Effective: Legal

Privacy Policy

How Biosphrinse collects, uses, and protects your personal information.

Summary: We collect only the data necessary to provide our educational services. We do not sell your data. You have full rights over your information. This policy complies with GDPR (EU) 2016/679 and Canada's PIPEDA / Quebec Law 25.

1. Data Controller

The data controller responsible for your personal data is:

Biosphrinse
14 Isabella Street, Toronto, ON M4Y 1N1, Canada
Phone: +1 416-515-7223
Email: online@biosphrinse.world

2. What Data We Collect

We collect personal data only when you actively provide it to us. The categories of data we may collect include:

  • Contact information: Name and email address submitted through our contact form.
  • Message content: The text of enquiries submitted through the contact form.
  • Consent records: The fact and timestamp of your GDPR consent at form submission.
  • Cookie preferences: Your choices regarding cookie categories, stored locally in your browser.
  • Technical data: IP address, browser type, and page interaction data collected through analytics cookies (only if you consent).

We do not collect special category data (health, biometric, racial, political, or religious information). We do not process data relating to minors under 16 years of age.

3. Legal Basis for Processing

We process your data on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR): For analytics and marketing cookies, and for processing your contact form submission.
  • Legitimate Interests (Art. 6(1)(f) GDPR): For maintaining website security and preventing fraud.
  • Contractual Necessity (Art. 6(1)(b) GDPR): For processing enquiries related to educational programs or consultation bookings.

4. How We Use Your Data

Your data is used exclusively for the following purposes:

  • Responding to your enquiries and providing the educational service requested.
  • Administering and delivering personalized guidance plans or consultation sessions.
  • Improving our website and educational content (analytics, consent-based only).
  • Complying with legal obligations.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Data Retention

We retain personal data for the shortest period necessary:

  • Contact form data: Retained for 24 months from the date of your last interaction with us, or until you request deletion.
  • Consultation and plan records: Retained for 36 months to support service continuity and legal compliance.
  • Analytics data: Aggregated and anonymized within 26 months.
  • Consent records: Retained for as long as the consent is relevant, or for up to 5 years as evidence of compliance.

At the end of the applicable retention period, data is securely deleted or anonymized.

6. Data Sharing

We do not sell, rent, or trade your personal data. We may share data only in the following limited circumstances:

  • Service providers: Third-party processors (e.g., email hosting, analytics platforms) engaged under data processing agreements that prohibit independent use of your data.
  • Legal requirements: Where disclosure is required by law, court order, or regulatory authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, subject to continued data protection obligations.

Any third-party processors we engage are required to handle data in accordance with GDPR and applicable Canadian law.

7. International Transfers

Where data is transferred outside Canada or the European Economic Area, we ensure appropriate safeguards are in place — including Standard Contractual Clauses or adequacy decisions recognized by the relevant supervisory authority.

8. Security Measures

We implement technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. These include:

  • HTTPS encryption across all website pages.
  • Access controls limiting data access to authorized personnel only.
  • Regular security assessments of our systems and processes.
  • Contractual data protection obligations with all processors.

9. Your Rights

Under GDPR and applicable Canadian privacy law, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data, subject to legal retention requirements.
  • Right to restrict processing: Request that we limit how we use your data in specific circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Withdraw any consent you have given at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at online@biosphrinse.world. We will respond within 30 days. You also have the right to lodge a complaint with your applicable data protection authority.

10. Cookies

Our use of cookies is described in detail in our Cookie Policy. You can manage your cookie preferences at any time using the Cookie Settings tool available on every page.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by an updated effective date at the top of this page. We encourage you to review this policy periodically. Continued use of our website following any changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related enquiries or to exercise your rights, please contact us:

Biosphrinse
14 Isabella Street, Toronto, ON M4Y 1N1, Canada
Email: online@biosphrinse.world
Phone: +1 416-515-7223