subject to the conditions set in the GDPR, you may demand for the deletion or limitation of the processing and have the right to object to the processing altogether (Art. 17, 18, and 21 GDPR).
  • If the processing is based on your consent or a contract and the processing of data is carried out using automated procedures, you may be entitled to data transferability (Article 20 GDPR).
  • If you have consented to the processing of your data by the data controller, you may revoke your consent at any time. The legality of the data processing carried out on the basis of the consent that was obtained prior to the revocation will not be affected.

Furthermore, you have a right to appeal to the competent supervisory authority (Art. 77 GDPR) if you deem the personal data processing by us to violate the GDPR or other applicable data protection laws.

Landesbeauftragte für Datenschutz und Informationsfreiheit

Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: [email protected]

Contact details of authorities in other EU Member States can be found from the directory maintained by the European Data Protection Board.

Contact Details for questions and Exercising your rights

If you have any questions or concerns regarding privacy when using the Services or wish to use your rights, such as object the processing or have your personal data removed, please send us a detailed message to: [email protected].In addition to email you may exercise any of your rights by sending a request to us, our contact details are provided in “Contact Information” above.

We will make every effort to resolve your concerns. Once we receive your request, we will ask that you verify your identity such as by authenticating through your account. Please note that if you do not have a biofy account, biofy has no way of identifying you or verifying that you created or clicked on a biofy Product, or otherwise interacted with our Services.

You may be entitled, in accordance with applicable law, to submit a request through an authorized agent. To designate an authorized agent to exercise your rights and choices on your behalf, please provide a written attestation, declaration, or permission that has either been physically signed or provided electronically per applicable law. In certain circumstances, we may be required by law to retain your personal data.

Tools available to exercise your rights

If you have a biofy Account, you may access, correct, or request deletion of your personal data by logging into your Account. For biofy Link, Link in Bio and QR Code services, once logged in to your account, you will be able to view a history of the URLs you have shortened and the metrics pages for those URLs. You can request a complete copy of the personal data we store about your account by clicking the button to request a report in your Account Settings. You can delete your Account at any time through your Account settings page. If you delete your Account, you will no longer be able to access or use the Services. If you have an Account but are unable to access it, you can contact us at [email protected]. We will respond to your request within a reasonable timeframe.

As a biofy Europe QR Code Services user you have the possibility to cancel the registration at any time by using the tools in the Service or via an email to customer support or [email protected] You can object to the storage of your personal data at any time. In this case, all personal data stored will be deleted to the extent permitted by law or no opposing legitimate interest prevails. To do so, please send an email to [email protected].

Please note that in the interest of ensuring that existing biofy Products continue to function for all of our users, the biofy Products that you have created and shared cannot be deleted or disabled (even if your Account is deleted), and any shortening and sharing activity that has already occurred on your Account also cannot be deleted. If you have concerns about any unauthorized use of your Account, you can delete your account within your Account settings.

International transfers of personal data

Depending on your location, information about you may be transferred to the United States or other countries outside the EU or European Economic Area (EEA) or may be processed there. These data transfers are necessary to provide you with the Services and functionalities you have requested as outlined in this policy.

To protect your personal data, we rely on appropriate legal basis for each data transfer. In particular, we use contractual safeguards such as Standard Contractual Clauses approved by the European Commission. Where applicable, we base data transfers also on adequacy decisions issued by the European Commission.

Please feel free to contact us for further information about international data transfers, including to obtain access to a copy of applicable safeguards.

California Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020, provides you with specific rights regarding your “personal information,” as that term is defined under the CCPA. This section describes the rights that California consumers have and explains how to exercise those rights. For the purposes of this section, personal information does not include: (i) information that is lawfully made available from federal, state or local government records; (ii) de-identified or aggregated data; or (iii) information excluded from the scope of the CCPA. To be clear, these rights are granted only to the extent that you are a California consumer and we are acting as a “business” under the CCPA with respect to your personal information. The rights in this section are not intended to grant you additional rights, but only your rights under the CCPA.

Information We Collect; How We Collect It; How We Use It

We have collected the following categories of personal information from consumers from the sources described in the Privacy Policy above, specifically the categories of sources identified in the subsection titled “Biofy Connections Platform Services” (under the section “Biofy Group Services”), and have shared such personal information with the following categories of third parties within the last twelve (12) months:

Category

Examples

Business or Commercial Purposes for Collecting Personal Information

Disclosed in the Prior Twelve (12) Months for the Following Business Purposes

A. Personal identifiers.

A real name, postal address, online identifier, Internet Protocol address, email address, account name.

To register your Biofy account or create a Biofy link

To communicate with you

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

For the security and integrity of our services, to verify or maintain the quality or safety of services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

B. Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Some personal information included in this category may overlap with other categories.

A name, physical characteristics or description, address, telephone number, credit card number, debit card number, or any other financial information, medical information.

To register your Biofy account

To communicate with you

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

C. Protected classification characteristics under California or federal law.

Age and gender.

Marketing and advertising

 

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

To register your Biofy account or create a Biofy link

When you interact with a Biofy link, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

G. Location data.

Physical location.

To create a Biofy link

When you interact with a Biofy link, to detect, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

H. Inferences drawn from other personal information for profiling purposes.

Used to create a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

When you interact with a Biofy link, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

We do not use or disclose sensitive personal information, as that term is defined under the CCPA. The categories of personal information described above are anonymized or erased from our systems upon request, if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the relevant individual, whichever occurs first.

