Privacy Policy

This data privacy policy outlines Lykon’s compliance with the requirements of Art. 12 et seq. of the EU General Data Protection Regulation (hereinafter "GDPR") and summarizes the processing of your personal data (hereinafter "data") on this website.

 

Contents

  1. Who is responsible for the processing of my data?
  2. What information is collected?
  3. What cookies are used?
  4. What data is collected and for what purposes?

4.1 Technical provision of the Website

4.2 E-mail and telephone contact

4.3 Use of the web shop

4.4 Use of the online coaching platform

4.5 Newsletter

4.6 Web tracking

  1. Who receives my data?
  2. Will my data be processed outside the EU or the EEA (third country transfer)?
  3. What privacy rights do I have?
  4. What data sources are used?
  5. To what extent is there automated decision-making?
  6. Does profiling take place?
  7. Final / Version Information













  1. Who is responsible for the processing of my data?

The entity

LykonDX GmbH

Schönhauser all 149, 10435 Berlin

Germany

E-mail: support@lykon.de

 

is responsible for the processing of your data on this website ("company"). The company processes personal data in accordance with the provisions of GDPR and the Federal Data Protection Act ("BDSG).

The data protection officer of the company can be reached at the above mailing address, with the addition "to the Data Protection Officer" or at the e-mail address:  datenschutz@lykon.de.

  1. What information is collected?

Upon visiting the website, information about the visitor’s computer is automatically logged (hereinafter "access data"). Access data includes server log files, which typically consist of information about the browser type and browser version, operating system, the Internet service provider, the date and time of the website visit, previously visited web pages and new pages requested during the current session, and the IP address of the computer. Except for the IP address, the server log files are not traceable to individuals. An IP address can become traceable to an individual if it is assigned permanently to a single connection by the individual’s Internet provider.

If you continue to use the services of the website, anonymous user profiles and / or data entered by you on the website (e.g. keywords, login information, reviews, form or contract entries, and click data) will be processed.

Some services of the website require that you provide personal information to the company. In these cases, the data you provide will be used to provide you the desired service or complete the respective task. In this case, the following personal data may be processed on the website:

 

  • If you use our online coaching platform: user data such as name, e-mail address, mailing address, health-relevant information (e.g. glucose, cholesterol, vitamin concentration, mineral balance, the amino acids or fatty acids, as well as data derived from analysis results, including predisposition for diseases, nutritional behavior recommendations, etc.), the results of your tests, your coaching information and procedure of sessions and billing data.
  • If you receive our newsletter as a non-registered user: your e-mail address.
  • If you register on our website as a so-called affiliate partner: your e-mail address and name.
  • If you participate in our referral program for friends: your e-mail address and name (optional).
  1. What cookies are used?

On the website, cookies are used. Cookies are small text files that are saved when you visit a web page on your computer. The stored cookies are associated with the browser you are using. If the corresponding web page is retrieved  again, the web browser sends back the contents of cookies, thus enabling recognition of the user. Certain cookies are deleted when you log out or close the browser session (so-called "transient cookies"). Other cookies are used for a predetermined time or permanently stored (so-called "temporary cookies" or "persistent cookies"). The deletion of these cookies will take place automatically after the time defined. Also, you can at any time delete cookies using the security settings of your browser, or configure cookies according to your wishes. However, this may mean the company is not able to offer the full functionality of the website.

Essentially, cookies make possible online identification without reference to individuals. Cookies become related to specific individuals when the data generated by the cookie are combined with other data. You can choose between cookies that are necessary for the provision of the website and cookies which are required for other purposes, such as analysis of user behavior and advertising can be distinguished.

Cookies necessary for the provision of the website include the following:

  • cookies which identify and authenticate the user;
  • cookies which temporarily save certain user input (e.g. content of a shopping cart)
  • cookies which save user preferences such as search or language settings
  • Cookies which save data to ensure the smooth playback of video and audio content.

