Close Cookie Popup
Cookie settings
By clicking "Accept all cookies", you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Accept all cookiesCookie settings
Close Cookie Preference Manager
Cookie settings
By clicking 'Accept all cookies', you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings

Privacy

Privacy Policy - Aniva

Privacy Policy

Effective Date: January 2, 2025
Last Updated: August 20, 2025

1. Introduction

Welcome to Aniva. Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services.

We process your data in accordance with the General Data Protection Regulation (GDPR), as well as other applicable German data protection laws.

By accessing or using our platform, you confirm that you have read and understood this Privacy Policy. If you do not agree, please refrain from using our services.

2. Data Controller & Contact Information

The entity responsible for processing your personal data (Data Controller) is:

Livy Health GmbH

Retzbacher Weg 44, 13189 Berlin, Germany
Email:

You also have the right to contact the relevant data protection authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Alt-Moabit 59–61, 10555 Berlin, Germany
Email:

3. Data We Collect and Process

We collect the following types of data:

a. Information You Provide

  • Personal Data: Name, email address, phone number.
  • Health Data: Information you provide through questionnaires or test results.
  • Payment Data: If you make purchases, we process your payment details securely via third-party providers.
  • Mobile number & SMS consent (opt-in status, timestamp, source of consent), and your preferences for receiving text messages.
  • SMS interactions (delivery status, opt-outs/"STOP", "HELP" requests, link clicks where supported).

b. Information Collected Automatically

  • Device & Browser Data: IP address, browser type, operating system.
  • Usage Data: Pages visited, time spent on site, interactions with our platform.
  • Klaviyo onsite identifiers (e.g., the __kla_id first-party cookie) used to recognize returning visitors and, if you've opted in, to link on-site activity with your profile for email/SMS personalization and abandoned-cart reminders.

c. Data from Third Parties

  • Connected Services: If you integrate third-party platforms (e.g., lab partners), we may receive related data.

4. Legal Basis for Processing (Art. 6 GDPR)

We process your data based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR & Art. 9(2)(a) GDPR) → For processing sensitive health data.
  • Contractual necessity (Art. 6(1)(b) GDPR) → To provide our services.
  • Legal obligation (Art. 6(1)(c) GDPR) → For compliance with financial and regulatory laws.
  • Legitimate interest (Art. 6(1)(f) GDPR) → For security, fraud prevention, and service improvement.

You may withdraw your consent for data processing at any time by contacting .

5. How We Use Your Data

We process your data to:

  • ✔️ Provide personalized health recommendations.
  • ✔️ Enable test bookings and process results.
  • ✔️ Improve our platform based on user behavior.
  • ✔️ Send service-related communications (updates, notifications).
  • ✔️ Ensure compliance with legal requirements.
  • ✔️ Send service and transactional SMS (e.g., booking updates, delivery notifications).
  • ✔️ Send marketing SMS only if you opt in (message frequency varies; you can opt out anytime by replying STOP; reply HELP for help).

Legal bases: consent for marketing SMS (Art. 6(1)(a) GDPR), contract for necessary service updates (Art. 6(1)(b) GDPR). For any cookies/trackers used to trigger messages (e.g., abandoned cart), we rely on your device consent under §25 TTDSG / Art. 5(3) ePrivacy.

5a. Mobile Messaging (SMS) Program

We offer an optional SMS program for updates, tips, and offers.

  • Opt-in & Opt-out. You'll receive SMS only if you explicitly opt in. You can opt out at any time by replying STOP; reply HELP for help.
  • What we collect. Mobile number, consent status (with timestamp/source), and basic delivery/interaction metadata.
  • Purpose. To deliver the messages you requested, improve relevance (e.g., cart reminders if you consented to cookies), and keep records of consent/opt-outs for compliance.
  • No sale/sharing of opt-in data. Text messaging originator opt-in data and consent are not shared or sold to third parties for marketing or promotional purposes.

