PRIVACY POLICY

PRIVACY POLICY

 

This page was last updated on 23 December 2024.

 

Article 1.   Introduction and scope

 

This Privacy Statement (the 'Statement') applies to the processing of your personal data collected through the use of the website https://www.4gold.eu (the 'Website'), the mobile application for personalised supplements (the '4HEALTH App'), or as a result of any other services provided by the limited liability company under Belgian law " Nutribam", with registered office at Leeuwerikenlaan 5, 2390 Malle, registered with the Crossroads Bank for Enterprises under number 0674.721.904 (RPR Antwerp, Antwerp division) (hereinafter "4Gold", "we" or "us").

 

4Gold considers the protection of privacy very important and wants to inform, respect and give you - as a visitor to the Website, user of the 4HEALTH App and/or purchaser of our services and products - as much control as possible over what happens to your Personal Data and your privacy.

 

Your Personal Data and your privacy are protected by 4Gold in accordance with Belgian and European regulations, including (i) the Regulation (EU)2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "AVG") and (ii) the Belgian Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. All capitalised terms not defined in this Declaration shall have the meaning as defined in the AVG.

 

For the Personal Data you provide us via the Website, 4HEALTH App or otherwise, 4Gold is the Controller within the meaning of the AVG. By visiting the Website, using the 4HEALTH App, purchasing 4Gold's products and/or services, or communicating with 4Gold, you agree (by sharing your Personal Data or via an express opt-in) to this Privacy Statement and thus to the way 4Gold collects and Processes your Personal Data.

 

Please read this Declaration very carefully. It describes not only your rights, but also how to exercise them.

 

Article 2. Definitions

 

In the context of the provision of services, "personal data" qualifies as any information we collect and process about our users and customers that can be traced back to an identified or identifiable natural person. This term is to be understood broadly and includes, for example, your name, your date and place of birth, your mobile phone number, your address as well as other information related to your physical, mental, economic or cultural condition when these can be linked to you. Exactly which Personal Data is all collected and processed by us is further explained below.

 

The "processing" of Personal Data means, inter alia, the automated operation or series of operations such as the collection, recording, organisation, structuring, storage, updating or modification, retrieval, consultation, use, dissemination or making available by any means, assembly, combination, archiving, erasure, anonymisation or ultimate destruction of Personal Data.

 

Article 3. Principles of data collection

 

The following principles will be observed when processing your Personal Data:

 

  • Personal Data will be obtained and processed lawfully, fairly and transparently;
  • Personal Data will be processed only for specified, explicit and legitimate purposes;
  • Care will be taken to ensure that Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • The Personal Data will be kept accurate and, where necessary, updated;
  • Personal Data will not be kept longer than necessary for the purpose(s) for which it was obtained;
  • Personal data is kept safe and secured;
  • We are responsible for and can demonstrate compliance with obligations under data protection legislation; and
  • Respond to requests from data subjects to exercise their data protection rights;

 

Article 4. What Personal Data are collected and processed?

 

Depending on the services you purchase or the parts of the Website and 4HEALTH App you visit and use, 4Gold processes different types of Personal Data. The Personal Data below are processed by 4Gold when you visit and use the Website and/or the 4HEALTH App:

 

Profile information

First name, last name, address, e-mail address, phone number, VAT number, company name, etc.

 

Financial information

Bank account number, IBAN, credit card details, etc.

 

 

Medical information

Body substances (saliva, cheek mucosa, blood, bowel movements), raw physical and medical data (lifestyle data, i.e.: sleep pattern, sports, stress, eating habits, diet) and body measurements (weight, height, heart rate measurements, body temperature).

 

History and logs

Browsing behaviour, date and time the Website was visited, date and time of registration on the Website, shopping basket information, etc.

 

Technical information

Data from computers, phones or other devices you use the Website or the 4HEALTH App with, your IP address, browser type, etc.

 

 

Cookies

For more information, see our Cookie Policy

 

Where Personal Data of a third party is disclosed through the Website or for the purpose of visiting the Website, the person transmitting the Personal Data warrants that he or she has informed that third party and obtained all necessary consents to share the Personal Data of that third party through the Website.

