PRIVACY  POLICY – LONGEVIZE

Updated: July 2022

1 Introduction

1.1 This Privacy Policy (hereinafter: “Policy”) is used by Longevize B.V., a company with limited liability under the laws of the Netherlands with its registered offices in Amsterdam, the Netherlands, having offices at (2333 CH) J.H. Oortweg 21, Leiden, the Netherlands and registered in the register of the Chamber of Commerce under registration number 78739152  (“Longevize” or “we”). Longevize’s Data Protection Officer is Aphaia Ltd and can be reached by email at dpo@aphaia.co.uk.

1.2 This Policy applies to all processing of data that identifies you or may be used to identify you with (“Personal Data”) by Longevize, such as but not limited to the processing in relation to the provision of Services provided by Longevize (“Services”) and the processing via the website located at [Longevize.com] (“Website”). “Services” shall mean the provision of any online or offline services or offerings by Longevize, including via its app. Other capitalized terms shall have the meaning ascribed to them in the Longevize Terms of Service (“Terms”) unless otherwise defined here. This Policy also applies to other situations where Longevize processes personal data, such as in cases of employment, subcontracting, or business partnerships, where a separate notice is not provided.

1.3  Longevize may amend this Policy at any time. In case the Policy is amended, the amended Policy will be made available to you through publication of the amended Policy on the Website. Should you have any questions after reading this Policy, or would like to exercise the rights as entailed in this Policy, please contact Longevize via the above stated details.

2 What personal data do we process?

2.1 Longevize is responsible for determining the purpose and the means of the processing of the Personal Data processed in relation to its Services and is therefore considered Data Controller under the General Data Protection Regulation (“GDPR”) and the UK GDPR.

2.2 Longevize may process Personal Data in the following circumstances:

2.2.1 You are a Website visitor, for example when you solicit information about Longevize, the Website and/or products / services available through the Website or App;

2.2.2  You place an order for Services;

2.2.3 You provide us with saliva, stool or blood samples for testing, analysis and the performance of the Services;

2.2.4   You provide us with self-reported information via the questionnaire through our Website or App.

Personal Data that is processed as you visit our website

2.3 When you visit our Website, and regardless whether you place an order, we may automatically collect Personal Data about you or your device. We do not have the intention of identifying you with any such data, but it is possible to directly or indirectly identify you on the basis of such data. For this reason, this Policy informs you about our use of this data in a transparent way. Automatically collected Personal Data may include:

2.3.1  Your IP Address

2.3.2 Your (mobile) device-ID

2.3.3 Information on your settings, such as screen ratio, screen resolution, language settings, browser information (user agent) and/or operating system

2.3.4  Any pages you have visited on the Website

2.3.5  Your Website preferences

2.3.6  Your location and time zone.

2.4 We process the above data through cookies and similar techniques. More information about the cookies we use can be found on our cookie banner.

Personal Data that is provided by you

2.5  When you place an order with us, create an account or have a question for us, we may process additional Account Details. This includes Personal Data such as:

2.5.1  Your first name and family name

2.5.2 Your contact details

2.5.3  Your address

2.5.4 Your email address

2.5.5 Your (mobile) phone number

2.5.6  Your password

2.5.7  Any other contact details

2.5.8  Transaction details

2.5.9 Communications, including metadata pertaining to calls and messages, and any social features that may be enabled on our Website or app.

2.6   When you choose to use our Services, we process the following Service Data:

2.6.1 we will use the standardised questionnaires to gather further Personal Data such as age, gender, physiology (weight, height), ethnicity, lifestyle data (sleeping habits, smoking habits, physical activity), diet, overall wellbeing, medical conditions, known allergies, medications;

2.6.2 We may ask you to provide saliva, stool or blood samples, whereas the analysis of such samples will result in special categories of data that can be classified as health data, genetic data, or biometric data. Such data will be received by us through our lab partners;

2.6.3 We may offer the gathering of personal data, including health and biometric data, by means of wearable devices, using our app.

