Version Date: August 11, 2023
Please read this Policy carefully as it will help you understand what we do with the personal information that we process. Please pay special attention to the important contents of this Policy, which have been highlighted in bold form. By using or continuing to use our Services after we have updated this Policy (and we will promptly notify you of such updates), you agree to the content of this Policy (including the updated version) and to our collection, use, storage and protection of personal information about you in accordance with this Policy.
If you have any other queries regarding this Policy or our use of your personal information, please refer to our contact information at the end of this Policy.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Communications with our Website are all conducted using Secure Socket Layer (SSL) encryption technology. Through our use of SSL encryption technology, all information communicated between you and our website is secured.
○ Do not sell user contact information
○ Do not use the user's personal information or pictures for advertising without the user's consent
○ Your website must not have the primary purpose of collecting personal information from users
○ Freebies or incentives are not allowed except in the following cases:
■ Offered when a user makes a purchase
■ Be part of a marketing campaign
■ The main purpose is not to collect user personal information
1. Policy Statement
- The purpose of this Policy is to inform you of the means that we collect and process your personal information and the rights you have. We collect and process your personal information in compliance with the Regulation (EU) 2016/679 (General Data Protection Regulation, the “GDPR”) and other applicable data protection laws and regulations in your corresponding jurisdiction.
- Terms like “personal information”, “controller”, “processor”, “processing”, “profiling” and other terms defined by the GDPR are used in this Policy in accordance with the definitions given by the GDPR and are sanctioned in accordance with the GDPR.
- SiBio generally acts as a controller with respect to your personal information and determines the purposes and means in which your personal information is processed as described below. At times, SiBio may act as a processor and will process personal information on behalf of the controller, as further detailed in this Policy.
- The service providers we use may have access to your personal information. These third-party vendors collect, store, use, process and transfer personal information about your activity on our Service in accordance with their own Privacy Policies. This Policy does not apply to how third parties define personal information or how they process it. We suggest you to read their privacy policies and know your privacy rights before interacting with them.
2. Collection of Your Personal information
We collect your personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our Services, participate in activities on the Services, or otherwise contact us.
The personal information that we collect depends on the context of your interactions with us, the choices you make and the Services you use. More personal information about the categories and sources of information is provided below.
Personal information provided by you
Personal information provided while using the Website: As you evaluate whether SiBio is the right health performance technology for you, you may choose to provide us with personal information about yourself, including your name, telephone number, and email address by completing forms on our Website. On our Website, we will also collect financial data such as payment card details and bank account numbers in order to process transactions for certain services.
In some instances, you may elect to provide us with location and address information. You may also provide us with personal information about yourself when you report a problem or have a question about our services.
Personal information provided while using the APP: Certain information is required when creating an account to use our Services on the APP, such as your name, email address, and password.
In addition, in order to improve your experience with the Services, you may choose to provide additional information such as your gender, birth date, height, weight, country location, race, fitness level, sporting activities, eating habits, historical biometric data, and other fitness information. You can choose not to provide certain information, but then you may not be able to register for the SiBio or take advantage of some features of the Services.
When you apply for our Services, we need to collect your blood ketone data which is collected though our sensor.
Personal information we collected automatically
We automatically collect certain information from you when you use our Website and APP. This information does not reveal your specific identity (like your name or contact information) but may include your browser type, and internet service provider. We also collect information about your interaction with the Services, such as creating or logging into your account, or opening or interacting with the Services on your mobile device. When you use our APP, we automatically collect and store this information in service logs. This includes device models, Mac address, Wifi address, device IDs, operating system, software version, device status, network conditions, logs, IP address, location, etc. (collectively “usage data”), This information is primarily needed to maintain the security and operation of our App, and for our internal analytics and reporting purposes.
Personal information we received from third parties
In order to provide you with our advanced Services, we may also obtain information about you from affiliated companies and, partners and third parties that are legally established and legally retain information about you, with your prior consent.
Cookies and Similar Technologies
We and our partners use various technologies to collect and store information when you visit one of our services, and this may include using cookies or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services from our partners, such as advertising services. Our third-party advertising and analytics partners include Google and similar partners.
The technologies we use for this automatic data collection may include:
Web Beacons: Pages of our services or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count Users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Clickstream Data: Clickstream data is information collected by our computers when you request Web pages from the APP. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Applications, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the APP.
3. Use of Your Personal information
- (Website and App) To facilitate account creation and login process. When you create a new account or you need to login to our Website or APP in this process, in order to verify your account for the purpose of login, we will collect and store your email and password for account login. If you do not provide the above data, you will not be able to log in to the Website or the App normally.
- To manage your accounts. We may use your personal information for the purpose of managing your account and keeping it in working order.
- （Website）To present and offer our Services to you. We may use your personal information, such as your account, browsing history, financial data, etc., when you browse, subscribe, and purchase our Services.
- （Website）To deliver our products to you. After you purchase a product from us, we may use your personal information to deliver the product to you, such as your name, address.
