Privacy Policy | Biosplantrinse.ddd

Last updated: June 24, 2026

This Privacy Policy describes how Biosplantrinse.ddd ("we," "us," or "our") collects, uses, discloses, and protects personal information when you visit our website at biosplantrinse.world (the "Site") or otherwise interact with us. The Site provides educational content about office back health, desk posture, micro-movements, stress-related tension patterns, and related lifestyle topics for people who work at desks. It is general lifestyle information — not professional medical, physical therapy, or healthcare advice.

By using the Site, you acknowledge that you have read this Privacy Policy. If you do not agree with our practices, please do not use the Site.

This Privacy Policy is designed to meet transparency requirements under U.S. federal guidance (including Federal Trade Commission fair information practice principles), the General Data Protection Regulation (GDPR) where applicable, and applicable state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Illinois Personal Information Protection Act (815 ILCS 530/), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act (OCPA), and comparable laws in other states where our visitors reside.

1. Who We Are

The data controller responsible for your personal information is:

Business name: Biosplantrinse.ddd
Address: 6455 W Archer Ave, Chicago, IL 60638, United States
Email: team@biosplantrinse.world
Phone: +1 (773) 217-8535

For privacy-related questions, rights requests, or complaints, contact us using the details above.

2. Scope of This Policy

This policy applies to personal information we collect through the Site, including when you browse articles about the Office Triad, micro-movements, stress and posture, posture archetypes, submit a contact form, manage cookie preferences, or interact with embedded maps. It does not apply to third-party websites linked from the Site, which have their own privacy practices.

3. Categories of Personal Information We Collect

Depending on how you use the Site, we may collect the following categories of information:

Identifiers: Name, email address, and any other information you voluntarily provide in a contact message.
Internet or network activity: IP address, browser type and version, device type, operating system, referring/exit pages, pages viewed, time spent on pages, click paths, and approximate geographic location derived from IP address.
Technical data: Cookie identifiers, local storage values (including your cookie consent preferences stored under the key cookie_consent_tdd_backoffice), session data, and similar technologies used to operate and secure the Site.
Communications: Content of messages you send through our contact form, including any details you choose to include about your desk setup, posture habits, or back discomfort.
Inferences: Aggregated or de-identified usage patterns that help us understand which educational topics are most visited (only where analytics consent has been given or where permitted by law).

We do not intentionally collect sensitive personal information such as government ID numbers, financial account details, precise geolocation, or detailed health records through the Site. Please do not submit medical diagnoses, imaging results, or other sensitive health information through our contact form.

We do not collect biometric identifiers or biometric information (such as fingerprints, face scans, or voiceprints) as defined under the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/) or similar state laws.

3.1 Notice at Collection (California and U.S. State Laws)

At or before the point of collection, we provide notice of the categories of personal information we collect and the purposes for which they are used. This notice appears in our cookie banner (U.S. Notice at Collection), on our Contact page (contact form), and in this Privacy Policy. We collect only what is reasonably necessary for the stated purposes.

When you browse the Site: Internet/network activity and technical data — to operate, secure, and improve the Site.
When you submit the contact form: Identifiers and communications — to respond to your inquiry.
When you enable optional cookies: Analytics and marketing data — only after opt-in consent.
When you view an embedded map: Data processed by Google — subject to Google's policies.

3.2 Categories Collected in the Preceding 12 Months (CCPA/CPRA Disclosure)

The following summarizes categories of personal information we have collected within the twelve (12) months before the "Last updated" date above, as required by California Civil Code § 1798.100 et seq. and comparable U.S. state disclosure laws:

