Privacy Policy
This version is effective from: 26 Dec. 2022
This Privacy Policy (“Privacy Policy”) sets out how Mabsut Life D.O.O. LTD., a company incorporated in Slovenia with registration number 8198489000 and registered office at Ljubljana, Knezovaulica 001, 1000 Ljubljana (“Company”, “We”, “Us”) processes your personal data in connection with our website at www.pheno-life.com (the “Website”) and certain related services (our “Services”).
We will update this Privacy Policy from time to time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements. We may notify you by email of any significant changes to this Privacy Policy, but we encourage you to review this Privacy Policy periodically to keep up to date on how we use your personal data. If we update this Privacy Policy, we will update the effective date at the top of the page.
This Privacy Policy specifically applies to the processing of personal data of individuals we interact with who: access and use our Website, contact the Company or enter into a service agreement with the Company to the extent such processing is caught by the requirements of the UK Data Protection Act 2018 and/or the General Data Protection Regulation (“GDPR”).
- Purpose of this Privacy Policy
This Privacy Policy explains our approach to any personal data that we might collect from you or that we have obtained about you from a third party and the purposes for which we process your personal data. This Privacy Policy also sets out your rights in respect of our processing of your personal data.
| When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance. This Privacy Policy is intended to assist you in making informed decisions when using our Website and our Services. Please take a moment to read and understand it. It should be read in conjunction with our Terms and Conditions, and our Cookie Policy (as described below) This Privacy Policy only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties). |
- How to contact us
If you have any questions about this Privacy Policy or want to exercise your rights as a data subject set out in this Privacy Policy, you can contact us using the following methods:
| Send us an email at: dpo@mabsutlife.com | |
| Post | Write to us at: Data Protection Officer, MabsutLife Ltd., Ljubljana, Knezovaulica 001, 1000 Ljubljana |
- What personal data we collect
In providing our Website and Services, we may collect and process different types of personal data about you for different processing purposes. The types of personal data we collect depends on who you are and how you use our Website and Services.
| Contact Data | Information enabling us to contact an individual, including name, address, email address, telephone number |
| Identity Data | Information concerning your identity, including, copy of passport, copy of ID card, proof of physical address |
| Employment Data | Information and documents related to profession and /or employment |
| Profile Data | Documents on financial status (e.g. non-bankruptcy certificate), professional certificates of an individual’s professional background, documents regarding educational background, documents related to origin of wealth |
| Behavioural Data | Data relating to browsing activity or interaction with emails, obtained through the use of cookies, pixel tags and other similar technologies; information about when online sessions started; details about any Services viewed through the Website, data obtained from Third party social networks (e.g. such as Facebook, Google, Twitter, YouTube) or market researchers (if feedback not provided on an anonymous basis). |
| Technical Data | IP address; browser type and operating system; geolocation, to ensure we’re showing you the correct notices and information; any other unique numbers assigned to a device. |
| Marketing and Communications Data | Marketing preferences; service communication preferences. |
| Payment and Financial information | Any information that We need in order to fulfill an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, We or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations and security standards such as PCI DSS |
- How we collect and receive personal data
We collect and receive personal data directly and non-directly using different methods.
| Personal data you provide to us | You may give us your personal data directly, for example, when you purchase Services, contact us with enquiries, complete forms on our Website, subscribe to receive our marketing communications or provide feedback to us. |
| Personal data we collect using cookies and other similar technologies | When you access and use our Website, we will collect certain Behavioural Data and Technical Data. We collect this personal data by using cookies and other similar technologies (see the “Insight, analysis and retargeting through Cookies” section below). |
| Personal data received from third parties | We may receive personal data about you from third parties. Such third parties may include analytics providers, data brokers, third party directories and third parties that provide technical services to us so that we can provide our Website and our Services. |
| Publicly available personal data | From time to time, we may collect personal data about you (Identity Data, Contact Data or Profile Data) that is contained in publicly available sources (including open source data sets or media reports) or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories or posts on social media platforms). |
- How we use your personal data
We use your personal data for the purposes set out in this section.
Use of our Website.
| If you use our Website | When you browse our Website, we collect and process Behavioural Data and Technical Data to help us understand how you are using and navigating our Website. We do this so that we can better understand which parts of our Website are more or less popular and improve the structure and navigation of our Website. Our legal basis for processing It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Services, or it is in our legitimate interest to use personal data in such a way to ensure that we provide access to our Website in a secure and effective way and so that we can make improvements to our Website. |
| If you link to social media sites and interact with our social media pages | If you click on one of the social media links on our Website or otherwise interact with our social media pages such as on Facebook or Instagram, we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose, such as certain Behavioural Data and Technical Data. The relevant social media platform may also be a controller in respect of the personal data that is collected via your use of our social media pages and may use that personal data for additional purposes. For details of how the relevant social media platform uses your personal data, please see the privacy policy of the relevant social media platform. Our legal basis for processing Where lawfully required, you will be asked to consent to the use of cookies and similar technologies. Otherwise, it is in our legitimate interest to use personal data in the ways described above to ensure that we provide the Website in an effective way and to promote our Website via social media. |
Surveys and feedback.
