This Privacy Policy explains how Biolumen collects, uses, shares, and protects personal information, and the privacy rights and choices we offer, in connection with our websites, online services, and products and services (collectively, our “Services”). In this Privacy Policy, “Biolumen” includes Biolumen (USA), Inc., Biolumen (Europe) Limited, and Biolumen (International) Limited. 

Personal Information We Collect

Information you provide to us. Personal information you may provide to us includes:

• Contact details, such as your first and last name, organization name, email and mailing addresses, and phone number.
• Account data, such as the username and password that you may use to establish an online account with us.
• Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
• Order and purchase history, including your interactions with our checkout page.
• Payment details, such as your payment card number, bank account number and shipping address. We rely on payment providers, such as Stripe, to process payments and we do not have access to payment card numbers.
• Subscriber survey data, including the information you provide when you fill out surveys, and recordings of video or voice chats with our marketing team. 
• Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.

Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

• Data providers, such as information services, data co-ops, and data licensors.
• Public sources, such as social media platforms.
• Marketing partners, such as companies that have entered into joint marketing relationships with us.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with our websites, online services and our communications, such as:

• Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to our websites, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened our marketing emails or clicked links within them.

Cookies and similar technologies. Our Services may use the following technologies:

• Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser, in connection with specific applications.

Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How We Use Personal Information

We use  personal information for the following purposes:

Service delivery. We use  personal information to perform our contractual obligation under our terms of use, including to:

• Provide, operate and improve our Services and our business;
• Process your payments and complete transactions with you; and
• Communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages.

Improve, monitor, personalize, and protect our Services. It is in our legitimate business interests to improve and keep our services safe for our users, which includes:

• Understanding your needs and interests, and personalizing your experience with the Services and our communications; 
• Engaging in surveys and recording our video and audio chats with consumers;
• Troubleshooting, testing and research to keep the services secure; and
• Investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.

How We Share Personal Information

We may share  personal information with:

Affiliates. Within Biolumen for purposes consistent with this Privacy Policy

Service providers. Companies and individuals that provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services). 

Facebook and other Social Networking Services. You may be given the option to access or register for the Services through the use of your user name and passwords provided by Facebook and other social networking sites (each, an “SNS”), or otherwise have the option to connect an SNS account. By doing so, you authorize us to access and store information from the SNS -- including, without limitation, your name, email address(es), date of birth, gender, current city, profile picture and URL -- and to use and disclose it in accordance with this Privacy Policy. To control what information is shared with us, please check your privacy settings on each SNS and make changes as appropriate. 

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us. 

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of personal information.

Data Privacy Framework

Biolumen complies with the EU-U.S. Data Privacy Framework, the UK Extension of the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States. Biolumen has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles (the “Principles”). If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern.

Biolumen may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Biolumen’s commitments under the Principles are subject to the investigatory and enforcement powers of the Federal Trade Commission.

Children

Our Services are not intended for use by children under 16 years of age. If we learn that we have collected personal information through our Services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

Retention of Personal Information

We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable). 

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our websites and online services. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through our Services. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of our Services after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.