Data on minors

2.7  The use of the Website is not permitted for children under the age of 18. Children under 18 must not place orders or create an account. Longevize therefore does not consciously process data pertaining to minors. If, as a parent or legal representative, you suspect that Longevize is processing data from your child or a minor entrusted to your care, please contact us using the contact details mentioned above. However, you should contact us if you wish to provide consent on behalf of a person as their parent or guardian.

3  For what purposes do we process Personal Data?

3.1  Our primary purposes for which we process your Personal Data are to offer you the best possible Services, to optimize and continuously improve our Website and Services and to ensure their continuity. More specifically, your Personal Data can be used for the following purposes:

3.1.1  To fulfil your order and perform the Services: this seems obvious, but we need certain Personal Information about you to process and fulfil your order. Our Services are based on artificial intelligence-based profiling of your Personal Data, which may include special categories of data and is therefore based on your explicit consent. We are using health and genetic data to optimize our AI models, which are used for personalized life-style design and for personalized supplement formulas. Our Services use machine learning– which is explained below.

3.1.2  For machine learning purposes: we may use your Personal Data for improving our artificial intelligence engine, which provides the core of our longevity Services. Our machine learning models will selectively use small parts of genetic data obtained from your DNA, plus other personal data. Once part of our models, such data will not longer be able to identify you after your personal data, including your genetic, health, and biometric data has been deleted following your withdrawal of consent.

3.1.3   To personalize the Website: you have the option of adapting the Website experience to your needs, for example by changing the language of the Website. To remember your changes, we may process Personal Data about you, such as your IP address. If you have created an account, your preferences may be linked to your account.

3.1.4   To improve our Website and our Services: we are constantly working to improve our Website, our Services and your user experience and add new functionality. Processing analytical data (in an aggregated form) is essential for this.

3.1.5   To secure our Website: in order to offer you the best possible user experience, it is necessary to keep malicious third parties (e.g. hackers) out. We therefore constantly monitor our Services and the use of our Services. When we identify a potential threat, we can take immediate action to prevent disruption or unauthorized use of our Services.

3.1.6  To communicate with you: when you contact us, we process your contact information such as your name and e-mail address and any other Personal Data that you provide to us.

3.1.7  For marketing purposes: your Personal Data can be used to provide you with newsletters and offers for our products and services.

3.1.8  To comply with a legal obligation: we may be required by law or by a court order to process and / or transfer certain Personal Data.

3.1.9  For Research: we may use your Personal Data for research and development, clinical research studies, and identifying candidates for optional Research Participation, subject to your consent.

3.2  Longevize has several purposes for the processing of your Personal Data. The applicable ones are listed below:

3.2.1  To enable Longevize to enter into an agreement with you, after which Longevize will execute this agreement, such as but not limited to the agreement for the delivery of Longevize products and/or services;

3.2.2  To enable Longevize to offer their Services based on your consent, including through constant improvement of such Services. This involves artificial intelligence and machine learning;

3.2.3 To enable Longevize to perform research, including through machine learning;

3.2.4  To enable Longevize to perform direct marketing activities, such as but not limited to informing you about our products, and to assess the effectiveness thereof, subject to your right to object;

3.2.5 The processing is necessary for the purposes of the legitimate interests pursued by Longevize, including the interest to perform its business activities, to make-/ defend against claims, to prevent fraud and other inappropriate behaviour, to ensure security of its online platform and its staff, except where such interests are overridden by the interests of fundamental rights and freedoms of the data subjects that require protection of Personal Data.