Cookies needed for other purposes include the following:

  • Cookies used to analyze user behavior (e.g. banner ads clicked, sub-pages visited, search query data) of our users for aggregate evaluation of site statistics.

 

  1. Which data are recognized for what purposes?

The purpose of data processing can arise from technical, contractual and legal requirements as well as possibly from a consent.

We use information referred to in paragraph 2 for the following purposes:

  • to provide the website and ensure technical safety, especially to correct technical errors and to ensure that unauthorized persons not gain access to the systems of the website;
  • for audience measurement and web analytics to make the site more efficient and more interesting, and to conduct market research;
  • for communication, contractual obligations and customer care;
  • to send newsletters and / or program communication via e-mail;
  • to register and create a user account for our online coaching platform, and for the online coaching course;
  • providing online web shops and fulfillment according to our terms and conditions (https://www.lykon.co.uk/pages/terms-and-conditions)

For more information about these data-processing purposes, please consult the following sections of this privacy statement.

4.1 Technical provision of the website

4.1.1 Description and scope of data processing

For the functionality of the website, conducting safety analyses and defense against attacks, the server log files described under paragraph 2 collect data from the visitor’s computer during the use of the site for short-term storage. Data stored in the server log files does not come into content with data stored in other contexts. The company uses the server log files for statistical analysis, to analyze technical faults and to continuously improve defense against attack and fraud, and to optimize the functionality of the website.

4.1.2 Purposes and legal basis of data processing

The legal basis for the collection of server log files is Art. 6 para. 1 lit. f GDPR. In the functionality of the website, conducting safety analyses and the prevention of threats are in the legitimate interests of the company.

4.1.3 Length of storage or criteria for determining such duration

After visiting the website, the server log files - including IP address - are stored on the web server for 7 days, after which they are deleted. An evaluation during this storage period occurs solely in the case of an attack.

4.1.4 Opposition and eliminating possibility

You have the right to object to the processing of your data in the context of server log files, as far as is reasonable, for reasons arising from your particular situation. If you would like to exercise your right to object, please contact us at the contact address given in  item 1.

4.2 E-mail and telephone contact

4.2.1 Description and scope of data processing

The website offers the possibility to contact the company through an e-mail address or phone number. If you use this functionality, your e-mail address and / or phone number and your request will be sent to the company. Depending on the issue (e.g. questions about the products and services of the company, your rights as a consumer of the company’s products, etc.) your contact data may be forwarded (with the help of service providers).

4.2.2 Purposes and legal basis of data processing

The legal basis for the processing of your contact data is made on the basis of Art. 6 para. 1 lit. f GDPR. In the processing of your request and other communication, the company has legitimate interests. When contacting us to conclude a contract with the company, the legal basis for the processing of your contact data is 6 1 Art. Para. Lit. b GDPR.

4.2.3 Length of storage or criteria for determining the duration

After the processing of your request and the conclusion of your issue, you contact details will be deleted. Alternately, if you are in the process of concluding a contract with the company or pursuing a claim, your data will be stored until the contractual and / or legal obligations are met, as well as according to any statutory retention periods. Such legal retention periods depend on e.g. whether the issue is tax legislation (10 years) or commercial law (6 years).

 

4.2.4 Opposition and eliminating options

You have the right to object to the processing of your contact data, within reason pertaining to your particular situation. If you would like to exercise your right to object, please contact us at the contact address indicated in item 1. If you disagree, the communication can not be continued. Again, this differs when your contact data is stored for contractual process or pursuance of a claim.

4.3 Use of the web shop

4.3.1 Description and scope of data

The website consists of an online store, where you can purchase goods and / or services of the company. For the completion of the purchase and finalization of the contract, it is necessary that you provide your personal information. As part of the contract settlement, your data may be passed on to unauthorized third parties such as payment institutions for the purpose of payment processing. Service providers can be used for payment processing, which operate on data protection contracts solely on directives of the company. For preventing the disclosure and / or access to / by unauthorized third parties, the transmission of personal data financial data during the ordering process is encrypted.