- （APP）To provide blood ketone curve and monitoring. In order to show you your blood ketone curve and provide you blood ketone monitoring, while you are using our App, we may collect, with your prior permission:
- Bluetooth access
- Information regarding your device’s location
- Camera access
- Pictures and other information from your device's camera and photo library
You can disable these accesses to this at any time, through Phone System Settings，but it will affect the normal use of App.
- （APP）To provide you with analytical information about your health performance through the use of our APP. In order to provide our advanced Services, we may use the exercise data you authorized to third parties, your eating habits, your exercise record and the blood ketone data you provided to us. If you do not authorize, we will not be able to provide the analytical function, but it will not affect the normal use of other functions and services of our App.
- (Website and App) To request feedback. We may use your personal information to request feedback and to contact you about your use of our Services with your prior permission.
- (Website and App) To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- (Website and App) To respond to your inquiries/offer support. If you request our support for products deployment or operations, we will process the personal information needed for such support, such as email address, country, company, and device IDs. We may also process voice data upon your consent when support is offered via call center or remote.
- (Website and App) To send you marketing and promotional communications. We may process your personal information, such as email address, and other data that was either provided by you, collected from your interactions with our Services, or received from third-party sources, for the purpose of sending you marketing communications through email. We only do so based on your consent, or based on our legitimate interest, where GDPR or other applicable laws in your corresponding jurisdiction allow it.
Marketing communications include sending information about the Services you use or have shown interest in, Services similar to those you already use, new product releases, service developments, alerts, updates, terms, events, special offers and associated campaigns and promotions or prices, and may be performed either via targeted marketing e-mails or through our sales representatives, in accordance with the applicable laws.
We will seek your explicit opt-in before sending your such marketing communications, and you may at any time choose not to receive marketing communications from us by clicking on the unsubscribe link included in the email. Please note that if you opt-out from marketing communications, we may still contact you regarding your use of our Services other than marketing purposes such as to respond to your questions or requests.
- (Website and App) For other business purposes. We may use your personal information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Website, App, the Services, products, marketing and your experience. We may use and store this personal information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information without your consent.
4. Legal Bases for Processing Your Personal information
We only process your personal information when we believe it is necessary and we have a valid legal basis to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests. We may rely on the following legal bases to process your personal information:
- Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests to the extent permitted by applicable laws.
- Legal Obligations: We may process your personal information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests: We may process your personal information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Other legal basis permitted by applicable laws.
5. Share of Your Personal information
We may share your personal information in the following situations:
- With group of companies: We share personal information with our affiliates as necessary to provide the Services or perform usual business activities. Personal information shared within our group of companies are granted a GDPR level of protection. Access to personal information within our group of companies is restricted to those individuals who need to access the data for our business purposes.
- With service providers: We may share your personal information with Service Providers to monitor and analyze the use of our Service, to contact you.
- With business partners: We may share your personal information with our business partners to offer you certain products, services or promotions.
- With government authorities: We may provide personal information to government authorities as requested by public authorities, auditors or institutions competent to exercise inspections on SiBio, based on their legal obligations, which may ask us to provide information. In addition, we may provide personal information to comply with a legal requirement or to protect the rights and assets of SiBio or other entities or people, such as courts of law, or enforcement authorities.
- With your consent: We may disclose your personal information for any other purpose with your consent.
6.Disclosure of Your Personal information
We shall not publicly disclose your personal information unless it is expressly provided by the applicable laws.
7. Retention of Your Personal information
We will retain your personal information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, to perform the legal agreements entered into between you and SiBio. No purpose in this Policy will require us keeping your personal information for longer than [one months] past the termination of the user’s account.
We will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such personal information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
8. Transfer and Global Processing of Your Personal information
We have entrusted a third-party service provider to store the data you provide to us via your use of our Website in Canada. While transferring personal information to private sector organizations in the course of commercial activities, Canada is a country accredited by the EU adequacy decisions, as being able to provide adequate protection of your personal information. Your personal information which you provide to us via your use of our APP is generally stored and kept within the territory of the European Economic Area (the “EEA”). However, due to the fact that we are based in Hong Kong and our operating teams are located in Hong Kong and Mainland China, in order to provide our Services to you, your personal information may be transferred to third country outside of the EEA.
We take appropriate measures when we transfer your personal information outside the EEA to ensure your personal information remains protected and to comply with applicable data protection laws.
The bases, mechanisms, and measures we rely on include:
- Adequacy Decisions. When applicable, we may rely on EU adequacy decisions to transfer your personal information outside the EEA. When the relevant EU authority issues an adequacy decision, that means they found the third country to offer adequate protection for personal information.
- Derogations. We may transfer your personal information based on a derogation listed in Article 49 of the GDPR. We will only do so if the transfer of personal information meets specific strict conditions according to the GDPR or other applicable laws.
- Standard Contractual Clauses. We have implemented measures to protect your personal information, including by using Standard Contractual Clauses for transfers of personal information between us and our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and further details can be provided upon request.
- Supplementary Measures. When necessary, in addition to the Standard Contractual Clauses, we may adopt technical, contractual, and organizational supplementary measures to better ensure that the level of protection guaranteed by the GDPR is not undermined by the transfer.
9. Automated Decision-making
We do not envisage that any decisions will be taken about you using automated means.
