Privacy policy
PRIVACY AND COOKIE POLICY
PersonaPath
Last Updated: February 2026
PersonaPath ("we", "us", "our") is committed to protecting your personal data. This Privacy and Cookie Policy explains how we collect, use, store, and disclose your personal information when you visit our website at www.persona-path.com (the "Site"), use our health quiz, purchase our products, or otherwise interact with our services.
We process your personal data in strict compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Danish Data Protection Act (Databeskyttelsesloven).
By using our Site and services, you acknowledge that you have read and understood this Privacy and Cookie Policy.
1. Data Controller
The data controller responsible for processing your personal data is:
PersonaPath
Sole proprietorship (Enkeltmandsvirksomhed) registered in Denmark
CVR: DK42679267
Address: Konsul Jensens Gade 3, 3Th, 8700 Horsens, Denmark
Email: support@persona-path.com
Live Chat: Available on our Site
PersonaPath does not have a designated Data Protection Officer (DPO). For all data protection inquiries, please contact us at the email address above.
2. Personal Information We Collect
We collect and process different categories of personal data depending on how you interact with us:
2.1 When You Visit Our Site
When you browse our Site, we may collect the following data automatically through cookies and similar technologies:
-
IP address, browser type, device information, and operating system.
-
Browsing behaviour, click patterns, page views, and interaction data.
-
Referral source and session duration.
Legal basis: Consent via Cookiebot for marketing and analytics cookies (GDPR Article 6(1)(a)). Legitimate interest for strictly necessary and functional cookies (GDPR Article 6(1)(f)).
2.2 When You Use the Health Quiz
When you complete our health quiz, we collect:
-
Your name and email address.
-
Self-reported information about your diet, lifestyle, energy levels, health goals, existing health conditions, allergies, medications, pregnancy or nursing status, and other wellness-related data.
Important: Some of the information you provide in the health quiz may constitute special category data (health data) under GDPR Article 9. We only collect this data with your explicit consent, given when you begin the quiz.
This data is used to generate personalised supplement recommendations through our proprietary algorithm and to provide you with relevant, personalised health and product guidance via email (for example, content tailored to your stated health goals or dietary profile). Your health quiz answers are never shared with advertising platforms or used to build advertising audiences. The quiz does not provide medical advice, diagnosis, or treatment.
Legal bases:
-
Explicit consent for the processing of health-related data (GDPR Article 9(2)(a)).
-
Performance of a contract or pre-contractual steps at your request (GDPR Article 6(1)(b)).
2.3 When You Make a Purchase or Subscribe
When you place an order or subscribe, we collect:
-
Contact details: name, email address, shipping address, billing address.
-
Order information: products purchased, order history, subscription status, delivery preferences.
-
Payment information: processed securely by our payment providers (Shopify Payments and Vipps MobilePay). We do not store your card details directly.
Legal bases:
-
Performance of a contract (GDPR Article 6(1)(b)).
-
Compliance with legal obligations, including bookkeeping requirements (GDPR Article 6(1)(c)).
2.4 When You Use the Check-In System
If you are a subscriber, we may invite you to complete periodic check-in questionnaires to assess changes in your health, lifestyle, or wellness goals. We collect:
-
Your responses to check-in questions.
-
Any updated health or lifestyle information you choose to provide.
This data is used by our algorithm to suggest adjustments to your supplement plan. Suggested changes require your explicit approval before taking effect.
Legal bases:
-
Performance of a contract (GDPR Article 6(1)(b)).
-
Explicit consent for health-related data (GDPR Article 9(2)(a)).
2.5 When You Submit a Review
We operate our own review collection platform. If you submit a review, we may collect:
-
Your name (or display name), email address, and order reference.
-
Your written review, star rating, and any photos or media you choose to upload.
Reviews may be published on our Site to help other customers. You can request removal of your review at any time by contacting us.
Legal basis: Legitimate interest in promoting our business and providing social proof (GDPR Article 6(1)(f)). Consent where required (GDPR Article 6(1)(a)).
2.6 When You Contact Us
When you reach out via email or live chat, we collect the information you provide in your message, including your name, email address, order details, and the content of your inquiry.
Legal basis: Legitimate interest in handling your inquiry and providing customer support (GDPR Article 6(1)(f)). Performance of a contract where the inquiry relates to an order (GDPR Article 6(1)(b)).
