Last updated: January 2021
2. Your Informed consent
Personal Data includes for example your name, date of birth, title, gender, contact details, telephone number, email address, postal address and any other non-public information about you (“Personal Identifiable Information” or “PII”), as well as sensitive personal information about your health, such as biological data, genetic data, biometric data, or data concerning your health (“Personal Health Information” or “PHI”).
To protect your privacy, we assign each User who has ordered testing services from us an anonymous alphanumeric code (“Client ID”) to which your biological samples are linked via another anonymous alphanumeric code (“Sample ID”). Only DBS System and its subcontractors are able to make the link between the Client ID and the Sample ID.
3) Personal data we collect
3.a) Personal Identifiable Information
Generally, you can browse our Platforms without revealing who you are and without disclosing any of your Personal Identifiable Information, such as your name, date of birth, title, gender, contact details, telephone number, email address, postal address, to us. However, there may be times when you may disclose Personal Identifiable Information, including to:
Fill-in forms on the Platforms.
Report a problem with the Platforms.
Contact us, in writing, by email or other electronic means.
We may also be required by law to collect certain Personal Identifiable Information as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations.
3.b) Personal Health Information
We ask for your explicit consent to collect information considered to be sensitive (such as biological data, genetic data, biometric data or information about your health) in order to provide you with the services you have ordered from us or our partners.
When you order some of our services, you will receive our blood sample collection kit. Once you have obtained a blood sample by following the instructions provided in our blood sample collection kit, you can send it by regular mail or courier to our contracted and accredited laboratories. Once received by our partner laboratories, your blood sample will be identified by a unique number (Sample ID). It will be analysed by our partner laboratory, and your results will be made available to you online via secured email or our Platforms or Platforms of our Partners.
Your blood sample will be destroyed once the laboratory has completed its work unless the legal and regulatory requirements of the laboratory require to retain physical samples.
3.c) Cookies and other connection data
3.d) Data collected from other sources
We may also collect the following categories of Personal Identifiable Information from third parties, such as digital ad agencies, lists from acquired companies, events and conferences, and purchased lists, including without limitation: Name, address, date of birth, gender, phone number, email address, company name, title, and preferences. We may enhance or merge your PII with data obtained from third parties for the same purposes for which we use your PII that you personally provided.
4) Purpose and legal basis of the processing
4.a) Personal Identifiable Information
We will use the Personal Identifiable Information provided by or collect from the User to:
Perform the services or sales contract between us and the User. At the request of the User, take the steps prior to entering into a contract, such as for example following-up on specific enquiries about our products and services or acquiring preliminary information necessary to the processing of your payment and conclusion of the contract. After the contract is formed, send contract related communications, including without limitation messages such as order confirmation, provide the products or perform the services agreed upon with the User and respond to information, subsequent and contractual requests you may make of Us,
Comply with our legal obligations or respond to the requests of authorities,
Protect the vital interests of the User or of another natural person, if needed,
Perform an action of public interest in some cases, carry out or defend ourselves in legal actions, or when the processing involves Personal Data that is in the public domain,
Protect our legitimate interests, for example to understand how our Platform is used so that we can continuously improve it or to limit the risks of fraud and other prohibited or illegal activities, since those interests do not conflict with the fundamental rights and freedoms of the User which require the protection of Personal Data. We may analyze Your PII to better understand your needs and how we can improve our Platforms, products and services. For instance, We may use your information to verify that content from the Platforms is presented in the most effective manner for you and for your device, or to allow you to participate in the registration-only features of the Platforms, or
Exercise Our legal rights where it is necessary, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims, or violations of law or the contract.
The provision of certain Personal Identifiable Information is a mandatory legal or contractual requirement. If the User fails to provide Personal Identifiable Information as listed above, she or he may not be able to use the Platforms, receive information requested about our products and services, or conclude a contract with us.
Subject to the User’s express consent, we may also use Personal Identifiable Information to promote our or third party products and services by sending newsletters, periodic informational/promotional mail or email, and advertising material, to contact you by telephone or any other form of electronic communication, such as e-mails, SMS, MMS, social networks, or to conduct market research, directly or through the services of specialized companies, via interviews, questionnaires, investigations, so that we can continuously improve the content and services we provide to the Users. Please see the article headed “Commercial Communications” below for further information about how you can control these purposes.
4.b) Personal Health Information
We will process sensitive categories of data such as biological data, genetic data, biometric data, or data concerning health, only when the User has given her or his informed consent and entered into a contract with us for the processing of those Personal Health Information in relation to one or more specified purposes agreed with the User.