 

Article 5. What is the purpose and basis of processing your Personal Data?

 

The purpose and basis of processing your Personal Data depends primarily on the category of Personal Data in question. Below is an overview of the purpose and basis of the different Personal Data we process.

Profile information

Target

Profile data is collected when you create a profile on the Website or 4HEALTH App, to be able to use the 4HEALTH App, to process orders you place on the Website, to keep the Website and 4HEALTH App functioning properly and to send e-mails regarding promotions, offers, products, etc.

Basic

Performance of the contract and legitimate interest

 

Financial information

Target

Financial information is collected by Mollie (the third-party, specialist provider and operator of payment services and payment platforms, as described in 4Gold's Terms and Conditions) for the processing of orders you place on the Website, specifically the processing of payments, etc.

Basic

Performance of the contract and legitimate interest

 

Medical information

Target

Medical information is collected for performing your DNA and/or stool analysis and preparing the DNA summary report. Medical information is also collected for supplementing your existing DNA analysis and further tailoring the recommendations to your profile.

 

Medical information is also used to improve our services and the operation of the 4HEALTH App. This includes using medical information in aggregate form to improve our algorithms responsible for recognising patterns in this medical information. Based on these algorithms, we provide users of the 4HEALTH App with health insights and recommendations on nutrition and supplements.

Basic

Explicit consent

 

History and logs

Target

Data related to history and logs are collected to ensure d e proper functioning and personalisation of the Website and 4HEALTH App, for analysis and to send you emails to "continue shopping" when certain products remain in your shopping cart.

Basic

Legitimate interest

 

Technical information

Target

Technical information is collected to personalise the Website and for location-based services.

Basic

Legitimate interest

 

Cookies

For more information, see our Cookie Policy.

 

Below we describe in detail each basis for Processing that applies:

 

The legitimate interest as a basis is justified with regard to technical information and history and logs as it is important for 4Gold to adapt and improve its Website based on that information. The fact that 4Gold processes this information also ultimately benefits users.

 

For some specific processing activities, we request your consent. The consent you give is free at all times and you have the right to withdraw it at any time. A withdrawal of consent does not affect the processing of Personal Data (i) prior to such withdrawal and - in case of Personal Data for which another processing ground is available - (ii) on​​ basis of a legitimate reason for processing Personal Data (iii) in case of a legitimate interest in processing.

 

The above Personal Data may be provided directly by you, or may be collected by our business partners (e.g. contact details of healthcare companies) and/or customers (pseudonymised health and biometric data), or other third parties. The foregoing reasons may not be exhaustive and 4Gold has the right at any time to process your Personal Data for a​​ other legitimate reason. In such cases, 4Gold will notify you of that reason as soon as possible and to the extent your consent is required, request your consent before commencing the processing. An update to this Statement may constitute such notice.

 

Article 6. Receiving and sharing personal data

 

4Gold receives your Personal Data, including when:

  • you visit the Website or 4HEALTH App;
  • you register on the Website or 4HEALTH App;
  • you contact 4Gold via the Website or by other means such as e-mail;
  • you place orders via the Website or by other means such as e-mail; and
  • you provide medical data to 4Gold to use its services, such as the 4HEALTH App, or when you connect a personal device that records your data to the 4HEALTH App.

4Gold applies the principle of minimum data processing when processing your Personal Data and shares your Personal Data with third parties only when necessary for the proper functioning of the Website or for the performance of your agreement with us.

 

Processors and sub-processors of 4Gold always act under the responsibility of 4Gold. If 4Gold uses processors or sub-processors, this will always be done under a processor agreement that meets the requirements of the AVG and protects your Personal Data as much as possible. In doing so, 4Gold will ensure that the processors and sub-processors have taken the required technical and organisational measures for processing your Personal Data.

