Integritetspolicy

As the data controller, Alba Health AB ("The Company," "we," or "us") is committed to ensuring that all processing of your personal data is carried out in accordance with the General Data Protection Regulation (GDPR). This personal data policy provides detailed information on the personal data we process, the purpose of such processing, and outlines your rights and how to exercise them. Additionally, we explain the measures we undertake to ensure the secure processing of your personal data.

Personal data refers to any information, whether direct or indirect, that pertains to a living individual. This includes but is not limited to names, addresses, photos, encrypted data, and electronic identifiers such as IP numbers. We exclusively process your personal data. Processing encompasses various activities, such as data collection, storage, registration, organization, compilation, transfer, or deletion.

Data Controller and its Responsibilities:

Alba Health AB, registered under Swedish organization number 559445-0198, assumes the role of data controller for the company's personal data processing. This signifies our responsibility to process your personal data in compliance with applicable privacy laws, including the GDPR. If we engage a service provider to process your personal data, that provider is recognized as a personal data processor.

Personal Data Processing:

Data collected will be stored with necessary safety measures taken to protect the data processed. This will be done in accordance with GDPR and applicable regulations to ensure that only Alba Health, our representatives and collaborators will have access. Your personal identifiable data will be completely separated from any questionnaire & health data and the keys will not be shared with external collaborators outside of Alba Health. We store the data in the EU. In certain cases, we may engage personal data processors located outside the EU/EEA to handle the collected personal data. Before transferring personal data to these third parties, we implement appropriate protective measures to ensure they have adequate security measures in place. This includes assessing whether the European Commission has issued an adequacy decision for the recipient country. Where no adequacy decision exists, we ensure that appropriate safeguards are implemented, such as the use of the European Commission’s Standard Contractual Clauses and, where relevant, supplementary technical and organisational measures such as encryption, access controls, and risk assessments to ensure an adequate level of protection for the personal data.

For the purposes of the GDPR, Alba Health will be a data controller. The GDPR requires that we have a lawful basis for processing personal data about you. For this product, you have given your consent.

According to the GDPR you have a number of rights. You have the right to access the data about you free of charge, and you can request corrections if needed. You can also ask for the deletion of your data or restrict its processing. For further info about your rights, see: https://www.imy.se/en/organisations/data-protection/this-applies-accordning-to-gdpr/the-data-subjects-rights/

If you want to exercise your rights or have any questions related to your rights, please contact Alba Health. The Data Protection Officer can be reached via email (see contact details below). If you are dissatisfied with how your personal data is handled, you have the right to file a complaint with the Swedish Data Protection Authority, which is the supervisory authority. The Swedish Authority for Privacy Protection can be contacted at: Address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm. Phone: 08-657 61 00. Email: [email protected]. Website: www.imy.se

Processing of Personal Data and Purpose:

When you become a customer, sign up to participate in a study, or use our products and services we may collect personal data, such as your name, address, email address and telephone number. This information is necessary for managing our customer relationships, processing orders and returns, generating statistics, complying with legal accounting requirements, promoting our products to you, and contacting you when necessary.

Additionally, we may obtain certain personal data from external sources, such as credit reports and address updates, to ensure the accuracy and completeness of our records.

Legal Basis for Processing:

When you provide us with your personal data during a purchase and registration, we utilise this information to facilitate these specific processes. We also use the data to communicate with you and fulfill our obligations to you. Therefore, we consider the processing of personal data as necessary for the performance of our contractual relationship with you as a customer, establishing a legal basis for such processing.

In the course of our business activities, we may contact you for marketing purposes through emails unless you have explicitly notified us of your preference not to be contacted. We believe that there is a legitimate interest in communicating with you about our products, which outweighs the need for personal data protection when balancing interests.

Any further processing of personal data beyond the stated objectives will be carried out in compliance with legal requirements or with your explicit consent.

Processing of Personal Data and Purpose:

As required by applicable legislation, Alba Health AB (with Swedish organization number 559445-0198), is obligated to process certain personal data for accounting and auditing purposes. In accordance with the Swedish Bookkeeping Act, we are legally required to retain specific data, such as payment transaction information, for a period of seven years from the end of the accounting year.

Your personal data may also be utilised for account statements, invoicing and auditing, payment verification, administrative and legal matters, statistical and marketing analysis to improve our services, website accessibility, system development and maintenance.

If you are under the age of 18 and wish to make a purchase, you must obtain consent from your legal guardian before providing us with your personal data and proceeding with the purchase.