Selling or Sharing of Personal Information

Biofy does not “sell” or “share” your personal information to third parties, as those terms are used in the CCPA.

Rights to Your Information

  1. Right to Know

As a California consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale/sharing of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • The categories of personal information we collected about you.
  • The categories of sources from which the personal information is collected.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (see Data Portability Rights below).
  1. Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. However, we may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to perform certain actions set forth under the CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.

  1. Right to Data Portability

You have the right to request a copy of the personal information we have collected and maintained about you in the past 12 months. The CCPA allows you to request your information from us up to twice during a 12-month period. We will provide our response in a readily usable (and usually electronic) format.

  1. Right to Correct

You have the right to request the correction of any personal information we maintain about you.

  1. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  1. Exercising Your Rights

To exercise the rights described above, please contact us by using the following methods:

  • Emailing us at privacy@biofy

After submitting a request, we will take steps to verify your identity in order for us to properly respond and confirm that it is not a fraudulent request. In order to verify your identity, we will ask, at a minimum, that you provide your name, email address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. Depending on the request, if we are unable to verify that the consumer submitting the request is the same individual about whom we have collected personal information, we may contact you for more information, or we may not be able to meet your request.

Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your personal information. If you are making a request as the authorized agent of a California consumer, we will ask you to submit reliable proof that you have been authorized in writing by the consumer to act on such consumer’s behalf.

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the CCPA allows us up to 90 days to respond. We will still contact you within 45 days from when you contacted us to let you know we need more time to respond.

California “Shine the Light”

In addition to the above rights, under California Civil Code Section 1798.83 (“Shine the Light”), California residents may have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us by email at [email protected]. If you do not want your personal information shared with any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to us at [email protected].

Contacting Us

If you have questions or concerns about this privacy policy, your California privacy rights, or our information practices, please email us at [email protected]

Virginia/Colorado/Connecticut and certain other U.S. State Privacy Rights

The Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the Connecticut Data Privacy Act and similar laws in other U.S. states (“State Privacy Laws”) provide their consumers with specific rights regarding their personal data. To the extent that you are a resident of one of these states, this section describes your rights under the State Privacy Laws and explains how you may exercise these rights.

The categories of personal data we process, our purposes for processing your personal data, the categories of personal data that we share with third parties, and the categories of third parties with whom we share it are set forth in the terms of the Privacy Policy above.

Rights to Your Information

In addition to the rights set forth in our Privacy Policy, the State Privacy Laws provide you with the following rights:

  • Right to know. You have the right to know whether we process your personal data and to access such personal data.
  • Right to data portability. You have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means. You may request such personal data up to twice annually, subject to certain exceptions.
  • Right to delete. You have the right to delete personal data that you have provided by or that we have obtained about you. Please note that we may deny such a request if the requested deletion falls under an exception as set forth in the State Privacy Laws. Additionally, if you request deletion of your personal data and we have obtained such information from a third-party source, we may retain such data by keeping a record of the deletion request and the minimum data necessary to ensure that your personal data remains deleted from our records and that such retained data is not used for any other purpose, or we may opt you out of the processing of such personal data for any purpose except for those allowed under the State Privacy Laws.
  • Right to opt out. You have the right to opt out of the processing of the personal data for purposes of: (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. As of the latest date of the Privacy Policy:
    • We do not process personal data for the purposes of targeted advertising;
    • We do not sell your personal data; and
    • We do not engage in profiling decisions based on your personal data that produce legal or similarly significant effects concerning you.
  • Right to correct. You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes for which we process it.
  • Right to nondiscrimination. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. Unless permitted by the State Privacy Laws, we will not:
    • Deny you goods or services;
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
    • Provide you a different level or quality of goods or services; or
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How to Exercise Your Rights; Verifying Your Identity

To exercise any of your privacy rights, or if you have any questions about your privacy rights, you may contact us by:

After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that your request is not fraudulent. We may contact you for additional information as reasonably necessary to authenticate your request, but if we are ultimately unable to authenticate your request using reasonable commercial efforts, then we may not be able to comply with it.

Only you or your authorized agent may make a verifiable request related to your personal data. If you are making a request as the parent or legal guardian of a known child regarding the processing of that child’s personal data, we may ask you to submit reliable proof of your identity.

Response Time; Your Right to Appeal

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the State Privacy laws allow us up to 90 days to respond. We will contact you within 45 days from when you contacted us to inform you of the need for additional time and the reason for such extension. We may charge you a reasonable fee to cover administrative costs if your requests are manifestly unfounded, excessive, or repetitive.

If we decline to take action on a request that you have submitted, we will inform you of our reasons for doing so, and provide instructions for how to appeal the decision. You will have the right to appeal within a reasonable period of time after you have received our decision. Within 60 days (45 days for residents of Colorado) of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general’s office to submit a complaint.

Nevada Privacy Rights

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal data that we have collected (or may collect) from you to data brokers or other third parties. You can exercise this right by emailing us at [email protected] with the subject line “Nevada Do Not Sell Request.”

Children’s Privacy

We do not knowingly collect personal data from children. If we learn that we have collected personal data of a child under 13 (or older as required by applicable law), we will take steps to delete such information from our systems as soon as possible. If you believe we might have any personal data from or about a child under 13, please contact us at [email protected]

Changes to our Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time. If we make material changes in the way we collect or use information, we will provide notice by posting an announcement on the Services or sending you an email, and we will indicate when those changes will become effective. You are agreeing to any changes to the Privacy Policy when you use the Services after those changes become effective.