4 Who can receive Personal Data?

4.1   Longevize may share your Personal Data with the following categories of recipients:

4.1.1 Our suppliers, such as but not limited to the party that provides the hosting of our data and other external IT suppliers;

4.1.2  Our phlebotomy service partners who collect your blood samples for testing and analysis;

4.1.3  Other companies affiliated with Longevize, if this is necessary for administrative purposes of our corporate group, compliance, internal reports, audit and / or security purposes or the execution of an agreement with you;

4.1.4 Our accountant, legal advisers and other professional service providers engaged by Longevize;

4.1.5  Our analytics service providers for the purpose of assessing the effectiveness of our Website;

4.1.6 Governmental bodies, if we are under an obligation to provide your Personal Data to a regulator (such as the Dutch Data Protection Authority) or other governmental bodies;

4.1.7 Fraud prevention companies, we may engage third parties to investigate fraudulent actions and ensure that our property and / or rights are protected;

4.2 Longevize in principle does not transfer Personal Data outside of the European Union, the UK, or the EEA, unless there is an adequacy decision by the European Commission in place, or based on Standard Contractual Clauses (SCC) and any additional risk assessment that may be required.

4.3  Your data in pseudonymised form may be pooled with the data of other providers to expand our samples and be able to provide more reliable research and advice.

5 How long do we retain your Personal Data?

5.1  We keep your Personal Data for as long as necessary to achieve the aforementioned purposes.  In particular, the following rules apply:

5.1.1  We will retain your data until you withdraw your consent. In some cases, Account Details and other data may be retained, for example in case of non-payment of your obligations or where you are involved in a dispute with us.

5.1.2 Please note that keeping your data enables us to restart the provision of our Services to you at any time, without you being required to provide your samples and your answers to our questions once again. We therefore encourage you not to withdraw your consent and erase your data even if you have not been using our Services for a while. We may from time to time remind you of the existence of your account with us to give you the opportunity to withdraw your consent if you have firmly decided not to order any of our Services again.

6   How do we secure your Personal Data?

6.1 Longevize highly values the security of your Personal Data. Therefore, Longevize will apply technical and organizational measures to protect your Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. To keep your Personal Data safe, the following measures are implemented:

6.1.1 Transfers of data via the Website are encrypted;

6.1.2  Servers on which your Personal Data is stored are protected with passwords and appropriate security measures;

6.1.3  Search engines are blocked from indexing the Personal Data;

6.1.4  Server access is limited to individuals with a need-to-know;

6.1.5  Servers are up to date;

6.1.6 Passwords are only stored in a hashed form.

7   Your rights

7.1 The GDPR guarantees you as a data subject certain rights:

7.1.1 Objection: Depending on the situation, you have the right to consent or object to the processing of your Personal Data and the conditions under which this processing takes place. This is particularly the case for us contacting you with any matters that are not strictly linked to the provision of Services. Please note that objecting to the use of some of your data, notably the information from the Biology Testing and Longevity Report, will result in the termination of the Services at your request. This is because the processing of such data is necessary for entering into, or performance of, a contract between you and us (Article 22(2)(a) GDPR), whereas the data has been held securely and your interests are protected by your right to withdraw consent at any time and erase the data.

7.1.2 Access: You have the right to receive, in an intelligible form, a copy of the Personal Data being processed.

7.1.3  Rectification: You, where appropriate, have the right to request the rectification of your Personal Data.

7.1.4 Restriction and data portability: under some circumstances specified by the GDPR, you have the right to request restriction of your data, plus you have the right to port your data to another provider.

7.1.5 The right to withdraw consent and request erasure: where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent at any time. Please note that your withdrawal of consent and the erasure of data will result in the termination of the Services at your request.

7.1.6 Complaint with relevant authority: You have the right to file a complaint with the relevant data protection authorities, e.g. the Autoriteit Persoonsgegevens in the Netherlands.

8 What else is important to know?

8.1 This Policy is governed by the laws of the Netherlands, without application of its conflict of laws-rules.

8.2 If you are using our Website and Services for personal use only (i.e. you are a consumer) and reside in a country which, by mandatory law, does not allow for the choice of law, jurisdiction or venue described above, the laws of your country of residence will apply and disputes may be submitted to your local jurisdiction and venue.

8.3 Should you have any questions after reading this Policy, or would want to exercise any right as stated in this Policy, please do not hesitate to contact us with the details provided to you in this Policy or e-mail our Data Protection Officer at dpo@aphaia.co.uk