Privacy Policy

Version: 002
Effective Date: 1st of August 2025

 

This Privacy Policy applies to all personal data we collect through our website, mobile apps, email, telephone, in-person consultations, laboratory services, and any other interaction with Art of You BV. We are Art of You BV. We are committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and share your personal data, and your rights regarding this information. By visiting our website, using our services, or providing us with your personal information, you agree to the processing described in this policy. We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make material changes, we will notify you via email or through a prominent notice on our website.

Privacy at a Glance

  • We only collect information needed to provide your personalised supplements and related services.
  • We never sell your data.
  • Health and genetic data is processed only with your explicit consent.
  • You can access, correct, or delete your data at any time.
  • We keep your data secure with encryption, access controls, and regular security reviews.
  • You can withdraw consent at any time without affecting your right to use our standard services.
     

What Personal Data We Collect

We may collect the following categories of personal data when you order products, create an account, contact us, or use our services:

  • Identity Data: name, date of birth, gender
  • Contact Data: address, email, phone number
  • Financial Data: payment information (processed securely by our payment providers)
  • Transaction Data: details of orders and payments
  • Technical Data: IP address, browser type, device identifiers
  • Profile Data: preferences, survey responses
  • Usage Data: how you use our website and apps
  • Marketing Data: your communication and marketing preferences
  • Special Categories (health, biometric, or genetic data): only with your explicit consent, e.g. lifestyle information, dietary habits, biomarker results.
    Providing health or genetic data is voluntary but may be required for personalised supplement services.

Why We Use Your Data (Legal Basis)

  • We process your personal data only when a legal basis applies:
  • To perform our contract with you (order fulfilment, customer support)
  • To comply with legal obligations (e.g. tax and accounting rules)
  • With your explicit consent (particularly for health and genetic data)
  • For our legitimate interests (e.g. service improvement, fraud prevention), provided your rights override these interests
  • To protect your vital interests in emergencies
  • For scientific and statistical research, where legally permitted and subject to safeguards

Special Categories: Health and Genetic Data

  • Processed only with your explicit consent (Article 9 GDPR).
  • Used exclusively to create personalised supplement formulations and wellness recommendations.
  • Stored separately from other personal data with enhanced security.
     

AI and Machine Learning

We may use your data in anonymised or pseudonymised form to train and improve our algorithms and recommendation systems.

  • We will never use identifiable health or genetic data for AI training without your explicit consent.
  • Where possible, we aggregate and de-identify data before use.

Data Sharing

We share your personal data only with trusted third-party providers needed to deliver our services, such as:

  • Accredited laboratories (biomarker analysis)
  • Secure payment processors
  • Delivery and logistics partners

These providers act only on our instructions and are contractually bound to protect your data.
We do not share your data with third parties for their own marketing

International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Your explicit consent, after being informed of the potential risks

Details of relevant countries and service providers are available upon request.

Data Retention

We keep your personal data only as long as necessary for the purposes for which it was collected.

For example:

  • Health data is deleted or anonymised 24 months after your last order, unless we are required by law to retain it longer.
  • Transaction and accounting data is kept as required by financial legislation.

Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time
  • Complain to your local data protection authority

You can exercise these rights by contacting us at support@artofyouniverse.life. In the Netherlands, you may also lodge a complaint with the Autoriteit Persoonsgegevens.

Automated Decision-Making

We may use automated systems to generate personalised supplement recommendations based on your health data.

  • You have the right to request human review of any decision that has a significant effect on you.

Children’s Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will delete it immediately.

Cookies

We use cookies to improve your experience, analyse usage, and remember your preferences. You can disable cookies in your browser settings, though some features may not function properly.

Marketing

We will send you marketing communications only if you have agreed to receive them.

  • You can opt out at any time via the unsubscribe link in our emails or by contacting us.
  • We will never use health or genetic data for marketing profiling without your explicit consent.

Security

We use appropriate technical and organisational measures to protect your personal data, including encryption, restricted access, and regular security reviews. We do not store full credit card details.

Updates

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. If we make material changes, we will notify you by email or through a notice on our website.