10. Business Transactions
11. Security of Your Personal information
The security of your personal information is important to us, we have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. For example, we and/or our service providers use commercially reasonable security measures such as encryption, firewalls, and Secure Socket Layer software (SSL) or hypertext transfer protocol secure (HTTPS) to protect personal information. However, despite our safeguards and efforts to secure your personal information, no electronic transmission over the internet or data storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your personal information. In the case of a data breach, we will comply with the requirements of the GDPR and other applicable laws, including taking necessary remedy measures, notify the supervisory authorities and/or you, if required.
Although we will do our best to protect your personal information, transmission of personal information to and from our Website and APP is at your own risk. You should only use our Services within a secure environment. If you become aware of any breach of the terms of this Policy or of the security of the Services, please notify us by email at email@example.com.
12. Your Rights and How to Exercise Your Rights
We take your privacy seriously and provides the full suite of GDPR rights to all our users globally. Where our use of your personal information is based on your consent, you also have the right to withdraw that consent at any time (please see below for more details).
To exercise your right as data subject, please send your request to firstname.lastname@example.org, and , we will respond as appropriate and within three workdays under applicable law. We will retain your request and our response (including any supporting documentation) in compliance with applicable laws. Also, we will continue to retain and otherwise process your personal information to the extent required to comply with applicable law; or, to establish, exercise or defend our legal claims and rights.
- Be Informed. You have right to be informed about how your personal information is being used.
- Access. You have a right to access your personal information that we, or our third parties acting on our behalf, process to the extent the information does not contain personal information of another individual.
- Correction. You have a right to correct or rectify your personal information.
- Erasure. You have a right to have your personal information erased with limited exception. Specifically, you have a right to have your personal information erased if an exception does not apply and your personal information is no longer required for the purpose(s) it was collected or otherwise processed; our processing is based on your consent and you withdraw your consent; you have objected to our processing and there are no overriding legitimate grounds for processing (including but not limited to completing a transaction with you, fulfilling a contract with you, protecting against security incidents, fraud, malicious or illegal activity); we have not lawfully processed your personal information; or erasure is required under applicable law. Your right to have your personal information erased does not apply when: applicable law requires otherwise; processing is required to exercise the right of freedom of expression and information; processing is required to comply with a legal obligation; processing is required for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes to the extent permitted by applicable law and erasure will seriously impair or prevent the achievement of such processing objectives; or, processing is required to establish, exercise, or defend legal claims and rights. With respect to your personal information that is contained in our backups and is not subject to one of the preceding exceptions, we will delete your personal information permanently and securely in accordance with our schedule for the disposition of backups.
- Restrict Processing. You have a right to limit the use or otherwise temporarily restrict our processing of your personal information for a defined period of time.
- Object to Processing. With limited exceptions, you have a right to object to our processing of your personal information where the processing is based on legitimate interests pursued by us; the processing is for the purpose of direct marketing; or the processing is for scientific, historical research or statistical purposes. However, you do not have a right to object to processing where we can demonstrate legitimate grounds that override this right; the processing is required to comply with applicable law; the processing is required to establish, exercise or defend legal claims or rights.
- Withdraw Consent. You may opt out or revoke your consent to, as applicable, receive promotional communications from us by selecting the “unsubscribe” link in the promotional email we send you, by phoning us at our phone number communicated to you in the promotional email or by contacting us at the information below. Please note that, even after you opt-out or revoke your consent to receive promotional materials from us, you will continue to receive transactional messages if you have an account with us or otherwise use our Services. We may also need to retain certain information for recordkeeping purposes.
- Portability. You have a right to request the transfer of your personal information in certain circumstances. This includes data we process in an automated way based on your consent, to perform a contract with you, or to take steps you request before entering into a contract with you.
- Right to Lodge a Complaint. If you have unresolved concerns, you also have the right to complain to data protection authorities. The relevant data protection authority will be the supervisory authority located in the EU Member State that you reside in.
Please note that where we require your personal information to comply with legal or contractual obligations, provision of such data is mandatory: If such data is not provided, then we will not be able to manage the relationship, or to meet obligations placed on us. In all other cases, provision of requested personal information is optional.
Please also be noted that, before we respond to your request, we may have to ask you to provide necessary identification data in order to verify your identity. The response to your reasonable request is generally free of charge, unless such requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either refuse to act on such request or charge a reasonable fees
13. Children's Privacy
Our Services do not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from our servers.
If we need to rely on consent as a legal basis for processing your personal information and your country requires consent from a parent, We may require your parent's consent before we collect and use that data.
14. Links to Third Parties
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
15. Direct Marketing and “Do Not Track” Signals
SiBio does not track its Users over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third- party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.
We will let you know via email and/or a prominent notice on our Services, prior to the change becoming effective and update the “Version Date” at the top of this Policy.
You are advised to review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.
In the case that the aforementioned changes of this Policy consist material change to your lawful right and interest or to our obligation regarding the processing of your personal information, we would obtain your consent to this Policy by reasonable means, if it is required by the applicable laws.
17. Contact Us
- Email us at: email@example.com