Privacy policy
This Privacy Policy describes how Hansbiomed UK & Europe (“we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from mintpdo.co.uk (the “Site”) if you purchase our goods and service, if you supply us with goods or services or if you apply for a role with us. This Privacy Policy also includes information about the cookies we use on our Site (please refer to the ‘Cookies’ section for more information).
Contact
After reviewing this Privacy Policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at info.europe@hansbiomed.uk or by mail using the details provided below:
Hansbiomed UK & Europe, Tuition House, 27-37 St George’s Road, Hansbiomed EU, London SW19 4EU, United Kingdom
Collecting Personal Information
When you visit the Site, we collect certain information about your device, your interaction with the Site, and the information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information which relates to an identified or identifiable living individual (including the information below) as “Personal Information” (sometimes known as “personal data”). See the list below for more information about what Personal Information we collect and why.
- Device information
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processor Shopify.
- Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
- Our legal basis for processing: where your Personal Information is collected through the use of non-essential cookies, we rely on consent to collect your Personal Information and for the onward processing purpose. Please see our section on ‘Cookies’ below for further information.
- Order information
- Purpose of collection: to offer products for sale, provide products or services to you to fulfil our contract, process your payment information, arrange for shipping, provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor Shopify.
- Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number.
- Our legal basis for processing: It is necessary for us to use your Personal Information to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or a third party’s legitimate interest to a) use Personal Information in such a way to ensure that we provide the services in an effective, safe and efficient way and b) to provide you with online behavioural advertising.
- Customer support information
-
Purpose of collection: to provide customer support.
- Source of collection: collected from you
- Personal Information collected: your name and contact details, order data, your feedback/ your concern
- Our legal basis for processing: it is in our legitimate interest to use your Personal Information to ensure that we are able to help you with an enquiry and provide customer support.
-
Account information
- Purpose of collection: to set up an account for you. You may be required to register an account with us in order to gain access to certain features and functionality of our Site and/or to receive certain offers and benefits.
- Source of collection: collected from you
- Disclosure for a business purpose: shared with our processor Shopify.
- Personal Information collected: first name, last name, occupation, registration number, email address, date of birth, your MINT Sales Rep, Clinic/ Company name, phone number, mailing address (including street address, city, country, state and zip/postal code)
- Our legal basis for processing: it is necessary for us to use your Personal Information to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest to use Personal Information in such a way to ensure that we provide access to the Site and our products and services in a secure and effective way.
- Service provision information (suppliers)
- Purpose of collection: to manage our relationship with you or the organisation, to receive products and services from you or the organisation you represent and, where relevant, to provide our products and services to others.
- Source of collection: from you or the organisation you represent
- Our legal basis for processing: It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or the organisation you represent, or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the products and services that you or your organisation provides, and provide our products and services to others, in an effective way.
- Job application information (candidates)
-
Purpose of collection: for recruitment purposes, in particular, to assess your suitability for any of our positions that you apply for, to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment. We also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation.
- Source of collection: from you or a third-party recruitment agency on your behalf.
- Personal Information collected: first name, last name, date of birth, email address, telephone number, details of your education, qualifications and employment history, any other personal data which appears in your curriculum vitae or application, any personal data that you volunteer during an interview or your interactions with us, or any personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences if that information is relevant to the role you are applying for.
- Our legal basis for processing: Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions.
- We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.
- Security (visitors to our office):
- Purpose of collection: for the security measures in place at our premises, including CCTV and building access controls. There are signs in place showing that CCTV is in operation.
- Source of collection: collected from you
- Personal Information collected: name (where you are required to sign in) and image (CCTV recordings)
- Our legal basis for processing: It is in our legitimate interests to process your personal data so that we can keep our premises secure and provide a safe environment for our personnel and visitors to our premises.
Minors
We do not intentionally collect Personal Information from minors (individuals under the age of 18). If we do collect the Personal Information of minors, we will comply with all applicable laws and regulations relating to the processing of Personal Information of minors.
If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address above to request deletion.
Failure to provide Personal Information
Where we are required by law to collect your Personal Information, or we need to collect your Personal Information under the terms of a contract we have with you, and you fail to provide that Personal Information when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the Personal Information we need in order to provide the products and services you have requested from us or to process an application. In these circumstances, we may have to cancel your application or the provision of the relevant products and services to you, in which case we will notify you.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. We only share Personal Information with others when legally permitted to do so. When we share Personal Information with others, we put contractual arrangements and security mechanisms in place to protect the Personal Information shared and to comply with our data protection, confidentiality and security standards and obligations. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Behavioural Advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
- We use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- GOOGLE - https://www.google.com/settings/ads/anonymous
- BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.