4.3.2 Purposes and legal basis of data processing

Data processing in the context of the use of the web shop is required to handle the purchase of goods and / or services. The legal basis is Art. 6 para. 1 lit. b GDPR.

4.3.3 Length of storage or criteria for determining this duration

Due to commercial and tax law requirements, the company is obligated to store your data for a period of 6- 10 years. However, after the 2 years, the company substantially limits the data processed, to the bare minimum required by legal obligations.

4.3.4 Opposition and eliminating opportunities

The processing of your data is required for the contract. Consequently, there is no right of objection.

4.4 Use of the online coaching platform

4.4.1 Description and scope of data processing

On the website, you have the opportunity to register as a user of the online coaching platform. This service is used to provide you individual coaching recommendations (eg dietary advice or recipe suggestions), based on information about your health and your desired development goals. If you have completed one of our test kits, you can also get your test results here.

4.4.2 Purposes and legal basis of data processing

The purpose of the data processing as part of the online coaching platform is the display of individual test results, if you have used an appropriate test kit from us previously and an online coaching with a focus on nutrition and fitness. The legal basis for the processing of the data is your consent according to Art. 6 para. Lit. a.

4.4.3 Length of storage or criteria for determining the duration

At your request, your data will be deleted from the online coaching platform with immediate effect. If you do not use the platform more than four years, your data will be automatically deleted.

4.4.4 Opposition and eliminating possibilities

You can always withdraw your consent. To do so, please contact the address specified in item 1 or send an e-mail to support@lykon.de

4.5 Newsletter

4.5.1 Description and scope of data processing

The website offers the possibility to subscribe to a free newsletter. Data from the signup form is  transmitted to the company and (with the help of service providers) used to process the sending of newsletters. A transfer of your data to third parties does not take place. The sole mandatory personal data required for the newsletter is your e-mail address. A date and time stamp is also stored to show you gave consent.

If you purchase on the website products or services of the company and thereby save your e-mail address, it can subsequently be used to send a newsletter (with the help of service providers). In this case, the newsletter may market products or services of the company that are directly related to the purchased products or services

Note that the company evaluates your user behavior in sending the newsletter. For this evaluation, emails sent include so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on the site. For the analysis, the company data and web beacons linked to your e-mail address and an individual ID. The data thus obtained is used by the company to create a user profile to tailor the newsletter to you based on individual interests. The company records when you read the newsletter, which links you click in these and use these to deduce your personal interests. The company uses this data to link to actions taken by you on the website.

4.5.2 Purposes and legal basis of data processing

The processing of your data on the login screen is necessary for advertising the goods and / or services of the company. The legal basis for the processing of the data when registering for the newsletter is the consent according to Art. 6 para. 1 lit. (hereinafter called "UWG") a GDPR by reference to the § 7. 2 no. 3 law against unfair competition.

The legal basis for the processing of your data after the purchase of goods and / or services of the company Art. 6 para. 1 lit. f GDPR by reference to the § 7. 3 law against unfair competition (hereinafter "UWG" referred to). In the stock canvassing the legitimate interest of the company is located.

4.5.3 Length of storage or criteria for determining this time

The data is stored for the duration of the subscription. Following deactivation of the subscription, data will be stored to prove that the company obtained your consent for the newsletter, in compliance with data protection requirements. The same applies if you withdraw your consent.

You can always disable newsletter tracking, by clicking on the special link that is provided in each e-mail, or by otherwise contacting the company. Tracking information is stored as long as you subscribe to the newsletter. After deregistration, the company stores the data statistically and anonymously. Such tracking does not take place if the display of images is disabled in your email client. In this case, the newsletter will not be fully displayed and you may not be able to use all features. If you view the images manually, the above tracking takes place.

4.5.4 Opposition and eliminating possibilities

You can revoke your consent to the newsletter at any time by clicking on the link contained in every newsletter e-mail or by contacting that company at support@lykon.de.

You can opt out of tracking at any time by clicking on the link contained in every newsletter e-mail, or by contacting the company directly at support@lykon.de.

