Website Privacy Policy

This Privacy Policy is part of and incorporated into the Terms and Conditions found at www.biovica.com/terms-conditions (collectively, this “Agreement”). Biovica International AB, together with its affiliates and subsidiaries, including, but limited to, Biovica Inc. (collectively, “Biovica,” “we,” “us,” or “our”) offers  this website and other websites that now exist or may be created in the future (a “Website” or the “Websites”), including their content and site functionality, and related media and services that are or may become available through (the “Websites”) to you, the user, subject to and conditioned on your acceptance of this Agreement.

By using the Websites, you agree that you have read, understand, and are bound by this Agreement. We may, in our sole discretion, revise the Agreement from time to time by updating the Agreement, with the new terms taking effect on the date of posting. You should review the Agreement every time you use the Websites, as it is binding on you. IF YOU DO NOT INTEND TO ACCEPT THIS AGREEMENT, PLEASE DO NOT USE THIS SERVICE.

By using the Websites, you signify your consent to the collection, use, and disclosure of your personal information in accordance with this Policy, which may be revised from time to time, with new terms taking effect on the date of posting. IF YOU DO NOT CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS POLICY, PLEASE DO NOT USE THE SERVICE. You must be 18 years or older to use the Websites.

Application

This policy applies to the information you provide to Biovica through the Websites. This policy does not apply to information collected by third parties linked in any way to the Websites. We have no control over, and no responsibility or liability for, any third party’s collection, use, disclosure, or retention of the personal information that is provided directly to them, and that collection, use, disclosure, and retention is not subject to this policy.

Information We Collect

Personal and Non-Personal Information

“Personal Information” is information that can be used to identify you by itself or when it is combined with other information, such as a name, address, cellphone number, account information, financial insurance, credit card information, or e-mail address.

We may collect Personal Information from you in a variety of ways, including through a registration form, by you filling in forms or submitting information on the Websites, or by corresponding with us by phone, email, or otherwise. In order to use certain aspects of the Websites, we may require you to complete a registration form, which may require you to provide certain Personal Information and create a username and password. Upon submitting a registration form, additional information may be automatically generated such as preferences you indicate.

We may also provide you with the opportunity to provide additional information and/or suggestions to us. In connection with any such submissions, you agree to give truthful information (such as name and email address).

It is your choice whether to provide personal information to Biovica. Some information must be provided in order to participate in certain services, features, programs or activities, so the decision not to provide information might limit or eliminate certain functions of the Websites or the ability to participate.

Our primary purpose in collecting Personal Information is to provide you with a smooth, efficient, and customized experience using the Websites, and to develop our products and services to meet your needs or to otherwise conduct our business as described in the Terms and Conditions.

Do not provide personal information about others unless you are authorized or required to do so by applicable law or contract. Before supplying personal information about others, you and the person about whom you supply the information must review and consent to the Agreement. By submitting any personal information about others, you represent and warrant that you are authorized to do so and that you have made the Agreement available to the person about whom you supply the information. If applicable law allows you to supply the information without doing the foregoing, you represent and warrant that you have abided by that law and that it allows us to receive and disclose the information under this Privacy Policy without any further action on our part. You agree to indemnify, defend, and hold harmless Biovica, its affiliates, parents, subsidiaries, officers, directors, employees and agents, sponsors and supporting artists, licensors, suppliers, and associates for any failure by you to comply with this paragraph.

We also collect and process Non-Personal Information that cannot identify you either alone or in combination with other information, such as your general location and use of our products, features, and services that is automatically generated when you use the Websites.

Cookies

When you use the Websites, we or our third-party vendors may store “cookies” and other tracking mechanisms on your computer in order to facilitate and customize your use of the Websites. Cookies are a technology that installs a small amount of information on the computer’s hard drive (if your web browser permits) that can later be retrieved to identify you to us. Certain pages of the Websites and/or html email correspondence may use session cookies, persistent cookies, or web beacons to anonymously track unique visitors, save website preferences and to allow us to recognize visits from the same computer and browser.

