1. DATA CONTROLLER

The data controller is:

Suplemint S.R.L.
36, Chemin des Ornois – 1380 Lasne – Belgium
info@suplemint.com
Company number (BCE): 0757.794.781

2. DATA COLLECTED DURING BROWSING (LOG FILES & HOSTING)

While browsing the Website, certain technical data are collected automatically :

  • IP address,
  • date and time of connection,
  • browser type and operating system,
  • pages viewed,
  • internet service provider.

These data are collected for technical, security and website-improvement purposes.

Legal basis: legitimate interest (Article 6(1)(f) GDPR)

Retention period: up to 30 days

Hosting

The Website is hosted by Shopify Inc.

The data may be hosted within the European Union and/or in Canada, a country recognized by the European Commission as providing an adequate level of protection.

3. DATA COLLECTED WHEN PLACING ORDERS, CREATING ACCOUNTS AND MAKING CONTACT

We collect personal data when you:

  • place an order,
  • create a customer account,
  • sign up for a subscription,
  • complete a form,
  • contact customer service,
  • take part in a quiz or interact with THYREN.

Data collected

  • identity (last name, first name),
  • contact details (postal address, e-mail, phone number),
  • delivery and billing information,
  • order and subscription history,
  • user preferences,
  • communications with customer service or THYREN.

Legal bases:

  • performance of the contract (Article 6(1)(b) GDPR),
  • legal obligation (Article 6(1)(c)),
  • legitimate interest (Article 6(1)(f)),
  • consent when required (Article 6(1)(a)).

Personal data are retained for as long as necessary for the purposes pursued, then archived or deleted in accordance with legal obligations.

4. DISCLOSURE OF DATA TO THIRD PARTIES

Personal data may be transferred only to providers strictly necessary for the performance of the services:

  • carriers,
  • payment providers,
  • hosting and technical tools,
  • email, SMS and customer support.

These providers are contractually bound to comply with the GDPR.

Suplemint never sells or rents your personal data.

5. PROMOTION BY EMAIL AND TEXT MESSAGE

5.1 Marketing with consent

When you have consented to it (newsletter, quiz, account creation, order), Suplemint may send you by email and/or SMS:

  • promotional offers,
  • product information,
  • educational or scientific content,
  • personalized recommendations.

Legal basis: consent (Article 6(1)(a) GDPR)

5.2 Marketing related to an existing commercial relationship

Suplemint may also send you communications regarding products or services similar to those you have already purchased.

Legal basis: legitimate interest (Article 6(1)(f) GDPR)

5.3 Unsubscription

You can unsubscribe at any time:

  • via the link included in emails,
  • via the instructions contained in SMS messages,
  • or by contacting: info@suplemint.com

6. QUIZ, THYREN AND USER INFORMATION

6.1 Collected data

As part of the quiz and the THYREN intelligent assistant, certain information may be provided voluntarily by the user, in particular :

  • personal goals,
  • lifestyle habits,
  • preferences, feelings and needs,
  • answers to well-being or nutritional questions.

These data do not constitute medical information and do not replace any professional medical advice.

6.2 Confidentiality of exchanges with THYREN

Exchanges with THYREN are strictly confidential.

Suplemint undertakes to :

  • not sell,
  • not disclose,
  • not transfer to unauthorized third parties

the individualized content of the exchanges.

Only authorized Suplemint teams may access them, in accordance with the purposes described below.

6.3 Scientific, statistical and internal marketing use

Data arising from :

  • the quiz,
  • exchanges with THYREN,
  • browsing and orders,

may be analyzed, aggregated and used by Suplemint in a non-identifying manner for the following purposes :

  • improvement of recommendations,
  • internal scientific research and development,
  • improvement of formulations and packs,
  • statistical analyses,
  • personalization of the user experience,
  • optimization of marketing and sales activities.

Legal basis: legitimate interest (Article 6(1)(f) of the GDPR) and/or consent where required.

6.4 Absence of automated decision-making

Results provided by the quiz or THYREN :

  • are provided for informational purposes,
  • do not constitute a medical diagnosis,
  • do not produce any legally or medically binding effect.

No automated decision-making within the meaning of Article 22 of the GDPR is implemented.

7. COOKIES AND TRACKERS

The Site uses cookies that are necessary for its operation, as well as cookies for audience measurement and commercial purposes.

On your first visit, a banner lets you:

  • accept them,
  • refuse them,
  • or configure non-essential cookies.

Preferences can be changed at any time.

8. ANALYSIS TOOLS (GOOGLE ANALYTICS 4)

The Site uses Google Analytics 4 (GA4) for statistical purposes.

  • anonymization of IP addresses,
  • data not cross-referenced,
  • activation only after consent.

9. DATA SECURITY

Suplemint takes appropriate technical and organisational measures:

  • SSL/TLS encryption,
  • restricted access,
  • protection against unauthorised access.

10. YOUR RIGHTS

Under the GDPR, you have the following rights:

  • right of access,
  • right to rectification,
  • right to erasure,
  • right to restriction of processing,
  • right to object,
  • right to data portability,
  • right to withdraw your consent at any time.

info@suplemint.com

You may also lodge a complaint with the Belgian Data Protection Authority.

11. Right to object

You may object at any time to:

  • direct marketing,
  • personalized marketing analysis,
  • processing based on legitimate interest.

12. CHANGES TO THE POLICY

Suplemint reserves the right to amend this policy at any time.
The applicable version is the one published on the Website on the date it is consulted.