6. Data Sharing & Third-Party Services

We do not sell your personal data. We only share it with trusted partners who support us in delivering our services.

a. Service Providers & Integrations

To ensure smooth operation of our platform, we work with the following third-party subprocessors:

Provider Purpose Location Legal Safeguard for Data Transfers
Tally BV Collecting form responses Netherlands (EU) GDPR Compliant
Typeform SL Collecting form responses Spain (EU) GDPR Compliant
Notion Labs, Inc. Managing content & internal operations USA SCCs (Standard Contractual Clauses)
Stripe, Inc. Processing payments securely USA SCCs
Meta Platforms, Inc. Analytics and Cookies USA SCCs
Slack, Inc. Internal communications USA SCCs
MNB Labor GmbH Laboratory analysis & fulfillment (in some cases) Germany GDPR Compliant
Trans-o-flex Express GmbH & Co. KGaA Shipping & fulfillment Germany GDPR Compliant
Deutsche Post AG (DHL) Shipping & fulfillment Germany GDPR Compliant
Praxis für gesundes Leben Blood collection Germany GDPR Compliant
OpenAI, L.L.C. Processing and analyzing lab data USA SCCs
Ornament Health AG Processing and analyzing lab data Switzerland GDPR Compliant
dunatura Tagespacks GmbH Fulfillment & supplement composition Germany GDPR Compliant
Klaviyo, Inc. Email & SMS messaging, forms, onsite tracking for personalization/abandoned-cart flows USA EU-U.S. Data Privacy Framework; SCCs where applicable

💡 International Data Transfers: When data is transferred outside the EU/EEA, we rely on EU-approved Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure your data remains protected.

b. Legal Authorities

We disclose data if required to comply with legal obligations or regulatory requests.

7. Data Retention

We retain personal data only for as long as necessary:

Data Type Retention Period
Account Data Until you delete your account
Health Data Until you withdraw consent
Payment Data 10 years (legal requirement)
Customer Support Data 6 months after issue resolution

SMS consent logs & delivery/opt-out records: retained as long as you remain subscribed and up to 24 months after your last interaction or until you withdraw consent, to demonstrate compliance.

Once retention periods expire, we delete or anonymize your data securely.

8. Your Rights under GDPR

You have the following rights regarding your data:

  • Access (Art. 15 GDPR) – Request a copy of your stored data.
  • Correction (Art. 16 GDPR) – Fix incorrect or incomplete data.
  • Deletion (Art. 17 GDPR) – Request deletion of your data ("Right to be Forgotten").
  • Objection (Art. 21 GDPR) – Object to certain processing activities.
  • Portability (Art. 20 GDPR) – Receive your data in a transferable format.

📩 To exercise these rights, email us at: .

9. Data Security Measures

We implement strong security measures to protect your data:

  • ✔️ Encryption: All stored and transmitted data is encrypted.
  • ✔️ Access Controls: Restricted access based on role-based permissions.
  • ✔️ Regular Security Audits: We conduct regular security reviews.

⚠️ No system is 100% secure. If a data breach occurs, we will notify affected users and authorities as required by GDPR.

10. Cookies & Tracking

We use only essential cookies.

a. Essential Cookies (Required)

  • Necessary for website functionality.

b. Non-Essential Cookies

We use cookies and similar technologies to run our website, understand usage, and—only with your consent—to personalize email/SMS and show reminders (e.g., abandoned cart).

  • Strictly necessary cookies — required for core functionality.
  • Analytics & performance — help us improve the site (set only with consent).
  • Marketing/personalization — used with your consent to recognize returning visitors, link visits to your profile, and trigger communications such as abandoned-cart reminders. This includes Klaviyo's first-party identifier cookie (e.g., __kla_id).

Abandoned cart via SMS. Our site may use cookies or similar tools to detect when items are placed in your cart and the checkout isn't completed; if you have opted in to SMS and consented to such cookies, we may send a one-time or limited series of cart reminders.

Your choices. In the EU (e.g., Germany/Finland), non-essential cookies require prior consent (§25 TTDSG / ePrivacy). You can accept or reject each category in our cookie banner and change choices anytime.

11. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies before providing any data.

12. Updates to This Privacy Policy

We may update this Privacy Policy when necessary. The latest version will always be available on our website with an updated "Last Revised" date.

13. Contact Us

For any privacy-related inquiries, please contact:

📩

Your future self is waiting

Start building the healthiest decade of your life.

Join Waitlist
Stay Sharp, Energized, and in Control. For Decades.
HomeHomeHomeHomeHome
CompanyBiomarkerFAQOur ManifestoMembership
Aniva forStartupsPractitioners
Legal & SafetyImprintData privacyPartner & Process Integrity
© Aniva Health 2025