There are several types of cookies. Cookies that are essential for the operation of the Websites (“Essential Cookies”) enable services you have specifically asked for.  These cookies remain on your device only until you close your browser after visiting the Websites. Some cookies are used to collect anonymous information on the pages visited (“Performance Cookies”). For example, we might use Performance Cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.  These cookies remain on your device only until you close your browser after visiting the Websites. Some cookies remember choices you make to improve your experience (“Functionality Cookies”).  These Functionality Cookies remain on your device for an extended period of time.  When you revisit the Websites, we recognize Functionality Cookies and remember your preferences or can automatically log you on to the Website.  Personal Information on our system may be associated with Functionality Cookies but the cookies themselves do not contain any of your Personal Information.

In general, the cookies on the Websites make your use of the Websites easier, make the Websites run more smoothly and help us to maintain the Websites securely. You are always free to decline our cookies if your browser permits, but some parts of the Websites may not work properly in that case.

Please be advised that our third-party vendors, including Google Analytics, may use cookies or similar technologies on the Websites.  By agreeing to use the Websites, you are expressly agreeing to allow Google Analytics and other third-party vendors to use cookies and/or similar technologies to collect information about you as described in their respective policies.

Device Identifiable Information

When you use the Websites, we may collect, receive, and record information on our servers that is linked to your computer or device (“Device Identifiable Information”). We collect Device Identifiable Information from you in the normal course of operating the Websites. When you visit the Websites, we may collect information about your computer that your browser sends, such as the Internet domain and Internet protocol (IP) address (which is stored by Biovica if you send an inquiry to Biovica through the Websites), your login information, browser type, operating system, date and time of page views, the particular web pages accessed, your login information, and, if you linked to the Websites from another website, the address of that other website.

As it relates to your mobile device, we may collect additional information such as the type and model, operating system (e.g., iOS, Android), carrier name, mobile browser (e.g., Chrome, Safari), applications using the Websites, and identifiers assigned to your device, such as its iOS Identifier for Advertising (IDFA), Android Advertising ID (AAID), or unique device identifier (a number uniquely given to your device by your device manufacturer), sometimes referred to as a mobile carrier ID.

We may also collect your location information, such as your postal code or the approximate geographic area provided by your Internet service provider (ISP) or location positioning information provided by the location services and GPS features of your mobile device when locating services have been enabled.

Use of Information

Biovica may use information collected on the Websites, which may include information gathered about you, for various purposes. Biovica uses personal information it collects to pursue our mission and operations, including the management of the Websites and to engage in related activities.

We may use all information for all lawful purposes, including, without limitation:

• Identification and authentication of a user;

• Improvements to the Website and related products and services;

• Research and reporting and analysis of aggregated anonymous data;

• When we receive Personal Information that is considered Protected Health Information, we may do so as a “business associate” of the healthcare provider under an agreement that, among other things, prohibits us from using or disclosing the Protected Health Information in ways that are not permissible by the healthcare provider itself, and requires us to implement certain measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information. When we act as a business associate, we may be subject to certain laws and regulations, including certain rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), that govern our use and disclosure of Protected Health Information and that may be more restrictive than otherwise provided in this Privacy Policy. For more information about our HIPAA-compliant activities, please contact privacy@biovica.com.

• IP addresses may be used for various research purposes, and/or delivering customized functionality;

• We use Personal Information, such as your browser version, IP address, referring domains, pages visited, your devices and application IDs, the nature  of your use of the Website, and cookie information, to improve the delivery of our services and related products and services, and to develop analytics and aggregated data that allow us and our business partners to utilize our services and reach out to you via our Website or otherwise;

• To conduct our business and perform related research, develop analytics, and aggregated data that allow us and our business partners to improve our products and services;

• With your permission, to contact you about products and services in which you have expressed interest;

• To ensure that content from our Website is presented in the most effective manner for you and for your computer; and

• To correspond with you (including to notify you about changes to the Website.

We may share your information in the following ways:

• We may share aggregated demographic information about our user base with select third parties. This information does not identify individual users. We may use and publicize aggregate information in any manner that does not identify you, without your consent.

• We do not sell, trade, or otherwise transfer to outside parties Personal Information we collect from you without your consent, except as described below:

• We may share aggregated data to conduct our business, to improve the delivery of our services, to develop analytics, and to enable us and our business partners to improve and promote our products and services.

• We may share Personal Information to authorized agents or third-party contracts whom we employ to perform tasks on our behalf and to the extent we need to share information with them to conduct our business or to provide our products, services, and offers to you.