Identifiers (e.g., name, email, IP address) — Collected: Yes. Sources: You (contact form), automatic collection. Business purposes: Operating the Site, responding to inquiries, security. Disclosed to: Hosting and email service providers. Sold: No. Shared for cross-context behavioral advertising: No.
California Customer Records (Cal. Civ. Code § 1798.80(e)) — Collected: Yes (name, email, phone if you call). Sources: You. Business purposes: Communications. Disclosed to: Service providers. Sold: No. Shared: No.
Internet or electronic network activity — Collected: Yes. Sources: Automatic technologies; analytics (with consent). Business purposes: Site operation, analytics, security. Disclosed to: Hosting and analytics vendors (if consented). Sold: No. Shared: No.
Geolocation data (approximate) — Collected: Yes (city/region from IP). Sources: Automatic. Business purposes: Security, aggregated analytics. Disclosed to: Service providers. Sold: No. Shared: No. We do not collect precise GPS location.
Inferences — Collected: Limited aggregated usage patterns only, and only where analytics consent is given. Sold: No. Shared: No.
Sensitive personal information (CPRA) — Collected: No. We do not collect CPRA sensitive categories through the Site.

We have not sold personal information for monetary consideration in the preceding twelve (12) months. We have not shared personal information for cross-context behavioral advertising in the preceding twelve (12) months.

4. Sources of Personal Information

We collect personal information from:

Directly from you when you fill out the contact form, email us, call us, or configure cookie settings.
Automatically when you visit the Site, through cookies, local storage, server logs, and similar technologies.
From third parties such as analytics providers (only with your consent where required) and Google Maps when you interact with an embedded map on our Contact page.

5. Purposes for Processing Personal Information

We use personal information for the following purposes:

Operating the Site: Delivering educational articles, navigation, security, fraud prevention, and technical troubleshooting.
Responding to inquiries: Reading and replying to contact form submissions and other messages about our office back health content.
Remembering preferences: Storing your cookie consent choices so we do not repeatedly ask for the same selections.
Analytics and improvement: Understanding how visitors use the Site so we can improve article structure, readability, and topic coverage (only where you have consented to analytics cookies or where permitted without consent).
Legal compliance: Complying with applicable laws, responding to lawful requests, and enforcing our Terms of Use.
Communications: Sending responses to your inquiries; we do not send unsolicited marketing emails unless you have opted in where required by law.
Advertising measurement: If we display third-party advertisements (e.g., Google Ads) and you opt in to marketing cookies, ad partners may use cookies or similar technologies to measure campaign performance. We do not sell personal information for money. You may decline marketing cookies at any time through Cookie Settings.

We do not use personal information for automated decision-making that produces legal or similarly significant effects, and we do not engage in profiling that would require opt-out under applicable U.S. state laws.

6. Legal Bases for Processing (GDPR — EEA, UK, and Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases under the GDPR and equivalent laws:

Consent: For non-essential cookies, analytics, marketing technologies, and contact form processing where consent is required.
Legitimate interests: Operating and securing the Site, responding to inquiries, improving educational content, and preventing abuse — balanced against your rights and freedoms.
Contract: Where processing is necessary to respond to a request you initiate.
Legal obligation: Where we must retain or disclose information to comply with law.

You may withdraw consent at any time through Cookie Settings on the Site or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

7. How We Share Personal Information

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising in exchange for money or other valuable consideration as those terms are defined under the CCPA/CPRA.

We may share personal information with:

Service providers who host the Site, process contact form submissions, provide analytics (with consent where required), or assist with technical operations — bound by contractual obligations to use data only for our instructions.
Google Maps / Google LLC when you load or interact with an embedded map, subject to Google's Privacy Policy.
Legal and safety recipients when required by law, court order, or governmental request, or to protect rights, safety, and security of users, the public, or our organization.
Business transfers in connection with a merger, acquisition, or sale of assets, with notice where required by law.

8. Your Privacy Rights

8.1 Rights for EEA, UK, and Swiss Residents (GDPR)

If you are in the EEA, UK, or Switzerland, you have the following rights regarding your personal data, subject to applicable exceptions:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): Request deletion of your personal data in certain circumstances.
Right to restriction: Request that we limit processing in certain situations.
Right to data portability: Receive personal data you provided in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
Right to object: Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
Right to lodge a complaint: File a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the ICO at ico.org.uk.