2.7 Marketing and Newsletters
If you opt in to marketing emails via the health quiz or our Site, we collect your email address and any preferences you provide.
We distinguish between two types of email communication:
-
Service-related health guidance: If you consented to health data processing during the quiz, we may send you personalised emails related to your quiz profile (for example, content relevant to your stated health goals, dietary preferences, or lifestyle). These communications are covered by your health data consent and do not require separate marketing consent. You may unsubscribe from these emails at any time.
-
Promotional marketing: General newsletters, promotional offers, and product announcements are only sent if you have separately opted in to marketing. You can withdraw your marketing consent at any time by clicking the unsubscribe link at the bottom of any email or by contacting us.
Legal bases:
-
Health-related guidance emails: Explicit consent for health data processing (GDPR Article 9(2)(a)), as provided during the quiz.
-
Promotional marketing: Consent (GDPR Article 6(1)(a) and Danish Marketing Act § 10).
3. Algorithmic and Automated Processing
PersonaPath uses a proprietary algorithm to process the information you provide in the health quiz and check-in questionnaires. The algorithm generates personalised supplement recommendations based on your individual profile.
The algorithm runs on secure servers (Cloudflare Workers) and processes your quiz answers, health data, lifestyle information, and any check-in responses to calculate product recommendations, dosage tiers, and plan options.
Important: The algorithm provides recommendations only. No supplements are added to your plan without your explicit action. You always have the choice to modify, accept, or decline any recommendation. The algorithm does not make binding decisions about you without human involvement.
The algorithm does not constitute medical advice. Always consult a qualified healthcare professional before starting or changing a supplement regimen.
4. How We Use Your Personal Information
We use your personal information for the following purposes:
-
Providing our services: to process your orders, manage your subscription, deliver products, provide customer support, and generate personalised supplement recommendations.
-
Improving our services: to analyse usage patterns, improve our algorithm, enhance our Site, and develop new products and features.
-
Marketing: to send newsletters, promotional offers, and product recommendations (only with your consent).
-
Security and fraud prevention: to protect our Site, detect and prevent fraudulent activity, and ensure secure payment processing.
-
Legal compliance: to comply with applicable laws, including bookkeeping, tax, and consumer protection obligations.
-
Communications: to respond to your inquiries, send order confirmations, shipping notifications, billing reminders, and subscription-related emails.
5. Who We Share Your Data With
We only share your personal data when necessary to deliver our services, comply with legal obligations, or with your consent. We have data processing agreements in place with all processors.
5.1 Service Providers (Data Processors)
We share personal data with the following categories of service providers, who process data on our behalf and in accordance with our instructions:
-
Shopify — e-commerce platform, hosting, and order management. Shopify may process your data in countries outside the EU/EEA. For more information, see Shopify’s Consumer Privacy Policy.
-
Shopify Payments & Vipps MobilePay — payment processing. We do not store your card details. Payment data is handled directly by the payment provider.
-
Cloudflare — secure hosting of our recommendation algorithm, review system, and check-in system.
-
Klaviyo — email marketing and automated email flows. Your email address and quiz profile tags (such as health goals and dietary preferences, but not raw quiz answers) are shared with Klaviyo to enable personalised email communications. Quiz profile data shared with Klaviyo is limited to what is necessary for email segmentation and is never used for advertising purposes.
-
PostNord, GLS, DAO, Eursender, Bring — shipping and logistics. Your name, address, and contact details are shared for delivery purposes.
-
Cookiebot — cookie consent management. IP address and consent status are processed.
5.2 Analytics and Advertising Partners
With your consent (via Cookiebot), we share data with:
-
Google Analytics — website analytics and performance measurement.
-
Meta (Facebook) Pixel — advertising measurement and targeted marketing.
-
PostHog — product analytics and user experience improvement.
These services may use cookies and similar technologies to collect data about your browsing behaviour. You can manage your preferences at any time via the cookie consent banner on our Site.
5.3 Other Disclosures
We may also disclose your personal data:
-
To tax authorities, accountants, or legal advisors to comply with legal obligations (GDPR Article 6(1)(c)).
-
To law enforcement or government authorities where required by law.
-
In connection with a business transaction such as a merger, acquisition, or sale of assets.
6. International Data Transfers
Some of our service providers (including Shopify, Klaviyo, Google, and Meta) may process your data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:
-
The European Commission’s Standard Contractual Clauses (SCCs).
-
Adequacy decisions by the European Commission for the recipient country.