Transfers outside the UK and the EEA
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR. Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
We will, where required by applicable law, implement safeguards such as Standard Contractual Clauses. Please contact us if you would like further information on the specific mechanisms used by us when transferring your Personal Information.
Personal Information may be transferred to our headquarters in South Korea where necessary for our purposes. These transfers will be made on the basis of the South Korean adequacy decision recognised by the EU and UK.
Retention
We only keep your Personal Information while it is needed for our purposes.
When you place an order through the Site, we will retain your Personal Information to comply with our legal record-keeping obligations and to honour our commitments owed to you (such as applicable warranties).
If Personal Information is only useful for a short period (e.g. for a specific activity, promotion or marketing campaign), we will not retain it for longer that the period for which it is used by us.
You may in certain circumstances have the right to request the erasure of your Personal Information.
For more information on your right of erasure, please see the ‘Your rights’ section below.
Automatic decision-making
If you are a resident of the UK or the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.
We DO engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
- Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.
Consent
Where our use of your Personal Information requires consent, you can provide such consent at the time we collect your Personal Information following the instructions provided, or by informing us using the contact details set out above.
Your rights
In the UK and EEA
If you are a resident of the UK or the EEA, in certain circumstances, you have the right to request to access the Personal Information we hold about you, to port it to a new service, limit the way in which your Personal Information is used, object to our use of your Personal Information, not to be subject to decisions based on automated processing (see “Automatic decision-making” above), and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.
A full description of the rights that apply in certain circumstances is set out below:
| Your right of access | If you ask us, we will confirm whether we are processing your Personal Information and, if so, provide you with a copy of that Personal Information (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies. |
| Your right to rectification | If the Personal Information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your Personal Information with others, we’ll let them know about the rectification where possible. If you ask us, where possible and we are required to do so, we will also tell you who we’ve shared your Personal Information with so that you can contact them. |
| Your right to erasure | You can ask us to delete or remove your Personal Information in some circumstances, such as where we no longer need it or where you withdraw your consent (where we have relied on consent as our lawful basis for processing). If we have shared your Personal Information with others, we will let them know about the erasure where possible. If you ask us, where it is possible and we are required to do so, we will also tell you who we have shared your Personal Information with so that you can contact them directly. |
| Your right to restrict processing |
You can ask us to “block” or suppress the processing of your Personal Information in certain circumstances such as where you contest the accuracy of that Personal Information or you object to us processing it for a particular purpose. This may not mean that we will stop storing your Personal Information but, where we do keep it, we will tell you if we remove any restriction that we have placed on your Personal Information to stop us processing it further. If we’ve shared your Personal Information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and we are required to do so,
we’ll also tell you who we’ve shared your Personal Information with so that you can contact them directly. |
| Your right to data portability | You have the right, in certain circumstances, to obtain Personal Information you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party. |
| Your right to object | You can ask us to stop processing your Personal Information, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your Personal Information, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your Personal Information for direct marketing purposes. |
| Your right to withdraw consent |
If we rely on your consent (or explicit consent) as our legal basis for processing your Personal Information, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the “How to Contact Us” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email. Withdrawing your consent will not impact on the lawfulness of processing that occurred prior to you withdrawing your consent. |
| Your right to lodge a complaint with the supervisory authority |
If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Information, please contact us using the contact details provided in the “How to Contact Us” section above. You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. As we are incorporated in the United Kingdom, our regulatory authority is the Information Commissioner’s Office (“ICO”). Contact details for the ICO can be found on its website at https://ico.org.uk. |
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies.
We also use similar technologies to cookies known as “web beacons”, “pixels” or “tags”. These technologies do a similar job to cookies, allowing website operators to count page views and understand how visitors interact with and respond to certain content on a webpage or email.
For the purposes of the remaining sections of this cookie notice, we refer to all cookies and similar technologies using the above features as “cookies”.
Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
Essential cookies are those cookies which a website could not operate without. Essential cookies include cookies such as login cookies and shopping cart cookies.