• We may disclose Personal Information to third parties if we believe it is necessary to investigate potential violations of our Terms of Use, or to enforce those Terms of Use.

• We may disclose Personal Information in the circumstances described under “Legal Disclaimer” below.

• We reserve the right, but do not undertake a duty, to notify you of court orders, subpoenas or other legal process if allowed. If you do not want us to respond to legal process compelling us to disclose your information, you need to seek a valid order permitting us to refuse to disclose it and serve the order on us at least three (3) business days before the response deadline.

• We reserve the right to use, disclose, retain, share, sell and otherwise deal with all information collected via the Websites internally or to third parties, for any lawful purpose or to prevent harm to us or others. For example, and without limitation, in our discretion we may:

• Disclose information to service providers and others in order to deal with requests and questions from you; to personalize or enhance transactions; to verify, process, store, enforce, investigate and/or collect actual or potential transactions; and to assist or respond to our consultants (including auditors and lenders);

• Disclose information to government regulators, law enforcement authorities or alleged victims of identity theft, as well as voluntary disclosures; and

• Disclose any matter relating to the Websites or your account not listed in this Privacy Policy, but which is not prohibited by law from being disclosed.

We do not purport to have listed all possible disclosures that we might make. This Privacy Policy is intended to help you understand our general practices. This Privacy Policy is not a promise that your information will never be disclosed except as described above.

We generally will retain information for as long as required, allowed or for as long as we believe it useful. If you cease using the Websites, or your permission to use the Websites is terminated, we may continue to use and disclose your personal information in accordance with this Policy as amended from time to time. We do not undertake retention obligations through this Privacy Policy. We may dispose of information at our discretion without notice, subject to applicable law.

We will not use, disclose, or share your information except as described in this Privacy Policy.

Other Websites

The Websites may contain hyperlinks to other websites or Internet resources. When you click on one of those links you are contacting another website. We have no control over, and no responsibility or liability for, other websites or their collection, use and disclosure of your personal information. You may encounter third-party advertisements in connection with your use of the Websites through, for example, hyperlinked websites and advertisements. We have no control over, and no responsibility or liability for, the cookies or other technologies used in those advertisements or for the use and disclosure of information collected through advertisement cookies or other technologies that you may encounter in connection with your use of the Websites.

Privacy Policy Incorporated in Terms and Conditions of Website

Your use of the Websites is governed by the Biovica Terms and Conditions, available at https://www.biovica.com/terms. The Terms and Conditions contain important provisions, including provisions disclaiming, limiting, or excluding the liability of Biovica for your use of the Websites and provisions determining the applicable law and exclusive jurisdiction for the resolution of any disputes regarding your use of the Websites. Each of those provisions applies to any disputes that may arise in relation to this Privacy Policy and the collection, use, and disclosure of your personal information and are of the same force and effect as if they had been reproduced directly in this Privacy Policy.

What Steps Are Taken To Keep Personal Information Secure?

Keeping secure the personal information that we collect is of great concern to us. We exercise care in providing secure transmission of your information from your computer to our servers in connection with the Websites. Personal information collected by the Websites is stored in secure operating environments that are not available to the public. While Biovica has mechanisms in place to safeguard your personal information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure and we will not be responsible for any damage that results from a security breach of data or the unauthorized access to or use of information, whether Personal Information or Device Identifiable Information. To the extent we provide your Personal Information to any third parties, we will request that they use reasonable security measures to protect your information. If you create copies of information from the Website, we cannot protect the security and privacy of the information contained in such copies.

All data gathered by the Websites are stored by us in a password-protected database. Only we and our hosting provider, if any, have access to this database. We will protect Personal Information provided to us by using security safeguards against loss, theft, access, disclosure, copying, use, or modification. Although we and our hosting provider(s) implement standard security protections, the internet is not completely secure, and we cannot guarantee the physical or electronic security of the servers and database on which the Websites are hosted.

Special Notice to California Residents

This section only applies to individuals who are residents of California, where the resident is acting in their own capacity and not acting on behalf of a company or organization in the context of business activities.

California Shine the Light Law

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits our customers who are California residents to request and obtain from us once a year, free of charge, information about Personal Information we disclosed to third parties for direct marketing purposes in the preceding calendar year. If you are a California resident and would like a copy of this notice, please send an e-mail to privacy@biovica.com or write to us at Privacy Officer, information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.