Please note that if you voluntarily provide us with your personal data during a purchase or registration process, we will use this information solely for the purpose of facilitating these specific processes. However, you have the right to withdraw your consent for personal data processing at any time.

It is important to emphasise that we do not request or process sensitive information from our customers. Therefore, please refrain from disclosing such information (such as details about ethnic background, political views, religious beliefs, trade union membership, health status, or sexual activity) to us, as it is not necessary for our services.

Data Collection and Processing:

The personal data processed by Alba Health AB (with Swedish organization no 559445-0198) has been obtained from you during the buying process or the sign-up process, as mentioned above. Additionally, we may collect personal data from external sources, such as credit reports and address updates. When you contact us via email, we assess the need for follow-up based on legal or service-related reasons, such as initiating a complaints procedure or tracking lost shipments. In cases where follow-up is not required, we delete the email after providing a response. Any information disclosed via email is not transferred to other databases unless specifically requested by you.

Card payments

All payment transactions on our website are processed by our e-commerce platform and its integrated payment service providers. We do not store or process any payment card information ourselves. To process payment for your products on our website, our payment services provider requires information about your payment card. This information is solely processed by our service provider, in compliance with our personal data processor agreement.

Payment service providers may act as independent data controllers for the personal data they process for their own purposes, such as fraud prevention, regulatory compliance, or financial administration. For questions about how your data is handled by a payment service provider, please consult their privacy policy directly.

Transfer of Personal Data to Third Parties:

In certain cases, we may engage personal data processors to provide services on our behalf. These processors include, for example:

Hosting providers, for storing and managing our website and related data;
Cloud service providers for email communication and marketing;
CRM system providers, for managing customer relationships and support;
Cloud service providers for internal communication and collaboration.

Before transferring personal data to these processors, we implement appropriate safeguards to ensure that your data is adequately protected.

We do not share personal data with other recipients, such as third parties without a contractual relationship for data processing (e.g., public authorities), beyond what is legally required.

Direct Marketing via Electronic Communication:

As mentioned in point above, we may utilise your personal data to send newsletters and offers regarding our products that we believe may be of interest to you. We provide all our customers with the option to receive marketing materials about our products. We strive to customise such information to suit your preferences. If you prefer not to receive any marketing materials from us, you can opt-out through our marketing preferences. Alternatively, you can contact us via email (see below) to request exclusion from marketing communications.

Security and Protection of Your Personal Data:

We take the protection of your personal data seriously and implement a range of technical and organizational measures to keep your information secure. This includes encryption of data during transfer and storage, controlled access to systems, authentication measures, role-based access control, pseudonymization, and data minimization.

We also maintain secure server and cloud infrastructure, follow secure development practices, and have agreements in place with our service providers to ensure that they process personal data in a secure and compliant manner. Regular backups and restoration routines are in place to protect against data loss.

These measures are designed to safeguard your personal data while allowing us and our trusted service providers to provide you with a reliable and secure service.

Understanding Cookies and Their Usage:

Cookies are text files that contain alphanumeric characters and are sent from our web server to your web browser or device. Alba Health AB uses cookies to enhance and streamline your browsing experience. We do not use cookies to store personal data or share information with third parties. Third-party cookies may be used for statistical purposes, such as collecting aggregated data in analytical tools like Google Analytics and Meta. These cookies can be either permanent or temporary (session cookies). Permanent cookies are stored on your computer or mobile device for a maximum of 24 months, while temporary cookies are deleted when you close your web browser. You have the ability to manage cookies by configuring your web browser, including blocking or deleting them. However, please note that certain services may not function properly if cookies are erased.

Rectification or Erasure of Personal Data:

We take the responsibility to rectify or erase incorrect, incomplete, or unlawfully processed personal data. At the Company's own initiative or upon your request, we will promptly correct or delete such data. In such cases, please contact Alba Health (contact details below). Any personal data that is no longer required for the purposes stated above will be erased.

Data Retention Period:

Your personal data is stored for as long as it is necessary to fulfil the objectives mentioned above.

Your Rights and Information on the Regulatory Authority:

You have the right to access information about the personal data we process, request rectification, erasure, or transfer of your personal data, and request restriction of processing. Additionally, you have the right to request an extract of the data register containing information about you. If you have any questions or wish to exercise your rights, please contact us using the contact details provided below.