To exercise GDPR rights, email team@biosplantrinse.world with the subject line "GDPR Rights Request." We may need to verify your identity before responding. We aim to respond within one month, extendable by two further months for complex requests as permitted by law.

8.2 Rights for California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA, subject to statutory exceptions:

Right to know / access: Request the categories and specific pieces of personal information we collected about you.
Right to delete: Request deletion of personal information we collected from you, subject to exceptions.
Right to correct: Request correction of inaccurate personal information we maintain about you.
Right to opt out of sale or sharing: We do not sell personal information and do not share it for cross-context behavioral advertising.
Right to limit use of sensitive personal information: Not applicable — we do not collect CPRA sensitive personal information through the Site.
Right to non-discrimination: We will not deny goods or services, charge different prices, or provide a different level of service because you exercised your privacy rights.

How to submit a California request: Email team@biosplantrinse.world with subject line "California Privacy Request," call +1 (773) 217-8535, or mail us at 6455 W Archer Ave, Chicago, IL 60638, United States.

Do Not Sell or Share My Personal Information: team@biosplantrinse.world. We honor opt-out preference signals including Global Privacy Control (GPC).

Authorized agents: California residents may designate an authorized agent to submit a request on their behalf. The agent must provide signed written permission or proof of power of attorney, and we may require you to verify your identity directly.

Identity verification: We may request information reasonably necessary to verify your identity before fulfilling a request, consistent with CCPA/CPRA regulations. We will not expand the scope of data collected beyond what is necessary for verification.

Response timing: We acknowledge requests within ten (10) business days where required and respond within forty-five (45) days, with a one-time extension of an additional forty-five (45) days when reasonably necessary, accompanied by notice explaining the extension.

Appeals: If we deny a California request, you may appeal by replying to our response with "California Privacy Appeal." We will respond to appeals within forty-five (45) days as required by CPRA regulations.

8.3 Rights for Illinois Residents

Our principal place of business is in Chicago, Illinois. Illinois residents are protected by:

Illinois Personal Information Protection Act (PIPA, 815 ILCS 530/): Requires reasonable security measures for personal information and notification to Illinois residents and the Illinois Attorney General when a data breach involves unencrypted personal information, Social Security numbers, driver's license numbers, or financial account data in combination with access codes.
Illinois Biometric Information Privacy Act (BIPA): Not applicable to our Site — we do not collect biometric identifiers.
Illinois Consumer Fraud and Deceptive Business Practices Act (815 ILCS 505/): We do not make false or misleading statements about our educational content or data practices.

Illinois residents may contact us at team@biosplantrinse.world or +1 (773) 217-8535 regarding privacy concerns. You may also file a complaint with the Illinois Attorney General's Office.

8.4 Rights for Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Other U.S. State Residents

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Delaware (DPDPA), New Jersey (S332), New Hampshire, Nebraska, Iowa, Tennessee, Indiana, Minnesota, and other states as laws take effect — may have rights to:

Confirm whether we process their personal data and access such data;
Correct inaccuracies in personal data;
Delete personal data provided by or obtained about them;
Obtain a portable copy of personal data;
Opt out of the sale of personal data, targeted advertising, and profiling in furtherance of decisions producing legal or similarly significant effects;
Non-discrimination for exercising privacy rights.

We do not sell personal data or engage in profiling producing legal or similarly significant effects. Targeted advertising cookies are disabled until you opt in. Submit requests to team@biosplantrinse.world with subject line "U.S. State Privacy Request." We respond within forty-five (45) days unless a forty-five (45) day extension is permitted and communicated. If we deny a request, you may appeal by replying "Privacy Appeal" to our response; we will respond to appeals within the timeframe required by your state's law.

8.5 Global Privacy Control (GPC) and Opt-Out Preference Signals

If your browser or device sends a Global Privacy Control (GPC) signal or another legally recognized opt-out preference signal, we treat it as a valid opt-out request for the sale or sharing of personal information and for non-essential analytics and marketing cookies where such opt-out is legally required. Our cookie banner script automatically applies a reject-all consent profile when GPC is detected and no prior consent has been saved.