By ordering products or services on the Platforms or sending in your sample, you have chosen to use our products and services and have given your informed consent to have your biological sample(s) tested as part of our services, including micronutrients/biomarkers.
This information includes but is not limited to: Test results and questionnaires when applicable.
We are allowed or required by law to use your Personal Health Information in order to:
Perform the services or sales contract between us and the User. Provide you with services, including through and in connection with remote healthcare services furnished via telehealth technologies,.
Internal operations, which may include the reading your Personal Health Information to review the performance of our staff and for organization planning for future services we will provide, expand, or reduce,
Comply with our legal obligations or respond to the requests of authorities. Disclose information when we are required by law to do so. This includes reporting information to government agencies that have the legal responsibility to monitor the health care system or when we are required to do so by a court order or other judicial or administrative process,
Protect the vital interests of the User or of another natural person, if needed,
Perform an action of public interest in some cases, carry out or defend ourselves in legal actions, or when the processing involves Personal Data that is clearly in the public domain,or
To perform public health activities, including for reporting certain diseases, births, deaths, and reactions to certain medications. It may also include notifying people who have been exposed to a disease or disclosing your Personal Health Information if necessary to prevent serious harm to the public or to an individual. This disclosure shall only be made to someone who is able to prevent or reduce the threat.
5) Personal Data processing
We limit access to Personal Health Information to employees and external contractors who reasonably need access to it, to provide the products, to perform the services or in order to do their jobs. Employees and external contractors who receive this information have special confidential and security obligations to prevent the misuse of your information for other purposes.
Data processing may also be carried out by third parties that provide specific processing, administrative or instrumental tasks necessary to achieve any of the aforementioned purposes. For example, suppliers, agents or contractors that provide services on our behalf such as website or data hosting, online content, marketing communication, payment gateway, credit card processing, credit checks handling or fraud prevention. Any data processing by third parties is subject to the signature of a data processing agreement with us that requires data processors to comply with security, integrity, and confidentiality obligations.
6) Sharing Personal Data
We may also share Personal Data with any regulator, supervisory or government authority, law enforcement agency, court or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
6.a) Personal Identifiable Information
We may share Personal Identifiable Information with third parties for our operations, our Platforms and the provision of our products and services, including:
With our agents, contractors, provider, partners, technicians and consultants, insurance companies, website and hosting operators, data processing operators and other third parties in connection with services that these individuals or entities perform for, or with us. These third parties are restricted from using this information in any way other than to provide services for us, or services for the collaboration in which they and are engaged with us,
As part of an employee health benefit program for the administration of the health benefit program if you have enrolled in such program.
Subject to the User’s specific consent, we may also share Personal Identifiable Information with third parties to promote our or third party products and services by sending newsletters, periodic informational/promotional mail or email, and advertising material, to contact you by telephone or any other form of electronic communication, such as e-mails, SMS, MMS, social networks. Please see the article headed “Commercial Communications” below for further information about how you can control these purposes.
6.b) Specific authorization for release of Personal Health Information
Please note that when we process Personal Health Information in accordance with the contract and purposes agreed between us and the User, we will take special care to protect the confidentiality of such data.
We will not give, sell, rent, loan or otherwise disclose any Personal Health Information linked to your Personal Identifiable Information to any third party, unless permitted or otherwise authorized to do so, as indicated below, or following the User’s specific and informed consent.
In this context, Personal Health Information, will only be disclosed as follows:
Tests may be reviewed by a licensed physician or health professional (“Health Consultant”) affiliated with a company that we have partnered with to provide review and authorization of testing, review of the laboratory results, and counselling where applicable.
Within the clinics or health centers of our Affiliates, subject to the User’s specific written request and identity check (please note that we may ask for your passport or identity card).
You have the right to revoke the authorization at any time, provided, however, that any such revocation may not always enable us to stop the processing of the resulting data if any action has been taken by us or our authorized partners in reliance, in which case such revocation may only deploy its effects for the future. If the authorization is to permit disclosure of your information to an insurance company, as a condition of obtaining coverage, other law may allow the insurer to continue to use your information to contest claims or your coverage, even after you have revoked the authorization.
7) Anonymous data
For avoidance of doubt, we may freely use, retain and share with third parties, Anonymous Data, which are not personal by nature, or data that are aggregated or anonymized. “Anonymous Data” means data that is aggregated, anonymized or that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons.
We may use Anonymous Data to analyze requests and usage patterns so that we may enhance the content of our services and improve our Platforms. We reserve the right to use Anonymous Data and other anonymized information, for any purpose and disclose such data to third parties in our sole discretion, including for research purposes. We also may share Anonymous Data and non-Personal Data about Platforms usage with unaffiliated third parties.