Contact Details of the Data Controller:

The data controller for your personal data is Alba Health AB (org. No 559445-0198) located at Grev Turegatan 30, 11438 Stockholm, Sweden. If you need to update or amend your disclosed information, have any questions, or wish to express your opinions about our products or the information we process, please feel free to contact us via email: [email protected]

Updates to the Personal Data Policy:

We may update this personal data policy to align with changes in applicable legislation, address commercial needs, or meet the requirements of our customers, marketing partners, and service providers. Any updated versions of the policy will be published on our website, clearly indicating the date of the last update.

Contact Information:

For inquiries related to your rights and personal data processing, please contact us at [email protected]

Health Data Processing

Validity of Terms:

These terms outline the procedures governing the collection, storage, and processing of health data related to users of Alba Health’s products and services. These terms are provided for informational purposes at the point of purchase. However, prior to utilising Alba Health’s products and services, it is required that all users provide their consent in writing, as per the instructions provided by Alba Health from time to time. In the case of users who are below 18 years of age, written consent must be provided by all their legal guardians. Without the required consent — either from the user or the user’s legal guardian, as applicable — we regret to inform you that we are unable to proceed with the processing and storage of your health data.

General:

These terms apply to users of the products and services of Alba Health AB (‘The Company’) with Swedish organization number 559445-0198, address Grev Turegatan 30, 11438 Stockholm, Sweden. In these terms, you will receive information about the use of our product and services and how we process and store your data.

By giving your consent, you agree to these terms, and confirm that you have read and agreed to our Privacy Policy for personal data. We are unable to change the terms, unless confirmed in writing.

By giving your consent, you also confirm that: you are legally capable of entering into a binding contract; you are at least 18 years old; If you are registering on behalf of a minor, you are the legal guardian of that child and authorised to act on their behalf; and all information you provide is true and correct.

Before you start:

If you, your child or your partner (as applicable) are being treated for any chronic medical conditions, you should discuss these product and service procedures with your treating physician to ensure that your physician agrees that using our products and services is appropriate for you.

This product and service is not intended to have diagnostic value and will not contain any clinical diagnosis. Alba Health is a wellness product. It is not intended to diagnose or treat disease and it does not substitute for medical consultation.

How Does the Product and Service Work?

1. Provide consent

All users will need to read this consent form and provide their consent to these terms. Adult users must provide their own written consent. For children under the age of 18, consent must be provided by all legal guardians. All legal guardians of any participating child(ren) must carefully read and sign this consent form.

2. Answer questionnaire about lifestyle, diet and health

You will be asked to register and provide answers to a questionnaire about you, your child and family. This data is required for us to analyse your results. We may collect other types of information, including but not limited to images, video recordings, audio recordings, daily tracking questions.

3. Test kit and stool sample

If you have ordered a test kit for taking a stool sample for yourself or for your child, it will be sent to your home. Instruction manuals and all components are included in the kit. The kit must be used as described in the instruction manual and in no other way. After taking the sample you will send it back as instructed in the manual.

4. Sample processing

The stool samples taken using the product will be shipped from your home to our contract laboratory directly (in Germany) and will be processed within one month of being received. After analysis, the samples will be destroyed and no material from the samples will be kept. The contract laboratory will delete all data generated from the samples.

All mentioned samples will be processed by Zymo Research (laboratory contractor) at Mülhauser Str. 9, 79110 Freiburg im Breisgau, Germany. The received samples are coded, meaning they cannot be directly linked to you as an individual. The key to the code will be stored by Alba Health and will only be accessible by restricted personnel at Alba Health.

From the stool samples, DNA will be extracted and sequenced. We will only analyse microbial DNA and we do not analyse human DNA. The raw data will be stored in a secure way and in compliance with the General Data Protection Regulation (GDPR)and it will be transferred from the laboratory to Alba Health within 5 days from processing. Alba Health will store this data as previously described.

5. Receive your data and results

You can always access your submitted questionnaire data, please contact Alba Health. After we have analysed your sample results and data, you will receive a report with your sample processing results. The report will be delivered as instructed by Alba Health. This report will not have diagnostic value and will not contain any clinical diagnosis.

6. Online consultation with a certified Nutrition & Health coach or Nutritionist

After you have received your report, Alba Health will allow you to schedule an online consultation with a certified Nutrition & Health Coach or Nutritionist affiliated with Alba Health. This consultation is designed to provide you with personalised guidance based on your submitted questionnaire data and sample results. You will be notified of the scheduled time in advance and may request to reschedule the consultation up to 6 hours before the appointment time.