8.6 How to Submit a Privacy Request

You may submit a privacy rights request by any of the following methods:

Email: team@biosplantrinse.world (include your state of residence and the right you wish to exercise)
Phone: +1 (773) 217-8535 (Monday–Friday, 9:00 AM – 5:00 PM Central Time)
Mail: Biosplantrinse.ddd, 6455 W Archer Ave, Chicago, IL 60638, United States
Do Not Sell or Share: team@biosplantrinse.world

We do not charge a fee to process verifiable consumer requests unless permitted by law for excessive, repetitive, or manifestly unfounded requests. We will explain any fee before completing the request.

8.7 Financial Incentives

We do not offer financial incentives, discounts, or price differences in exchange for the collection, sale, or retention of personal information as described under CCPA/CPRA.

9. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy:

Contact form and email inquiries: Up to twenty-four (24) months after the last message in a thread, unless longer retention is needed for legal claims or you request earlier deletion.
Server logs: Typically thirty (30) to ninety (90) days for security and troubleshooting.
Cookie consent records: Stored in your browser's local storage under cookie_consent_tdd_backoffice until you clear it or change preferences.
Analytics data: Retained according to our analytics provider's settings, generally thirteen (13) months or less where configurable, and only when you have consented.

When retention periods expire, we delete or anonymize personal information where feasible. When disposal is required under Illinois law or other applicable standards, we use reasonable measures to destroy or render personal information unreadable, such as secure deletion from active systems and backup rotation.

10. Data Security

We implement reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include HTTPS encryption in transit where available, access controls on hosting accounts, and limiting employee and contractor access to data on a need-to-know basis.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. If you believe your interaction with us is no longer secure, contact us immediately.

In the event of a security incident involving unauthorized access to personal information that triggers notification obligations under applicable law — including the Illinois Personal Information Protection Act (815 ILCS 530/) and breach notification laws in other states — we will investigate promptly, notify affected individuals and regulators as required, and take steps to contain and remediate the incident.

11. Federal Law and Regulatory Framework (United States)

In addition to state privacy laws, our practices are guided by applicable U.S. federal standards, including:

Federal Trade Commission Act (15 U.S.C. § 45): We do not engage in unfair or deceptive acts or practices regarding the collection, use, or disclosure of personal information.
FTC Privacy and Data Security Guidance: We provide clear notice, honor consumer choices, and maintain reasonable safeguards for data we collect.
Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501–6506): See Section 12 below.
CAN-SPAM Act (15 U.S.C. § 7701 et seq.): If we send commercial email, we comply with CAN-SPAM requirements including accurate header information, honest subject lines, a valid physical address, and a clear opt-out mechanism. We do not send unsolicited marketing email without consent where required.
Electronic Communications Privacy Act (ECPA): We access and disclose electronic communications only as described in this policy and as permitted by law.

12. Children's Privacy (COPPA)

The Site is intended for a general audience of adults and older teens interested in office back health education. We do not knowingly collect personal information from children under thirteen (13) years of age in violation of the U.S. Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe your child under 13 has provided personal information to us, contact team@biosplantrinse.world and we will take steps to delete such information promptly. Users between 13 and 17 should use the Site with parental or guardian permission where required by local law.

13. International Data Transfers

We are based in the United States. If you access the Site from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. or other countries where our service providers operate. Where required by GDPR, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms for lawful transfers.

14. Cookies and Similar Technologies

We use cookies and local storage to operate the Site and, with your consent, for analytics and marketing. Your preferences are stored locally under the key cookie_consent_tdd_backoffice. For full details on cookie categories, durations, and third-party providers, see our Cookie Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top indicates when the policy was last revised. Material changes will be posted on this page. Continued use of the Site after changes constitutes acceptance of the updated policy where permitted by law.

16. Contact Us

For privacy questions, rights requests, or concerns about this policy:

Biosplantrinse.ddd
Address: 6455 W Archer Ave, Chicago, IL 60638, United States
Email: team@biosplantrinse.world
Phone: +1 (773) 217-8535