| If you complete our surveys or provide feedback on your experience of our Website and/or our Services | From time to time, we will invite you to provide feedback about us, our Website and Services in the form of online surveys. We will collect and process your Identity Data, Contact Data and, if applicable, certain Profile Data as well as any other personal data you choose to volunteer in your survey response or other feedback. We use this information to help us to monitor and improve our Website and our Services, to assist with the selection of future service lines and to train our personnel. Our legal basis for processing It is in our legitimate interest to use the personal data provided by you so that we can improve our Website and Services and provide them in an effective way. |
Hosting and managing events.
| If you sign up for and/or attend one of our events | From time to time, we may organise and host events for the purpose of promoting our business. We may process your Identity Data and Contact Data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you. If you attend one of our events, we may use your Identity Data, Contact Data and certain Profile Data to record your attendance at the event. Our legal basis for processing It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way. |
Insight, analysis and retargeting through Cookies.
| If we use cookies to help us understand more about you and your use of our Website and our Services | We and our third-party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the devices that you use to access our Website and Services and any emails that you receive from us. The data that is collected includes Behavioural Data and Technical Data, and certain Profile Data. Please see our Cookie Policy for further information, including details of our third-party partners. We and our third-party partners use this data to analyse how you use our Website and Services and the effectiveness of our Website and Services, including: for the purposes described in the “If we carry out any online personalised advertising”, “If we advertise to you on social media and other platforms”, and the “If we advertise to other people who share similar interests and characteristics to you” sections below; to analyse how you use, and the effectiveness of, our Website and Services, including: to count users who have visited our Website or opened an email and collect other types of information, including insights about visitor browsing habits, which helps us to improve our Website and Services and the effectiveness of our emails; to measure the effectiveness of our content; to learn what parts of our Website are most attractive to our users, which parts of our Website are the most interesting and what kind of features and functionalities our visitors like to see; to help us understand the type of marketing content that is most likely to appeal to our visitors and customers; and to help us with the selection of future service lines, website design and to remember your preferences. In some of our email messages, we use a “click-through URL” linked to certain websites administered by us or on our behalf. We may track click-through data to assist in determining interest in particular topics and measure the effectiveness of these communications. Our legal basis for processing Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy for further details. In certain circumstances, we may rely on another lawful basis when we use your personal data collected via the use of cookies. For example, where we use personal data collected through the use of analytics cookies to analyse how you use our Website, it is in our legitimate interest to use your personal data in such a way to improve our Website and Services. |
Advertising and marketing activities. For more information, click here.
| If we send you marketing communications by email/ | We use your Identity Data, Contact Data and Marketing and Communications Data to send you (or the organisation you represent) marketing communications by email. Our marketing will include press releases and information about us, our Website, and our Services, any events we may hold and the offers and promotions we offer from time to time. Our marketing communications will include personalised and non-personalised marketing. Personalised marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. Non-personalised marketing is marketing that is not tailored to you. Where we are sending you personalised marketing, we may also use Profile Data, Transaction Data and Behavioural Data to help us decide what sort of personalised marketing to send you (please see the “Insight, analysis and retargeting through Cookies” section above for more details). Our legal basis for processing It is in our legitimate interest to use your personal data for marketing purposes, for example to decide what marketing content we think may appeal to you. It is in our legitimate interest to use your personal data to send our marketing to you by post. However, we will only send marketing communications to you by email where you have consented to receive such content by email, or where we have another lawful right to send marketing to you using email. For example, in certain circumstances we may rely on our legitimate interest to send marketing by email to consumers who have purchased our Services. We may also rely on our legitimate interest to send marketing by email to certain business users of our Website and our Services. |
| If we carry out any online personalised advertising | We and our third party partners may use your Profile Data, Behavioural Data and Technical Data and other data that is collected through your interactions with third party websites and services to provide you with, and analyse the effectiveness of, personalised ads when you visit other websites and/or use other services (including the social media and other platforms described in the “If we advertise to you on social media and other platforms” section below). By “personalised ads”, we mean advertisements for services that you have shown an interest in when you have used our Website or which you otherwise might be interested in based on your browsing habits, although our third party partners may use the data that is collected to show personalised ads for products and services offered by third parties. Our legal basis for processing Please see the “Insight, analysis and retargeting through Cookies” section above to learn about the legal basis that we rely on to collect data via the use of Cookies. Where we use your personal data to display online personal advertising to you, we rely on the consent that you have provided in respect of the collection of such data, or it is otherwise in our legitimate interests to promote our Website and our Services to you. Our third party partners may rely on a different lawful basis in respect of their use of your personal data. Please read the privacy policy of the relevant third party provider, as set out in our Cookie Policy. |
| If we advertise to you on social media and other platforms | We share your email address (usually in an encrypted or ‘hashed’ form) with third party providers of social media platforms and other services, such as Facebook, Snapchat, Sky and other similar platforms (“Platforms”), so that the third party providers can try to “match” your data with the data of their registered users of their Platforms. Where there is a successful match, we will display our advertising to you when you use the relevant Platform (e.g. on your Facebook newsfeed). This is known as “custom audience” advertising, because we “customise” the audience that we want to reach on the relevant service. Some of the advertising that you see may be personalised to you. The data that we use to personalise our advertising, such as your Profile Data and Behavioural Data, will not be provided to the third-party providers of the Platforms. Please see the “Insight, analysis and retargeting through Cookies” section above to learn more about how we personalise advertising to you. This activity is also subject to the privacy choices you have elected to make on such Platforms. Our legal basis for processing We will only share your personal data with the third-party providers of the Platforms, so that we can advertise our Services to you when you use those Platforms, where you have provided your consent. |
Business administration and legal compliance.