4.6 Web Tracking

The website includes services which optimize the user experience and enable the company to measure the reach of the web page. Your (technical) access data (see paragraph 2) is captured and analytics cookies (see paragraph 3) are used to evaluate user behavior. For web tracking, personal identification is not necessary, in principle, so that your IP address will either be shortened or not stored at all when creating an anonymous user profile. These data are not merged with other data and you always have the option of opting out. The creation of profiles containing personal data only takes place in exceptional situations and only after you have given your explicit consent.

Web tracking services are usually provided by service providers who process the data only at the request of those legally responsible for the data, and not for its own purposes. This is ensured through contracts between the company and tracking service providers. Should these service providers process your data outside the European Union or the European Economic Area (hereinafter "EU or EEA"), a so-called third country transfer must take place. This is permitted, given the service provider has proven that it can guarantee the European standard of data privacy protection or if the EU Commission has determined that the third country is safe. More details about third country transfer can be found later in this document. More information about the recipients of your data can be found in  paragraph 5.

The individual web tracking services found on the website are described in more detail below.

4.6.1 Google Analytics

The website uses Google Analytics. The provider of Google Analytics is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043. An anonymous user profile is created by Google Analytics to optimize the usability of the website. Google ensure anonymity by shortening your IP address before further processing; connecting stored data to an individual is thereafter not possible. The anonymous user profile is evaluated after transmission in order to optimize the user experience. A merger with other data from Google does not take place. Per its contract with Google Analytics, the company ensures that Google processes the data only after its transfer.

Through the use of Google Analytics, a third country transfer takes place (see paragraph 6). With a certification under the EU-US Privacy Shield, the European level of data protection is guaranteed.

For more information on data processing in Google Analytics, please see the privacy policy of Google: https://www.google.com/analytics/terms/de.html

4.6.1.1 Purpose and legal basis of data processing

The legal basis for collection and analysis of anonymous user profiles is Art. 6 para. 1 lit. f GDPR. Optimization of website usability and audience measurement are in the legitimate interests of the company.

4.6.1.2 Duration of storage or criteria for determining this duration

Data is stored for a maximum of 14 months or until you opt out of the use of Google Analytics by this website.

4.6.1.3 Opposition and opting out

You can opt out of Google’s web tracking services at any time by changing your browser settings or using one of the following links to download and install the following browser plug-ins for Google opt-out:

  • You can prevent the storage of cookies in your browser’s settings of your browser. Note this will likely restrict website functionality.
  • You can also prevent Google from collecting and processing data by downloading and installing the browser plugin at https://tools.google.com/dlpage/gaoptout. Opt-out cookies prevent future collection of data when visiting this website.

 

4.6.2 Hotjar

The website uses the service Hotjar Analytics Hotjar Ltd. on. Provider is Hotjar Ltd, Level 2 St Julians Business Center, 3, Elia Zammit Street St Julian's STJ 1000, Malta, Europe.

Hotjar Analytics creates an anonymous user profile in order to optimize the usability of the website. This anonymity is ensured by Hotjar shortening your IP address before further processing and storage, after which is not possible to connect this data with the originating individual. The anonymous user profile is evaluated after transmission in order to optimize the user experience. A merger with other data does not take place. Via its contract with Hotjar, the company ensures that Hotjar processes the data only after its transfer.

For more information on data processing in Hotjar, see the privacy policy of Hotjar:

4.6.2.1 Purpose and legal basis of data processing

The purpose is to improve the website of the company. The legal basis for collection and analysis of anonymous user profiles is Art. 6 para. 1 lit. f GDPR. Optimization of the usability of the website in the legitimate interests of the company.

4.6.2.2 Duration of storage or criteria for determining this duration

Data is stored for a maximum of 12 months, or until you opt out of the user of Hotjar on this website.