During the consultation, the Coach or Nutritionist will discuss your or your child’s gut health, dietary habits, and relevant lifestyle factors. The consultation will be conducted digitally via a secure video conferencing platform. No diagnostic or clinical advice will be provided during the consultation; the information provided is intended solely for educational and informational purposes and does not replace advice from a healthcare provider.

Participation in the consultation is voluntary. Any notes or recommendations provided during the consultation will be securely documented and stored by Alba Health in accordance with applicable data protection laws, including the GDPR. Only authorised personnel will have access to these records.

You may withdraw from the consultation or request deletion of consultation records at any time by contacting Alba Health (see contact details below).

7. Optional online consultation with a licensed Medical Doctor

In addition to the standard consultation, you may choose to purchase an optional consultation with a licensed Medical Doctor affiliated with Alba Health. This consultation may include the provision of diagnostic and clinical advice, and, where appropriate and within the doctor’s professional scope, the recommendation or prescription of medication, medical interventions, additional tests, medical diagnosis, and the formulation of a treatment plan.

This service is not included in the original purchase and requires an additional fee. If you choose to book this optional consultation, it will be conducted digitally via a secure video conferencing platform.

By booking this optional consultation, you consent to the sharing of your or your child’s questionnaire data and sample results with the Medical Doctor for the purposes of the consultation. Any records or notes generated during the consultation will be securely documented and stored by Alba Health in accordance with applicable data protection laws, including the GDPR. Only authorised personnel will have access to these records.

Participation in this optional consultation is voluntary. You may withdraw from the consultation or request deletion of consultation records at any time by contacting Alba Health (see contact details below).

Possible Consequences and Risks

We do not expect you, your partner nor your child(ren) to experience any discomforts nor side effects. The sample collection does not require invasive procedures, nor any discomfort. The stool collection kit must be used as described in the instruction manual and in no other way. In case questions or any problems might arise you can always contact us directly.

What Data is Collected?

To deliver our products and services and fulfil our commitments to you as a user or customer, we collect and record several types of personal and health-related information. This may include data about you, your child, or other family members, as applicable. The categories of data we collect are as follows:

Personal information about you, your child and family, as applicable.
Questionnaire data that includes questions about gender, ethnicity, lifestyle, household and health about you, your child and your partner, as applicable. Collected via the Alba Health App or as instructed.
Stool sample data (bacterial DNA from your or your child’s stool)

Data Storage and Handling

From the stool samples, DNA will be extracted and sequenced. We will only analyse microbial DNA and we do not analyse human DNA. The raw data will be stored in a GDPR-compliant and secure way and it will be transferred from the laboratory to Alba Health within 5 days from processing. Alba Health will store this data as previously described.

What Happens to my Samples and Data?

You have the right to refuse the storage of raw bioinformatic data from your samples without providing any explanation. If you consent to the storage initially, you can later withdraw (revoke) your consent without giving a reason. In that case, your raw data will be deleted or de-identified. If you want to revoke your consent, please contact Alba Health (details below). You always have access to the submitted data, please contact Alba Health staff. You have the option not to receive any analysis results if you prefer. If you wish so, please contact Alba Health (details below).

Insurance and Compensation

No insurance nor compensation is applicable for this product.

Contact Information

For inquiries related to your rights, processing of your, your child’s or your family’s health data or your consent, please contact us at [email protected]

Consent for Health Data Processing

Consent will be requested prior to the use of Alba Health’s product and services. In the cases where users are below 18 years of age, consent is required by all legal guardians of the child.

Future Use of Health Data

Validity of Terms

These terms are for informational purposes upon completion of a purchase from Alba Health AB (‘The Company’) with Swedish organization registration number 559445-0198, address Grev Turegatan 30, 11438 Stockholm, Sweden.

Prior to engaging with the products and services offered by Alba Health, users will be afforded the opportunity to provide consent for the utilisation of their health data in accordance with the specifications below. Note that such consent is entirely voluntary. For adult users, consent must be given personally. In the case of minors, all legal guardians are required to furnish their consent before any health data relating to the child can be processed.

Future Technological Research Purposes

Your data and samples collected will be used to deliver your results to you. In addition we will use your sample and questionnaire data for technological research purposes, for example, to develop new features of the Alba Health product and services. For these purposes, your data will be pseudonymised, anonymized or analysed on an aggregated level, meaning it will not be possible to track any data to you or your family as individuals. Only Alba Health will have access to the key and link to you as an individual, and that will not be shared with external parties. Consent is optional.