California Consumer Privacy Act (“CCPA”)

The CCPA provides California residents with specific rights regarding their Personal Information. This section of our Privacy Policy describes those CCPA rights and explains how to exercise those rights.

The categories of Personal Information that we collect from you can be found in the “Information We Collect” section above.

The business or commercial purposes for which we use the categories of Personal Information we collect can be found in the “Use of Information” section above.

Notice of Information Processed

The chart below provides an overview of our Personal Information collection practices for California residents, and includes terms defined under the CCPA, including but not limited to the categories of information listed.

California Residents’ Rights

Under California laws including the CCPA, California residents have the following rights (“Rights”) listed below. Your Right to Access and Right to Deletion are not absolute and are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us, or the security of the business’s systems of networks.

• Disclosure & Access Rights: California residents have the right to request in writing from a business, (i) a list of the categories of Personal Information, such as name, address, email address, and the type of services provided to the customer, that a business has disclosed to third parties (including Independent affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third parties. In addition, California residents have the right to request that we disclose to them (i) the categories of Personal Information we have collected about them, (ii) the categories of sources from which Personal Information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared Personal Information, and (v) the specific pieces of Personal Information we hold about an individual.

• Deletion Rights: California residents have the right to have their Personal Information deleted, unless the Personal Information is necessary for the business or service provider to:

• complete a transaction for which the Personal Information was collected, provide a good or service requested by the resident or otherwise perform a contract between the business and the resident;

• detect security incidents;

• protect against malicious, deceptive, fraudulent or illegal activity (or prosecute those responsible);

• debug to identify and repair functionality errors;

• exercise or ensure the right of another to exercise free speech or another legal right;

• comply with the California Electronic Communications Privacy Act, which compels the production of or access to electronic communication information or electronic device information with a search warrant;

• engage in research in the public interest (if the resident has provided informed consent);

• to enable solely internal uses aligned with the resident’s expectations given their relationship with the business;

• comply with a legal obligation;

• otherwise use the information internally in a lawful manner compatible with the context in which the resident provided it.

• Do Not Sell: Californian residents have the right to opt-out of having their Personal Information sold. California residents acting on behalf of a company or organization in the context of business activities will also have the right to opt-out.

Californians can exercise their privacy rights by contacting us at the address below.

Response Time. We will handle request under applicable law in California. When a request is made, we may verify your identity to protect your privacy and security. We will respond to written rights requests within 45 days following receipt at the email or mailing address listed. If we receive your request at a different email or mailing address, we will respond within a reasonable period of time. Please note that, under California law, we are only required to respond to each customer twice per calendar year.

SPECIAL NOTICE FOR INDIVIDUALS LOCATED IN THE EEA, UK, OR SWITZERLAND

This section applies to individuals using or accessing the Websites while located in the European Economic Area, the United Kingdom, or Switzerland (collectively, the “Designated Countries”) at the time of data collection.

We may ask you to identify which country you are located in when you use or access some parts of the Website, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to individuals in the Designated Countries.

International Transfer

Biovica entities and third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as your country of residence. Irrespective of which country your personal data is transferred to, we would only share your personal data under a strict “need-to-know” basis and under appropriate contractual restrictions (such as Biovica’s Binding Corporate Rules and EU Standard Contract Clauses).   You may request a copy of Biovica’s Binding Corporate Rules and/or Biovica’s EU Standard Contract Clauses by contacting Biovica at info@biovica.com.

Binding Corporate Rules

Biovica complies with its legal obligations in relation to personal data by creating a set of “Binding Corporate Rules” (BCRs). The BCRs set out Biovica’s data privacy commitments in respect of personal data that is transferred internationally. You can find out more about these commitments by writing to info@biovica.com. The BCRs and any rights arising under them do not apply to personal data originating in the U.S.A.

Our relationship to you. Biovica is a data controller with regard to personal information collected from individuals accessing or using its Websites. We act as a Processor with regard to personal information collected as part of tests or diagnostics rendered pursuant to a contract with a controller (e.g., a medical professional, pharmaceutical company, etc.) in accordance with the GDPR.