| Name | Function | Duration |
|---|---|---|
| _ab | Used in connection with access to admin. | 2y |
| _secure_session_id | Used in connection with navigation through a storefront. | 24h |
| _shopify_country | Used in connection with checkout. | session |
| _shopify_m | Used for managing customer privacy settings. | 1y |
| _shopify_tm | Used for managing customer privacy settings. | 30min |
| _shopify_tw | Used for managing customer privacy settings. | 2w |
| _storefront_u | Used to facilitate updating customer account information. | 1min |
| _tracking_consent | Tracking preferences. | 1y |
| c | Used in connection with checkout. | 1y |
| cart | Used in connection with shopping cart. | 2w |
| cart_currency | Used in connection with shopping cart. | 2w |
| cart_sig | Used in connection with checkout. | 2w |
| cart_ts | Used in connection with checkout. | 2w |
| cart_ver | Used in connection with shopping cart. | 2w |
| checkout | Used in connection with checkout. | 4w |
| checkout_token | Used in connection with checkout. | 1y |
| dynamic_checkout_shown_on_cart | Used in connection with checkout. | 30min |
| hide_shopify_pay_for_checkout | Used in connection with checkout. | session |
| keep_alive | Used in connection with buyer localization. | 2w |
| master_device_id | Used in connection with merchant login. | 2y |
| previous_step | Used in connection with checkout. | 1y |
| remember_me | Used in connection with checkout. | 1y |
| secure_customer_sig | Used in connection with customer login. | 20y |
| shopify_pay | Used in connection with checkout. | 1y |
| shopify_pay_redirect | Used in connection with checkout. | 30 minutes, 3w or 1y depending on value |
| storefront_digest | Used in connection with customer login. | 2y |
| tracked_start_checkout | Used in connection with checkout. | 1y |
| checkout_one_experiment | Used in connection with checkout. | session |
| checkout_session_lookup | Used in connection with checkout. | 3w |
| checkout_session_token_<<token>> | Used in connection with checkout. | 3w |
| identity-state | Used in connection with customer authentication. | 24h |
| identity-state-<<token>> | Used in connection with customer authentication. | 24h |
| identity_customer_account_number | Used in connection with customer authentication. | 12w |
Reporting and Analytics
Analytics cookies, along with other information, allow websites to calculate the aggregate number of people using a website and which features of a website are most popular. This information is generally used to improve the website and the way visitors are able to move around it.
| Name | Function | Duration |
|---|---|---|
| _landing_page | Track landing pages. | 2w |
| _orig_referrer | Track landing pages. | 2w |
| _s | Shopify analytics. | 30min |
| _shopify_d | Shopify analytics. | session |
| _shopify_s | Shopify analytics. | 30min |
| _shopify_sa_p | Shopify analytics relating to marketing & referrals. | 30min |
| _shopify_sa_t | Shopify analytics relating to marketing & referrals. | 30min |
| _shopify_y | Shopify analytics. | 1y |
| _y | Shopify analytics. | 1y |
| _shopify_evids | Shopify analytics. | session |
| _shopify_ga | Shopify and Google Analytics. | session |
| customer_auth_provider | Shopify analytics. | session |
| customer_auth_session_created_at | Shopify analytics. | session |
We use “first party cookies” and “third party cookies” in connection with our service. First party cookies are cookies placed by us to collect information about you. Third party cookies are cookies placed by third party website operators. Information about you collected by those third-party cookies will be shared with the relevant third party. Please refer to the relevant third-party website operator’s privacy notice for more details about the information they collect and how they use it.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
Please note that our Site may link to third party websites which are not operated by us. Where you follow links from our Site to the website of a third party, that website may place different cookies on your device. You should check the relevant privacy notice and/or cookie notice for more information about how that third party uses cookies.
You should be aware that applications you use to access our Site, such as your website browser, may also place cookies on your device when visiting our Site, or other websites. An example of this would be where you sign in to Google Chrome using a Google Account. We do not have control over these third-party cookies, so you will need to manage these cookies in the settings of the relevant applications.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.
Is consent needed to use cookies?
Essential Cookies – Please note that we do not need your consent to store and access essential cookies on your device, although you can still block or delete them.
Non-essential Cookies (all other cookies e.g. advertising, and social media or content cookies) – We may only store and access non-essential cookies on your device with your permission. You are not obliged to give consent to our use of non-essential cookies. If you do give your consent and then change your mind, you can block or delete them.
What technologies are used in emails?
Please note that any emails you receive from us may contain cookies to help us to see if recipients have opened an email and understand how recipients have interacted with it. Once you click on an email that contains a cookie, your contact information may subsequently be cross-referenced to [the source email] and/or the relevant cookie. If you have enabled images, cookies may be set on your computer or mobile device. Cookies will also be set if you click on any link within the email.
If you do not wish to accept cookies from any one of our emails, simply close the email before downloading any images or clicking on any links. You can also set your browser to restrict cookies or to reject them entirely. These settings will apply to all cookies whether included on websites or in emails.
In some instances, depending on your email or browser settings, cookies in an email may be automatically accepted (for example, when you've added an email address to your address book or safe senders list). Please refer to your email browser or device instructions for more information on this.]
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Complaints
As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact” above.
You have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here.
See the Your Rights section above for more information.
Last updated: 06/03/2023
OUR OFFICE
Tuition House 27-37 St George's Road, London, United Kingdom
SW19 4EU