Your Privacy
Privacy Policy
Privacy Policy
Effective Date: June 25, 2025
1. Introduction & Our Commitment
Welcome to Get Body Data. We are committed to protecting your privacy and earning your trust. This Privacy Policy outlines how Get Body Data B.V. ("we," "us," "our") collects, uses, stores, and safeguards your personal information when you use our website (getbodydata.com) and our related products and services (collectively, the "Services").
This policy is designed to be compliant with the EU General Data Protection Regulation (GDPR). By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. The Data Controller
For the purposes of GDPR, the entity responsible for your personal data (the "Data Controller") is:
Company Name: Get Body Data
Registered Address: Jacob van Lennepkade 43H, 1054ZG Amsterdam, The Netherlands
KVK (Chamber of Commerce No.): 95064451
VAT (BTW) number: NL005126597B11
Privacy-Related Inquiries Email: info@getbodydata.com
3. Our Lawful Bases for Processing Data
Under GDPR, we must have a valid legal reason (a "lawful basis") for processing your data. We rely on the following bases:
Explicit Consent: For processing your sensitive health and genetic data. This is "special category" data, and we will not process it without your clear, unambiguous, and affirmative consent, which we collect separately before you submit a sample. You may withdraw this consent at any time.
Contractual Necessity: We process some personal data because it is necessary to fulfill the contract we have with you. For example, we need your shipping address to send you a test kit and your email address to create your account.
Legal Obligation: We are required to retain certain information, such as financial transaction records, to comply with Dutch tax and corporate law.
Legitimate Interest: We may process some data for our legitimate interests, such as using website analytics to improve our Services, provided these interests do not override your fundamental rights and freedoms.
4. The Information We Collect and How We Use It
We collect several types of information for specific purposes:
A. Registration & Contact Information
Data Collected: Name, email address, phone number, shipping address, login credentials.
Purpose of Use: To create and manage your account, fulfill your orders, and communicate with you about our Services.
Lawful Basis: Contractual Necessity.
B. Health & Genetic Data (Special Category Data)
Data Collected: DNA test results, blood test results, microbiome data, and responses to health, lifestyle, and symptom questionnaires.
Purpose of Use: To provide our core service: generating your personalized reports, health insights, and supplement recommendations.
Lawful Basis: Explicit Consent.
C. Payment Information
Data Collected: Transaction details. Note: Payments are processed by secure third-party providers (e.g., Stripe). We do not store or have direct access to your full credit card details.
Purpose of Use: To process payments for our Services.
Lawful Basis: Contractual Necessity.
D. Technical & Usage Data
Data Collected: IP address, browser type, device data, website usage patterns.
Purpose of Use: To secure our website, analyze performance, and improve the user experience.
Lawful Basis: Legitimate Interest.
5. Data Sharing with Third Parties
We do not sell your personal data. We only share it with trusted partners under strict contractual agreements (DPAs) when necessary to deliver our Services. These include:
Certified Laboratories: To process your biological samples. They receive only a unique identifier, not your full personal details.
Secure Infrastructure Providers: For secure cloud hosting, database management, and email services.
Payment Processors: To securely handle payments.
Shipping & Logistics Partners: To deliver your test kits.
Regulatory Authorities: When required by law.
We do not sell or rent your personal or health data to third parties.
6. Data Security
We take the security of your data extremely seriously. We implement robust technical and organizational measures to protect it, including:
Encryption: All data is encrypted both in transit (using SSL/TLS) and at rest.
Access Controls: Strict role-based access controls ensure that only authorized personnel with a legitimate need can access sensitive data.
Data Pseudonymization: We pseudonymize your data where feasible, meaning we separate your personal identifiers from your health data to add a layer of security.
Third-Party Audits: We vet the security practices of our third-party partners.
While we take extensive measures, no digital system is completely infallible.