Consent to Future Use of Health Data

Consent will be requested prior to the use of Alba Health’s product and services. Consent is voluntary, but is required by both legal guardians in the case of a minor.

Use of Artificial Intelligence

Alba Health provides AI-powered services, including but not limited to an AI chat, AI-generated result summaries (collectively, “AI Services”), to support users in understanding and managing their own or their child’s health and wellness. To provide these services, the AI processes certain personal and sensitive data, including:

Personal identifiers: your or your child’s name, date of birth, and country of residence.
Health, diet and lifestyle information collected in the Alba Health app.
Gut microbiome results: your or your child’s gut health test results and related information such as the action plan.
AI interaction data: messages, usage patterns, generated insights, summaries, and other outputs produced by the AI.
Images and visual data: photos uploaded or captured within any AI services.

Use of the chat function

When using the AI chat, we ask you to exercise caution regarding the personal data you choose to share. The chat is intended solely for discussing results and information related to your use of the AI chat.

You should avoid sharing personal data about yourself, your child, or other individuals unless it is strictly necessary for the purpose of the conversation. In particular, you should refrain from sharing special categories of personal data as defined in Article 9(1) of the GDPR (such as data concerning health, racial or ethnic origin, religious beliefs, or similar sensitive information), unless it is clearly required for the purpose you are using the AI chat.

You should also avoid sharing other information that may be considered sensitive in nature, such as national identification numbers, payment card details, or similar financial information.

Legal basis for processing

The processing of your personal and health information for AI Services is based on your explicit consent, in accordance with Articles 6(1)(a) and 9(2)(a) of the GDPR.

Consent for adults (above 18 years of age): By using Alba Health’s services for the first time, you provide explicit consent for AI-processing of your personal and sensitive health data as described in this Privacy Policy.
Consent for minors (under 18 years of age): If you use Alba Health’s services on behalf of a child under 18 years of age, you confirm that you are the child’s parent or legal guardian and are authorized to provide consent. By using Alba Health’s services, you expressly consent to the processing of their personal and health data. Alba Health may take reasonable steps to verify parental or guardian consent where required.

Consent is given freely and separately from other Alba Health services. You may withdraw your consent at any time; see “Withdrawing Consent” below.

Purpose of processing

Your data is used solely to generate personalized responses and recommendations within the Alba Health app and AI interfaces. Alba Health does not use your personal data, health data, or AI interactions to train external or third-party large language models (LLMs) or for other external AI training purposes.

Automated processing

The AI uses automated processing to generate insights and recommendations based on your data. These outputs are for informational and educational purposes only and do not constitute medical advice, diagnosis, or treatment.

You may request human review, clarification, or additional support at any time by contacting Alba Health.

Data storage and security

We store AI logs, generated summaries, and related AI data securely and apply appropriate technical and organizational measures to protect them, including encryption and access controls.

We retain AI interaction data and the outputs generated only for as long as necessary to provide and maintain the service. This includes:

While you have not withdrawn your consent to data processing;
To ensure proper system performance, reliability, and operational maintenance;
To prevent abuse, maintain security, and comply with legal obligations.

We reserve the right to delete AI interaction data and generated outputs at any time for these purposes. Once data is no longer required for the above purposes, it will be securely deleted or anonymized.

Withdrawing consent

If you withdraw your consent for Alba Health’s AI-services:

All personal and health data associated with you or your child will be permanently deleted, including AI interaction logs, generated summaries, and related AI outputs
You will no longer be able to access or use Alba Health’s services

Withdrawal of consent is final and may be requested by contacting Alba Health at the details provided in this Privacy Policy.

Your rights

You have the right to:

Access, correct, or delete your personal data
Withdraw consent at any time
Restrict or object to processing
Receive a portable copy of your data
Lodge a complaint with a data protection authority

These rights may be exercised by contacting Alba Health using the contact details provided in this Privacy Policy.

How to provide consent

By using Alba Health’s AI Services, you actively and expressly consent to the processing of your or your child’s personal and health data as described in this Privacy Policy.

If you do not agree to such processing, you should not use Alba Health’s services.

Consent is a precondition for using AI Services, and, for minors, must be provided by all legal guardians of the child.

POLICYER

SUPPORT

POLICYER

SUPPORT