 

Furthermore, 4Gold refrains from sharing or disclosing your data with third parties except in the cases below:

 

  • Personal Data may be shared with third-party service providers to whom 4Gold has outsourced certain processing activities. In any case, they will be limited to processing your Personal Data in accordance with our instructions and a data processing agreement will be concluded, obliging them to comply with all obligations imposed by applicable data protection legislation
  • If required by applicable laws or regulations.

 

 

Your personal information may be shared or transferred to the following entities and for the following purposes:

Entity

Responsibility

Google Analytics

The Personal Data is transferred to optimise the Website.

 

Klaviyo

Personal Data is transferred to send direct marketing messages.

 

Active Ants BV

Personal Data is transferred to process your order through the Website.

 

Shopify payments

Personal Data is transferred to process your order through the Website, including to process payment for your order.

Shopify Payments is considered responsible for processing your financial data.

 

Mollie BV

Personal data is transferred to process your order through the Website, including to process the payment of your order. Mollie is considered responsible for processing your financial data.

 

Laboratories and (genetic) experts

The Personal Data is transferred to perform your DNA analysis and compile the DNA.

 

Hosting Partner of 4HEALTH App

The Personal Data will be transferred to our hosting partner to store and display 4HEALTH App data online.

 

This list will evolve and be updated regularly. An updated version will be made available if any changes are made.

 

If you are redirected to another website, platform or application via the Website, different terms and conditions, privacy and cookie policies may apply. You should take into account the terms and conditions, privacy and cookie policies of those other applications, websites or platforms. We encourage you to read these terms and conditions, privacy and cookie policies of the other applications, platforms and websites you visit.

 

Article 8.     Direct marketing

 

4Gold may use your Personal Data for direct marketing purposes in accordance with the restrictions thereon in the AVG to the extent you have given your consent. This way 4Gold can keep you informed about its products, updates, events, etc. You may withdraw your consent at any time or object, free of charge, to the processing of your Personal Data for such marketing purposes.

 

For these direct marketing purposes, including profiling related to direct marketing, you have the right to object free of charge at any time by sending an e-mail to privacy@4gold.eu.

 

Article 9.   Transfer of Personal Data to countries outside the European Economic Area (EEA)

 

In principle, 4Gold does not transfer your Personal Data to countries outside the EEA. However, it is possible that 4Gold - through its sub-processors or processors - does transfer your Personal Data to countries outside the EEA. In this case, 4Gold will only transfer your Personal Data outside the EEA in accordance with applicable legislation (such as Chapter V of the AVG) (e.g. model contract clauses, binding corporate rules, codes of conduct, decisions declaring the level of protection to be adequate, and a data transfer assessment, etc.). In doing so, 4Gold will impose the same obligations on processors or sub-processors outside the EU as those located within the EU in terms of technical and organisational protection of your Personal Data.

 

Article 10. How will my personal data be stored?

 

4Gold applies the following retention periods for your Personal Data:

Profile information

Maximum 5 years after you have made your Personal Data available on our Website or 4HEALTH App, or a longer retention period if and as long as you do not delete your profile or 4Gold has a legitimate interest.

 

Financial information

The duration determined by Mollie and Shopify Payments.

 

 

Medical information

Maximum 5 working days after you send an email to 4Gold confirming that you have received your DNA analysis by 4Gold.

 

The medical information collected through the use of 4HEALTH App will be kept for as long as you have an account in the 4HEALTH App and at the latest until you withdraw your consent to the processing of this Personal Data.

 

History and logs

A maximum of 5 years after you have made your Personal Data available on our Website, or a longer retention period if and as long as 4Gold has a legitimate interest or is required to do so pursuant to a legal provision.

 

Technical information

Maximum 5 years after you have made your Personal Data available on our Website, or a longer retention period if and for as long as 4Gold has a legitimate interest or pursuant to a legal obligation.

 

Cookies

For more information, see our Cookie Policy.

 

Article 11.   How will my Personal Data be protected?