We may use Anonymous Data and test results for research studies and publications. We may also use or disclose such information in accordance with legal requirements for any purpose, including for medical and public health activities.
8) International Transfers
Personal Data may be transferred to, stored and processed in countries or territories located in the European Economic Area and Switzerland.
In case we have to transfer Personal Data outside the European Economic Area and Switzerland, we shall ensure that such transfer is based on an adequacy decision from the European Commission, or appropriate safeguards, such assessing and implementing standard data protection clauses adopted by the European Commission or a Supervisory Authority, unless we obtain the User’s explicit and fully informed consent or the transfer is necessary for the conclusion or performance of a contract between us and the User.
9) Retention of Personal Data
We will keep your Personal Data for only as long as is necessary for our purposes or as required by applicable law, and in particular to protect ourselves in the event of a legal claim (for example, information relating to a contract with you will be kept for the lifetime of the contract and up to ten years after). After this period your Personal Data will be deleted or in some cases anonymised. Where we sought your consent to process your personal information and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent we will delete your personal information.
With respect to Cookies, DBS System uses both 'session cookies' and ‘permanent cookies’, which can remain on Users computers or mobile devices for different periods of time. The User can enable or delete cookies at any time as explained in our Cookie and connection data Policy .
The Platforms may use third parties such as network advertisers and ad exchanges to serve you ads on third party platforms after you leave our Platforms, and we may use third party analytics and other service providers to evaluate and provide us and/or third parties with information about the use of the Platforms and viewing of ads and of our content. Network advertisers are third parties that display advertisements, which are based on your visits to the Platforms and other apps and sites you have visited. Third party ad serving enables us to target advertisements to you for products and services that you might be interested in.
You have choices in respect of the delivery of ads. You may opt-out of receiving certain types of behavioural ads by visiting the third party websites described in the Cookie and connection data Policy. We are not responsible for effectiveness of or compliance with any third parties’ opt-out options.
11) Protecting your Personal Data
We want Users to feel confident about using our Platforms, and we are committed to make all reasonable commercial efforts to protect Personal Data we receive or collect through our Platforms and services.
We have put in place technical and organisational physical, electronic, and procedural measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, damage or destruction.
Please be aware that while we take commercially reasonable steps to safeguard the security of your Personal Data, the transmission of information over the Internet is not completely secure and therefore you do this at your own risk. Once we receive your Personal Data, we will implement commercially reasonable security procedures with the objective of preventing unauthorized access.
Where the User is asked to choose a login and password in order to access certain parts of our Platforms, the User is responsible for selecting a secure password and keeping that password confidential. The User should not share the login and password with anyone else.
We do not have the means to check the identities of people using the Platforms and we will not be liable where your password or user name is used by someone else. You are responsible for maintaining the confidentiality of Your password and user name for the Platforms and you are responsible for all activities that are carried out under them. You agree to notify us immediately at the contact information provided below of any unauthorized use of your password or user name of which you become aware.
Financial information and payment data, including credit card numbers, that you provide to us via internet bill payment link is encrypted by using secure socket layer (SSL) encryption technology. This information may be accessed only by our agents and employees who maintain password and position-required access rights, and third-party vendors who support our billing operations.
We reserve the right to take appropriate legal action, including without limitation, referral to law enforcement, for any illegal or unauthorized use of our Platforms. We also reserve the right take any action to prevent the unauthorized use of our intellectual property rights.
We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We are not responsible for loss, use or disclosure of Personal Data that occurs, notwithstanding our compliance with applicable laws.
12) Users’ rights
DBS System fully recognizes the following rights of each User subject to local applicable law:
Right to access the User’s Personal Data;
Right to rectify the User’s Personal Data;
Right to erase the User’s Personal Data;
Right to restrict the processing of the User’s Personal Data;
Right to portability of the User’s Personal Data;
Right to object the processing of the User’s Personal Data;
Where personal data are processed for direct marketing purposes, the User shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing, in accordance with the Article headed “Commercial Communications” below.
Right for the User to lodge a complaint with a supervisory authority.
We encourage you to contact us to update or correct your Personal Data if it changes or if the Personal Data we hold about you is inaccurate.
13) Withdrawal of Consent
Your use of our products and services is voluntary and based on your informed consent. You may choose to withdraw from or to stop the processing of your Personal Data at any time. Such requests should be sent to us by email at firstname.lastname@example.org or in writing at DBS System SA, Route des Avouillons 6, 1196 Gland, Switzerland.
Please note that while any changes you make will be reflected in our databases within a reasonable period of time, we may retain your information in the ordinary course of business, for the satisfaction of our legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
14) Commercial communications: How to withdraw?