| If we need to use your personal data to comply with our legal obligations or in connection with the administration of our business | We may use your personal data: (i) to comply with our legal obligations; (ii) to enforce our legal rights; (iii) to protect the rights of third parties; and (iv) in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets. Our legal basis for processing Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us, such as a court order. We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent. |
- If you fail to provide your personal data
Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application to register an account. In these circumstances, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.
- Third-party links
This Privacy Policy only applies to personal data processed by us through your use of our Website and/or in connection with our business operations.However, from time to time, our Website may contain links to third-party websites and services. We have no control over these websites and services, and this Privacy Policy does not apply to your interaction with the relevant third parties.
- Sharing personal data
We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.
| Third-party suppliers | Service providers acting as processors, including communications and system administration services and entities that help provide, run and manage our Website and IT systems |
| Payment providers and banks | We share personal data with third parties who assist us with the processing of payments and refunds. |
| Advertising partners | We share personal data with third party advertising partners, including those set out in our Cookie Policy when you use our Website. This data is used to provide you with, and measure the effectiveness of, online personalised advertising and for other advertising related activities. |
| Event partners and suppliers | When we run events, we will share your personal data with third-party service providers that are assisting us with the operation and administration of that event. If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event. |
| Auditors, lawyers, accountants and other professional advisers | We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in. |
| Law enforcement or other government and regulatory agencies and bodies | We share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation. |
| Another corporate entity in connection with a business transition | If we are involved in a business transition such as a merger, reorganisation, acquisition by another company, or sale of any of our assets, we may share or transfer personal data to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy. |
| Other third parties | Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation. |
- international transfers
We may share your personal data with service providers and/or third parties (in accordance with section 8 above) that are located outside the UK. This will involve transferring your data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented in accordance with applicable law:
- Where the transfer is to countries that have been deemed to provide adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific transfer mechanisms used by us when transferring your personal data outside the UK.
- How long we keep your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data, see your legal rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for statistical purposes, in which case we may use this information indefinitely without further notice to you.
- Confidentiality and security of your personal data
We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your personal data on our behalf) are obliged to respect the confidentiality of the personal data of all users of our Website and those who purchase our Services.
- Your rights as a data subject
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
If you wish to exercise any of the rights set out above, please contact us.
| Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. Request restriction of processing of your personal data in certain circumstances. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. |
Cookie Policy
Our Website uses cookies. A cookie is a text file in the format.txt, which the host server of our corporate website sends to the browser application that an individual visitor of our corporate website is using when entering our corporate website. It is stored locally on the hard drive of the computer or telecommunication device used by the individual visitor of our corporate website when entering our corporate website. The data written into this file includes information on the IP address (Internet Protocol), the internet access service provider, the duration and frequency of a page visit sessions within our corporate website, data which was viewed or downloaded, the type of computer or telecommunication device used by the individual visitor of our corporate website as well as the geographical location of the individual visitor of our corporate website.
The data collected is read out from the cookie file by and retained on the website server / host in electronic form. The purpose for collecting this data is to identify a specific individual visitor after entering our corporate website. This data related to the individual visitor of our corporate website may be used by MabsutLife Limited for internal statistical and analytical purposes only.
By entering our corporate website www.pheno-life.com, we have asked you to submit your explicit consent to the cookie policy in electronic form.
You can deactivate the use of cookie files by effecting the modifications in the system settings of the browser application you use for entering our corporate website. Please refer to the help documents and / or technical support for the browser application used for the entering of our corporate website accordingly. By selecting to empty the cache folder of your browser application and by deleting the browser history, cookie files can be deleted completely or partly.
Beacons
Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to Us. The information collected via web beacons will include information such as IP Address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, which links you click on in the email, etc.). We will use web beacons on Our Website or include them in e-mails that We send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalization.
Disclaimer
We are not responsible for events beyond our direct control. We cannot guarantee nor do we represent that there will be error-free performance regarding the privacy of the Information, and we will not be liable for any direct, indirect, incidental, consequential or punitive damages relating to the use or release of the Information.
Contact Us
If you feel your personal data has been infringed by MabsutLife Ltd., please get in touch with our DPO at dpo@pheno-life.com