7. Data Retention
We retain your data only for as long as necessary for the purpose for which it was collected:
Account & Health Data: Your account information and the health data needed to provide your reports are retained for as long as your account is active, allowing you to access your results. Upon account deletion, this data is permanently erased from our active systems in accordance with your rights.
Financial Transaction Data: Retained for a minimum of 7 years to comply with Dutch tax and accounting laws.
Technical Data: Usage and analytics data are typically anonymized or deleted within 24 months.
8. Your Rights Under GDPR
As an individual in the EU, you have the following rights regarding your personal data:
The Right to Access: You can request a copy of the personal data we hold about you.
The Right to Rectification: You can request that we correct any inaccurate or incomplete data.
The Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, subject to any legal obligations we have to retain it.
The Right to Withdraw Consent: You can withdraw your explicit consent for the processing of your health data at any time.
The Right to Data Portability: You can request a copy of your data in a machine-readable format to transfer to another service.
The Right to Restrict Processing: You can request that we limit the way we use your data.
The Right to Object: You can object to our processing of your data under certain circumstances.
To exercise any of these rights, please contact us at info@getbodydata.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
9. Cookies & Tracking Technologies
We use cookies as detailed in our Cookie Policy. When you first visit our site, you will be presented with a consent banner to manage your cookie preferences.
10. Children's Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect data from minors. If we become aware that we have done so, we will delete it promptly.
11. International Data Transfers
While we are based in the Netherlands, we may use third-party services (e.g., labs, cloud providers) located outside the European Economic Area (EEA). When we do, we ensure your data is protected through legally approved mechanisms such as the European Commission's Standard Contractual Clauses (SCCs).
12. Changes to This Policy
We may update this Privacy Policy. Any material changes will be posted on this page with an updated “Effective Date,” and we may notify you via email. Continued use of our Services after changes are made constitutes your acceptance of the revised policy.
13. Contact
If you have any questions, requests, or privacy-related concerns, please do not hesitate to reach out:
Email: info@getbodydata.com
Phone: +31 6 18210404
Attn: Privacy Officer, Get Body Data
Effective Date: June 25, 2025
1. Introduction & Our Commitment
Welcome to Get Body Data. We are committed to protecting your privacy and earning your trust. This Privacy Policy outlines how Get Body Data B.V. ("we," "us," "our") collects, uses, stores, and safeguards your personal information when you use our website (getbodydata.com) and our related products and services (collectively, the "Services").
This policy is designed to be compliant with the EU General Data Protection Regulation (GDPR). By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. The Data Controller
For the purposes of GDPR, the entity responsible for your personal data (the "Data Controller") is:
Company Name: Get Body Data
Registered Address: Jacob van Lennepkade 43H, 1054ZG Amsterdam, The Netherlands
KVK (Chamber of Commerce No.): 95064451
VAT (BTW) number: NL005126597B11
Privacy-Related Inquiries Email: info@getbodydata.com
3. Our Lawful Bases for Processing Data
Under GDPR, we must have a valid legal reason (a "lawful basis") for processing your data. We rely on the following bases:
Explicit Consent: For processing your sensitive health and genetic data. This is "special category" data, and we will not process it without your clear, unambiguous, and affirmative consent, which we collect separately before you submit a sample. You may withdraw this consent at any time.
Contractual Necessity: We process some personal data because it is necessary to fulfill the contract we have with you. For example, we need your shipping address to send you a test kit and your email address to create your account.
Legal Obligation: We are required to retain certain information, such as financial transaction records, to comply with Dutch tax and corporate law.
Legitimate Interest: We may process some data for our legitimate interests, such as using website analytics to improve our Services, provided these interests do not override your fundamental rights and freedoms.
4. The Information We Collect and How We Use It
We collect several types of information for specific purposes:
A. Registration & Contact Information
Data Collected: Name, email address, phone number, shipping address, login credentials.
Purpose of Use: To create and manage your account, fulfill your orders, and communicate with you about our Services.
Lawful Basis: Contractual Necessity.