Where the User has given express consent to the processing of Personal Identifiable Information to receive commercial communications or to take part into market research to improve our products or services, the User may withdraw consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before we receive your withdrawal.
If you wish to withdraw consent to the processing of Personal Identifiable Information for commercial communications or to take part into market research, please send us a written request at the address specified in the Article headed “Contact us” below. We may use email marketing software as a third-party service to control preferences or manage certain email communications. You may also unsubscribe from e-mail marketing communications sent by us at any time by sending a message to the email address mentioned in the Article headed “Contact us” or by clicking on the ‘unsubscribe’ link in any of our marketing e-mails.
Please note that should you request to unsubscribe, you may continue to receive materials for a short period while we are updating commercial communication lists.
16) Children's Privacy
18) Applicable law
If you have a concern about how we use your Personal Data, as a first step please contact us using the details set out below and we will do our best to resolve your concern. After investigating your concern, we will respond to you in writing within a reasonable time setting out our proposed remedial action. If you think we have processed your Personal Data in a manner which is unlawful or breaches your rights you also have the right to complain to the data protection authority in your place of residence or work, or the jurisdiction in which the processing took place.
19) Contact us
DBS System SA
Rte des Avouillons 6
1196 Gland, Switzerland
Email address: email@example.com
You can also use this address if you wish to request access to the Personal Data we hold about you or to unsubscribe from any further e-mail marketing communications:
* * *
Cookies and connection data policy
When using our Platforms, we may collect Information about the User’s computer or mobile device, including where available the IP address, location, operating system, log in times and browser type. We use this information to better understand how Users use our Platforms and for internal reporting purposes. We may also anonymize and then share this information with advertisers, sponsors or other businesses.
We may use website analytics tools, services and software, such as Google Analytics, to analyze traffic to the Platforms. Data collected regarding site usage is compiled in aggregate to improve the performance of the Platforms.
Some of the services that we provide are able to use information about your location. For these services, which are typically available on mobile devices or applications, you are provided with the opportunity to provide your consent to the use of location services, which, for example, process information deriving from GPS, sensors, beacons or Wi-Fi access points in order to allow you to benefit from a more personalised service. Your device will have settings that allow you to turn off these services should you no longer wish to benefit from them.
We may also collects other forms of non-Personal Data, such as browsers used to access our website, search terms used to find the website, and traffic referrals and links to our website.
20) What is a cookie?
Cookies are text files, containing small amounts of information, which are downloaded to your computer or mobile device when you visit a website or mobile application. They are used to recognise your computer as you move between pages on a website, or when you return to a website or mobile application you have visited previously. Cookies are widely used in order to make platforms work, or to work more efficiently, as well as to provide information to the owners of the platform.
Cookies collected from the Platforms are used to (1) enable certain functions and tools on the Platforms, (2) assist in the navigation of the Platforms, (3) track resources and data used on the Platforms, (4) promote DBS System’s products and services, and (5) remember computer settings.
Cookies are not permanently maintained within our tracking system. You may prevent your computer from accepting cookies by modifying the properties on your web browser; however, stopping your computer from accepting cookies may limit your web browser's functionality on the Platforms.
Cookies can remain on your computer or mobile device for different periods of time. We use both 'session cookies' and ‘permanent cookies’. Session cookies exist only while your browser is open and are deleted automatically once you close your browser. Permanent cookies survive after your browser is closed, and can be used to recognise your computer or mobile device when you open your browser and browse the internet again.
21) Categories of cookies
There are two broad categories of cookies:
First party cookies, served directly by DBS System to your computer or mobile device. They are used only by DBS System to recognise your computer or mobile device when it revisits our Platform.
Third party cookies, which are served by a third party service provider on our Platform, and can be used by the service provider to recognise your computer or mobile device when it visits other platforms. Third party cookies are most commonly used for platform analytics or advertising purposes.
Cookies can remain on your computer or mobile device for different periods of time. DBS System uses both 'session cookies' and ‘permanent cookies’. Session cookies exist only while your browser is open and are deleted automatically once you close your browser. Permanent cookies survive after your browser is closed, and can be used to recognise your computer or mobile device when you open your browser and browse the internet again.
22) What cookies are used on the Platform?
The Platform may serve the following types of cookies to your computer or mobile device:
Further detailed information about the specific cookies used on this Platform and the third parties who serve them can be found in our cookie consent tool. You can use this cookie consent tool to control your cookie preferences.
23) How to control or delete cookies
You can set your cookie preferences by using our cookie consent tool or by changing your browser settings so that cookies from this Platform cannot be placed on your computer or mobile device. In order to do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” facility).
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.eu.