Legal bases for processing your personal information when Biovica is the Controller. We rely on the following Legal Bases under the EU General Data Protection Regulation in processing your personal information:

• Interest (for example, to provide and maintain the Website, to maintain the security of the Website, and to attract new customers, to maintain demand for the Website, all of which are described in the “Use of Information” section above).

• In some cases, we may have a legal obligation to process your personal information to comply with relevant laws (for example, processing payroll and tax information to comply with relevant employment and tax legislation); or processing is necessary to protect your vital interests or those of another person (for example, obtaining health-related information during a medical emergency).

• Marketing. If you are in the Designated Countries, we will only contact you by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or your consent. If you do not want us to use your personal information in this way, please click the unsubscribe link at the bottom of any of our email messages to you or contact us at privacy@biovica.com.  You can object to direct marketing at any time and free of charge.

Individual rights. Individuals located in Designated Countries have the following rights:

• You can request access to or deletion of your personal information.

• You can correct or update your personal information, object to processing or your personal information, ask us to restrict processing of your personal information or request portability of your personal information.

• If we collected and processed your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of the processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

• You have the right to complain to ICDR-AAA, under our Privacy Shield certification about our collection and use of your personal information.

If you would like to exercise your rights under applicable law where Biovica is acting as the Controller (for example, for personal information collected on or Website), please contact us at privacy@biovica.com. We may limit your individual rights requests: (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; or (d) where the request is frivolous or unrealistic.

If we have collected your personal information as a Processor in conjunction with our tests or diagnostics, you must contact the Controller to exercise your individual rights under the GDPR should and refer to the controller’s privacy policy for more information.

If you believe we have infringed or violated your privacy rights, please contact our Privacy Officer at privacy@biovica.com so that we may resolve your dispute directly. We will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy.

Privacy Shield. Biovica participates in and has certified its compliance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, UK, and Switzerland to the United States, respectively. Biovica is committed to subjecting all personal information received from the EEA, UK, and Switzerland, in reliance on the Privacy Shield Frameworks, to the Framework’s applicable Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.

Biovica is responsible for the processing of personal information it receives under the Privacy Shield Frameworks, or subsequently transfers to a third party acting as an agent on its behalf. Biovica complies with the Privacy Shield Principles for all onward transfers of personal information from the EEA, UK, and Switzerland to the United States, including the onward transfer liability provisions.

Biovica commits to resolve complaints about the processing of EEA, UK, or Switzerland data subjects’ personal information in compliance with the Privacy Shield Principles. Individuals with inquiries or complaints regarding this Privacy Policy should first contact Biovica at privacy@biovica.com.

If you have an unresolved complaint or dispute arising under the requirements of Privacy Shield, we agree to refer your complaint under the Framework to an independent dispute resolution mechanism. Our independent dispute resolution mechanism is ICDR-AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR- AAA are provided at no cost to you. You also have a right to lodge a complaint with the appropriate supervisory authority.

With respect to personal information received or transferred pursuant to the Privacy Shield Frameworks, Biovica is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Biovica may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Legal Disclaimer

We may disclose the information we collect from you in the following circumstances:

• As required by law;

• If we believe that disclosure is necessary to protect ours or others’ rights, property, or safety;

• To comply with a judicial proceeding, court order, or legal process served on us or the Websites;

• In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;

• If Biovica or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or

• In connection with any other actual or proposed corporate transaction or insolvency proceeding involving all or part of the business or assets to which the information pertains. Those who choose to provide Personal Information outside Sweden and/or the United States, as applicable, do so on their own initiative and at their own risk and are responsible for compliance with all applicable laws and regulations.

By using the Websites, you consent to having any Personal Information you provide to us transferred to and processed in Sweden and/or the United States, as applicable. BECAUSE SOME JURISDICTIONS DO NOT PERMIT CERTAIN LIMITATIONS OR DISCLAIMERS OF LIABILITY, THESE LIMITATIONS MAY NOT APPLY TO YOU.

Contacting Us

If you have any questions about this Privacy Policy or other matters that relate to it, you may contact us at:

Biovica International AB
Dag Hammarskjölds väg 54B
Uppsala Science Park
752 37 Uppsala, Sweden

or:

Biovica Inc.
6195 Cornerstone Court E
Suite 101
San Diego, CA 92121
USA