B. Health & Genetic Data (Special Category Data)
Data Collected: DNA test results, blood test results, microbiome data, and responses to health, lifestyle, and symptom questionnaires.
Purpose of Use: To provide our core service: generating your personalized reports, health insights, and supplement recommendations.
Lawful Basis: Explicit Consent.
C. Payment Information
Data Collected: Transaction details. Note: Payments are processed by secure third-party providers (e.g., Stripe). We do not store or have direct access to your full credit card details.
Purpose of Use: To process payments for our Services.
Lawful Basis: Contractual Necessity.
D. Technical & Usage Data
Data Collected: IP address, browser type, device data, website usage patterns.
Purpose of Use: To secure our website, analyze performance, and improve the user experience.
Lawful Basis: Legitimate Interest.
5. Data Sharing with Third Parties
We do not sell your personal data. We only share it with trusted partners under strict contractual agreements (DPAs) when necessary to deliver our Services. These include:
Certified Laboratories: To process your biological samples. They receive only a unique identifier, not your full personal details.
Secure Infrastructure Providers: For secure cloud hosting, database management, and email services.
Payment Processors: To securely handle payments.
Shipping & Logistics Partners: To deliver your test kits.
Regulatory Authorities: When required by law.
We do not sell or rent your personal or health data to third parties.
6. Data Security
We take the security of your data extremely seriously. We implement robust technical and organizational measures to protect it, including:
Encryption: All data is encrypted both in transit (using SSL/TLS) and at rest.
Access Controls: Strict role-based access controls ensure that only authorized personnel with a legitimate need can access sensitive data.
Data Pseudonymization: We pseudonymize your data where feasible, meaning we separate your personal identifiers from your health data to add a layer of security.
Third-Party Audits: We vet the security practices of our third-party partners.
While we take extensive measures, no digital system is completely infallible.
7. Data Retention
We retain your data only for as long as necessary for the purpose for which it was collected:
Account & Health Data: Your account information and the health data needed to provide your reports are retained for as long as your account is active, allowing you to access your results. Upon account deletion, this data is permanently erased from our active systems in accordance with your rights.
Financial Transaction Data: Retained for a minimum of 7 years to comply with Dutch tax and accounting laws.
Technical Data: Usage and analytics data are typically anonymized or deleted within 24 months.
8. Your Rights Under GDPR
As an individual in the EU, you have the following rights regarding your personal data:
The Right to Access: You can request a copy of the personal data we hold about you.
The Right to Rectification: You can request that we correct any inaccurate or incomplete data.
The Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, subject to any legal obligations we have to retain it.
The Right to Withdraw Consent: You can withdraw your explicit consent for the processing of your health data at any time.
The Right to Data Portability: You can request a copy of your data in a machine-readable format to transfer to another service.
The Right to Restrict Processing: You can request that we limit the way we use your data.
The Right to Object: You can object to our processing of your data under certain circumstances.
To exercise any of these rights, please contact us at info@getbodydata.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
9. Cookies & Tracking Technologies
We use cookies as detailed in our Cookie Policy. When you first visit our site, you will be presented with a consent banner to manage your cookie preferences.
10. Children's Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect data from minors. If we become aware that we have done so, we will delete it promptly.
11. International Data Transfers
While we are based in the Netherlands, we may use third-party services (e.g., labs, cloud providers) located outside the European Economic Area (EEA). When we do, we ensure your data is protected through legally approved mechanisms such as the European Commission's Standard Contractual Clauses (SCCs).
12. Changes to This Policy
We may update this Privacy Policy. Any material changes will be posted on this page with an updated “Effective Date,” and we may notify you via email. Continued use of our Services after changes are made constitutes your acceptance of the revised policy.
13. Contact
If you have any questions, requests, or privacy-related concerns, please do not hesitate to reach out:
Email: info@getbodydata.com
Phone: +31 6 18210404
Attn: Privacy Officer, Get Body Data