-
Certification under the EU-US Data Privacy Framework, where applicable.
You may request a copy of the relevant safeguards by contacting us at support@persona-path.com.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods are:
-
Order and subscription data: retained for 5 years after the end of the subscription or last purchase, in accordance with Danish bookkeeping requirements (Bogføringsloven).
-
Health quiz data: retained for the duration of your active account. Deleted or anonymised within 2 years of account inactivity.
-
Check-in data: retained for the duration of your active subscription. Deleted or anonymised within 2 years of account inactivity.
-
Review data: retained for as long as the review is published, or until you request its removal.
-
Marketing consent and email data: retained for as long as your consent is active. After withdrawal of consent, we may retain proof of consent for up to 2 years in accordance with the Danish Marketing Act’s limitation rules.
-
Consent records: proof of consent (timestamp, consent version, method, and email) is retained for 3 years from the date of consent, in accordance with our GDPR accountability obligations (GDPR Article 7(1)).
-
Customer support inquiries: retained for a maximum of 12 months after the inquiry is resolved.
-
Cookie data: retention depends on the specific cookie. See Section 10 (Cookie Policy) for details.
After the retention period expires, your data will be securely deleted or anonymised.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
-
Right of access: You have the right to request a copy of the personal data we hold about you.
-
Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
-
Right to erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions (e.g., bookkeeping obligations).
-
Right to restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances.
-
Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to request its transfer to another controller.
-
Right to object: You have the right to object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds.
-
Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at support@persona-path.com. We may ask you to verify your identity before processing your request. We will respond within 30 days, as required by the GDPR.
Please note that some of your personal data is necessary to fulfil our contract with you or to comply with legal obligations. If you request deletion of this data, it may affect our ability to provide services to you.
9. Complaints
If you are dissatisfied with how we process your personal data, we encourage you to contact us first at support@persona-path.com so we can resolve your concern.
You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk
10. Cookie Policy
Our Site uses cookies and similar tracking technologies. Cookies are small text files placed on your device when you visit a website. They help us provide you with a better experience and allow certain features to function.
10.1 Types of Cookies We Use
-
Strictly necessary cookies: Required for the Site to function properly (e.g., shopping cart, authentication, cookie consent preferences). These do not require your consent.
-
Functional cookies: Enable enhanced functionality and personalisation (e.g., language preferences, quiz progress). These do not require your consent.
-
Analytics cookies: Help us understand how visitors use our Site by collecting anonymised or pseudonymised data (e.g., Google Analytics, PostHog). These require your consent.
-
Marketing cookies: Used to track visitors across websites and display relevant advertisements (e.g., Meta Pixel, Google Ads). These require your consent.
10.2 Cookie Consent
When you first visit our Site, you will be presented with a cookie consent banner managed by Cookiebot. You can choose which categories of cookies to accept or reject. Strictly necessary cookies cannot be disabled, as they are essential for the Site to function.
You can change your cookie preferences at any time by clicking the cookie settings link in the footer of our Site or via the Cookiebot widget.
Your consent choice is stored for 12 months. After this period, you will be asked to renew your consent.
10.3 Third-Party Cookies
Some cookies are placed by third-party services (such as Google, Meta, and PostHog) that we use for analytics and advertising. These third parties may collect data about your browsing behaviour across different websites. We recommend reviewing their respective privacy policies for more information.
10.4 Managing Cookies in Your Browser
You can also manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking certain cookies may affect the functionality of our Site.
11. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption, access controls, secure hosting environments, and regular security reviews.
Payment data is processed by PCI DSS-compliant payment providers (Shopify Payments and Vipps MobilePay). We do not store card details on our systems.
Despite our best efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.
12. Children’s Data
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@persona-path.com and we will promptly delete it.
13. Changes to This Policy
We may update this Privacy and Cookie Policy from time to time to reflect changes to our practices, legal requirements, or operational needs. We will post the revised policy on our Site and update the "Last Updated" date at the top of this document.
For material changes that affect how we process your personal data, we will notify you by email or through a prominent notice on our Site before the changes take effect.
14. Contact Us
If you have any questions about this Privacy and Cookie Policy, or if you wish to exercise any of your rights, please contact us:
PersonaPath
Address: Konsul Jensens Gade 3, 3Th, 8700 Horsens, Denmark
Email: support@persona-path.com
Live Chat: Available on our Site
CVR: DK42679267