4.6.2.3 Opposition and opting out options

You can object to the use of Web tracking services at any time by changing your browser settings or using the following oinks:

  1. Who receives my data?

Within the company, access to your data is granted to those who require it for the purposes outlined in paragraph 4. Service providers engaged by the company - such as data centers, newsletter service providers, customer services, or accounts receivable - can also be granted access to your data. All these parties are contractually bound to ensure data security and confidentiality when handling of your data.

Data transmission to other recipients such as advertising partners or banks (so-called "third party") takes place when legally required or after your consent. The following third parties of the data transfer are included:

  • supplier of measurement and web analytics that measure for its own purposes, the ranges of the websites and create user profiles.
  • Credit institutions that collect your information for the purposes of payment processing via the website and process BEYOND on their systems.
  • Public bodies and institutions such as law enforcement, who need your data due for compliance or legal obligations, or for governmental access.

For more information on the data forwarded to relevant third parties, please see the individual purposes outlined in  paragraph 4 .

  1. Will my data be processed outside the EU or the EEA (third country transfer)?

As far as the service providers and / or third parties referred to in paragraph 5 process your data outside of the EU or EEA per paragraph 4, this can cause your data will be transferred to a country where there is no EU or EEA adequate level of protection can be guaranteed. Such a level of data protection can be ensured with a suitable guarantee, however. Suitable guarantee come as standard contractual clauses into account, provided by the EU Commission. You canasina copy of these paragraph 1 requestprovidedcontact on requestguarantees.Of any guarantees exceptionally can be waived if you agree or about the third country transfer for the fulfillment of your contract with the company is required. The EU Commission has recognized certain third countries as safe third countries, so that may be waived at this point of appropriate guarantees from the company.

The following service process your data outside the EU or the EEA:

  • Service can be used for the provision and the default settings of the website whose rights centers are in a third country or access from an office in a third country to the data center within the European Union or the EEA can. The company has agreed with these service providers on standard contractual clauses compliance with European data protection.
  • For the use of Web tracking service providers are used, their rights centers are in a third country or who have access to a third country to the data center within the European Union or the EEA from a branch. The services ensure a certification according to the EU-US Privacy Shield that the third country to transfer the European level of data protection is guaranteed.
  • For sending newsletters services are used, the data centers are in a third country or who have access to a third country to the data center within the European Union or the EEA from a branch. The services ensure a certification according to the EU-US Privacy Shield that the third country to transfer the European level of data protection is guaranteed.
  1. What privacy rights do I have?

You always have the right to receive information held by us about you personal data. If data about you be wrong or out of date, you have to ask for a correction the right. You also have the right to request cancellation or restriction of the use of your data in accordance with Art. 17 and Art. 18 to demand GDPR. You can still have a right to publish the information you provide in a consistent and machine-readable format entitled (right to data portability).

 

If you have given consent to the processing of personal data for specific purposes, you can always withdraw your consent with effect for the future. The revocation must be sent to the company at theunder paragraph 1 abovecontact. Consent that you have given on the website, you canunder  withdrawsupport@lykon.de.

 

In accordance with Art. 21 GDPR the right reasons, arising from your particular situation at any time to the processing of your data according to the legal basis of Art. 6 para. 1 lit. f GDPR carried to appeal. You have to insert the right at any time to the processing of your personal data for the purpose of direct marketing. The same applies to cookie storage, as long as this does not render the website inoperable.

 

You can contact the EU data privacy representatives with any complaints. Responsible for the company:

 

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstr. 219

10969 Berlin

 

You can also contact the data privacy representatives in your area.

 

  1. From which sources does data come?

All individual-related data are entered directly by the person in question.

  1. Does automated decision making take place?

Automated decision making occurs only in the online coaching platform. There, coaching recommendations such as nutrition tips and recipes are automatically generated according to your settings.

 

  1. Does profiling take place?

No profiling takes places as defined in Art. 22 (1) und (4) GDPR statt.

 

  1. Conclusion / version information

As the website is further developed and new technologies are implemented, in order to improve our service, we may need to change the details of this privacy policy. Therefore we recommended re-reading this policy from time to time. (Version 1.0 25.05.2018)



 

Trustpilot