Privacy Policy
Last updated: April 2026
This policy is reviewed and updated at least annually. Material changes will be communicated via a notice on our website.
1. Introduction and Controller Identity
BIONIKO Models ("BIONIKO," "we," "our," or "us") is committed to protecting your privacy and handling your personal data with transparency, integrity, and respect. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it.
Data Controller:
BIONIKO Models
5707 NW 158th St., Miami Lakes, FL 33014, USA
Email: [email protected]
Phone: +1 (507) 246-6456
BIONIKO does not currently have a designated Data Protection Officer (DPO). If you have questions about data protection, please contact us directly at the address above. EU/EEA residents may also contact us via the same email for matters related to GDPR rights.
2. Personal Data We Collect
We collect personal data in the following categories, consistent with the California Consumer Privacy Act (CCPA) categories:
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, email address, phone number | Directly from you (contact form, B2B portal) |
| Internet / Network Activity | IP address, browser type, pages visited, time on site, referring URL | Automatically collected via server logs and analytics (with consent) |
| Commercial Information | Purchase history, order details | Via Shopify store (governed by Shopify's privacy policy) |
| Professional / B2B Data | Company name, job title, distributor affiliation | Directly from you or your organization |
We do not knowingly collect sensitive personal information such as government ID numbers, financial account details, health data, biometric data, or precise geolocation. We do not collect personal data from children under 16 (see Section 10).
3. Legal Basis for Processing (GDPR)
For individuals in the European Economic Area (EEA) and United Kingdom, we process personal data only where we have a valid legal basis under Article 6 of the GDPR:
| Processing Activity | Legal Basis |
|---|---|
| Responding to contact form inquiries | Legitimate interests (Art. 6(1)(f)) — responding to business inquiries |
| B2B partner portal authentication | Performance of a contract (Art. 6(1)(b)) |
| Processing orders via Shopify | Performance of a contract (Art. 6(1)(b)) |
| Analytics cookies (site usage data) | Consent (Art. 6(1)(a)) — only after explicit opt-in |
| Marketing communications | Consent (Art. 6(1)(a)) — only after explicit opt-in |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) — protecting the site and users |
| Legal compliance (e.g., tax records) | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Information
We use the personal data we collect for the following specific purposes:
- To respond to inquiries and provide customer support
- To authenticate and manage access to the B2B partner portal
- To process orders and manage your transactions via our Shopify store
- To improve and personalize the website experience based on aggregate usage data (analytics, with consent)
- To send marketing and promotional communications about BIONIKO products and events (with your explicit consent, which you may withdraw at any time)
- To maintain the security and integrity of our website and systems
- To comply with applicable legal obligations
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.
5. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our standard retention periods are:
| Data Type | Retention Period | Basis |
|---|---|---|
| Contact form submissions | 2 years from last interaction | Legitimate interest |
| B2B partner account data | Duration of partnership + 2 years | Contractual necessity |
| Order and transaction records | 7 years | Legal obligation (tax/accounting) |
| Analytics data (with consent) | Up to 26 months | Consent (withdrawn = deleted) |
| Cookie consent records | 1 year | Legal compliance |
| Server/access logs | 90 days | Security and fraud prevention |
After the applicable retention period, personal data is securely deleted or anonymized. You may request early deletion of your data subject to legal retention obligations (see Section 7).
6. Disclosure of Your Information
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:
- Service Providers: We share data with trusted third-party vendors who perform services on our behalf, including website hosting (Manus platform), e-commerce (Shopify), and email delivery. These providers are contractually bound to process data only on our instructions and in compliance with applicable privacy laws.
- Distributors: If you contact us through a regional distributor's referral, limited contact information may be shared with that distributor to facilitate your inquiry.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
- Legal Requirements: We may disclose your information where required by law, court order, or governmental authority, or where necessary to protect the rights, property, or safety of BIONIKO, our users, or the public.
7. International Data Transfers
BIONIKO is headquartered in the United States. If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, your personal data may be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.
Where we transfer personal data from the EEA or UK to the US or other third countries, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms. You may request a copy of the applicable transfer safeguards by contacting us at [email protected].
8. Security of Your Information
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include encrypted data transmission (HTTPS/TLS), access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use strong passwords and to contact us immediately if you suspect any unauthorized use of your account.
9. Your Privacy Rights (GDPR / UK GDPR)
If you are located in the EEA or United Kingdom, you have the following rights under the GDPR and UK GDPR:
- Right of Access (Art. 15): You may request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17): You may request deletion of your personal data where there is no compelling reason for us to continue processing it.
- Right to Restriction (Art. 18): You may request that we restrict processing of your data in certain circumstances.
- Right to Data Portability (Art. 20): You may request your data in a structured, machine-readable format.
- Right to Object (Art. 21): You may object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal. To withdraw consent for marketing emails, use the unsubscribe link in any email. To withdraw cookie consent, click the cookie icon in the bottom-left corner of any page.
- Right to Lodge a Complaint: You have the right to lodge a complaint with your national data protection supervisory authority. In the EU, you can find your local authority at edpb.europa.eu. In the UK, contact the Information Commissioner's Office (ICO).
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.
10. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources, the business purpose, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: BIONIKO does not sell or share personal information with third parties for cross-context behavioral advertising. No opt-out mechanism is required, but you may contact us to confirm this at any time.
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny goods or services, charge different prices, or provide a different level of quality because you exercised your privacy rights.
To submit a CCPA rights request, please contact us at [email protected] with the subject line "CCPA Rights Request" or call +1 (507) 246-6456. We will verify your identity and respond within 45 days, with a possible 45-day extension where necessary.
11. Children's Privacy
Our website and services are intended for healthcare professionals, medical educators, and business customers. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that information. If you believe we may have collected data from a child, please contact us at [email protected].
13. Third-Party Links and Services
Our website contains links to third-party websites and services, including our Shopify store, distributor websites, and social media platforms (Instagram, YouTube, LinkedIn). This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party services you access through our website.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, display a notice on our website or notify you by email. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
BIONIKO Models
5707 NW 158th St., Miami Lakes, FL 33014, USA
Email: [email protected]
Phone: +1 (507) 246-6456
For GDPR-related inquiries from EU/EEA residents, or CCPA requests from California residents, please include the relevant regulation in your subject line to ensure prompt routing.