 

4Gold has implemented appropriate technical and organisational measures and safeguards to process your Personal Data in accordance with applicable Belgian and European regulations, and in particular, without limitation, to protect your Personal Data from loss, misuse or unauthorised modification. 4Gold uses a team of technicians, automated systems and advanced technology such as:

  • Secure Socket Layer (SSL) technology protects information by using server authentication and data encryption;
  • Data is stored in a secure data centre;
  • All passwords are encrypted;
  • Credit card or bank account information is processed by Mollie in accordance with secure protocols and other security measures established by Mollie;
  • All transactions are processed through a gateway provider and are not stored or processed on our servers.
  • Entering into processor agreements with suppliers;
  • ...

4Gold makes all reasonable and appropriate efforts to maintain the confidentiality of your Personal Data.

 

Despite 4Gold's aforementioned measures, you should be aware that there are always risks associated with sending Personal Data over the Internet. The security and protection of your Personal Data can never be fully guaranteed.

 

Article 12.        What rights do I have?

 

If and to the extent provided by applicable Belgian and European regulations, you have the right:

  1. to a confirmation whether or not 4Gold processes your Personal Data and, if applicable, to access the Personal Data that 4Gold processes;
  2. to correction by 4Gold, without undue delay, of inaccurate or incomplete Personal Data;
  3. to withdraw your consent to the processing of your Personal Data at any time;
  4. To have your Personal Data erased by 4Gold;
  5. to obtain and transfer your Personal Data to another controller or processor;
  6. to obtain from 4Gold the restriction of the processing of your Personal Data to the extent possible;
  7. to have your Personal Data transmitted in a structured, commonly used and machine-readable format;

to oppose the processing of your Personal Data and the use of your Personal Data, including for direct marketing purposes.You can exercise these rights by contacting the data protection officer at and providing him/her with a copy of your identity card (on which preferably no national register number is visible).

 

If and to the extent provided for in applicable Belgian and European regulations, you have the right to lodge a​​ complaint with the competent supervisory authority if the processing of your Personal Data violates applicable regulations. In Belgium, this is the Data Protection Authority

 

www.dataprotectionauthority.be

Rue du Printing Press 35, 1000 Brussels

+32 (0)2 274 48 00

contact@apd-gba.be

 

Article 13.        Amendments to the Declaration

 

4Gold may amend this Statement at any time. The top right-hand corner of the Statement displays the date of the last amended version. Changes will be posted on the Website so that you are always aware of what information 4Gold collects, how 4Gold uses it and how 4Gold shares it.

 

Amended versions of this Declaration will come into force ten (10) days after publication on the Website and will be submitted for approval at any time, if necessary.

 

Article 14.        Authorisation for release

 

You acknowledge, confirm and expressly agree that 4Gold may disclose your Personal Data if required to do so by law or if 4Gold determines in good faith that such disclosure is required to:

  1. comply with any ongoing judicial investigation, court order or legal process relating to the website;
  2. respond to claims against 4Gold in relation to Personal Data that violate the rights of third parties;
  3. protect the rights, property and safety of 4Gold, its employees, users and the public.

4Gold may disclose your Personal Data to competent police or judicial authorities or other government agencies if necessary or required in the context of an investigation of fraud, intellectual property infringement or any other harmful activity, or if 4Gold reasonably suspects that such activity may expose 4Gold or yourself to liability.

 

Article 15.        Liability

 

If 4Gold has lawfully disclosed your Personal Data to a third party (other than a Processor or Subprocessor), 4Gold shall not be liable for any unlawful processing or use by that third party.

Under no circumstances does 4Gold accept responsibility or liability for any direct or indirect damage arising from any error or unlawful use of Personal Data by a third party (other than a Processor or Subprocessor).

4Gold is also not liable if third parties process or use your Personal Data unlawfully and 4Gold has taken appropriate technical and organisational measures to prevent such unlawful processing or use

 

 

Article 16.        Applicable law and jurisdiction clause

 

This Declaration shall be governed, interpreted and implemented in accordance with Belgian law, which is exclusively applicable to any dispute.

 

The courts of Antwerp, section Antwerp, Belgium, shall have exclusive jurisdiction to adjudicate any dispute that may arise from the interpretation or performance of this Declaration, subject to the right of the consumer to submit a​​ dispute to the competent court on the basis of a mandatory provision of law.