Cookies on the Healthspan site
Healthspan Limited is committed to safeguarding your personal privacy. This privacy notice provides you with details of how we collect and process your personal data through your use of our sites www.healthspan.co.uk & www.healthspanelite.co.uk.
Healthspan Limited is registered as a Data Controller with the Office of the Data Protection Commissioner in Guernsey (01481 742074 www.odpa.gg) under the current Data Protection (Bailiwick of Guernsey) Law, 2017 (which is the equivalent of the General Data Protection Regulation((EU) 2016/679) ("GDPR") and the UK GDPR), and The Data Protection Act 2018 (DPA) legislation.
By providing us with your data, you warrant to us that you are over 13 years of age.
Healthspan Limited is the data controller and we are responsible for your personal data (referred to as "we", "us" or "our" in this privacy notice).
We have appointed a Data Protection Officer who oversees privacy related matters for us. If you have any questions about this privacy notice, please contact the Data Protection Officer using the details set out below.
Our full details are:
Data Protection Officer: Mrs Esteé Watchorn
Email address: DPO@healthspan.co.uk
Postal address: Healthspan House St Peter Port Guernsey GY1 2QH.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by:
We may receive data from third parties such as analytics providers such as Google based outside the UK and/or the EU, advertising networks such as Facebook based outside the UK and/or the EU, such as search information providers such as Google based outside the UK and/or the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We may also receive data from publicly availably sources such as Companies House and the Electoral Register based inside or outside the UK and/or the EU.
When purchasing goods from Healthspan, you are entering into a contract with us. We may process the following categories of personal data about you:
|Data Type:||Any communication that you provide us whether that be through the contact form on our website, through email, text, social media messaging, social media posting, telephone recordings or any other communication that you send us.|
|Our Purpose:||We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance, or defence of legal claims. Further to telephone recordings, this is also to enforce that staff use agreed protocols.|
|Our Legal Basis:||Legitimate Interest|
|Our Legitimate Interest explained:||To reply to communications sent to us, to keep records and to establish, pursue or defend legal claims. Telephone calls are also recorded for a limited period for the purposes of quality control and coaching.|
|Data Type:||Data relating to any purchases of goods and/or services such as Subscribe & Save. This would include your name, title, billing address, delivery address email address, phone number, contact details, and purchase details.|
|Our Purpose:||We process this data to supply the goods and/or services you have purchased and to keep records of such transactions.
|Our Legal Basis:
||Order History data|
|Our Purpose:||We process this data for financial reporting, VAT, and auditing purposes.|
|Our Legal Basis:||Legal obligation|
|Data Type:||Healthspan does not process, transmit or store credit or debit card information electronically. All card payments are securely processed by our payment gateway provider CyberSource, which then provides us with a token (expiry date and last four digits) to take future payments or apply refunds. Debit or credit card information sent by direct mail, is subscribed manually to obtain a token, and the physical copy destroyed.|
|Data Type:||Data about how you use our website and any online services together with any data that you post for publication on our website or through other online services.|
|Our Purpose:||We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication and administration of our website, other online services, and business.|
|Our Legal Basis:||Legitimate Interest|
|Our Legitimate Interest explained:||To enable us to properly administer our website and our business.
|Data Type:||Data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system.|
|Our Purpose:||We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising.
|Our Legal Basis:||Legitimate Interest|
|Our Legitimate Interest explained:||To enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.|
|Data Type:||Data about your preferences in receiving marketing from us and our third parties and your communication preferences. This would include your name, title, address, email address, and purchase details.|
|Our Purpose:||We process this data to enable you to partake in our promotions such as competitions and prize draws, to deliver relevant website content, service enhancement notifications, and advertisements to you and measure or understand the effectiveness of this advertising.
|Our Legal Basis:||Legitimate Interest
|Our Legitimate Interest explained:||To study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.|
|Data Type:||Customer Data, User Data, Technical Data, Order History and Marketing Data|
|Our Purpose:||Direct Marketing:
To provide you with marketing communications informing you of special offers, promotions, competitions, new lines, sales, advice, and information across various marketing channels including online advertising and social media Sites. Our aim is to deliver relevant marketing content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you.
|Our Legal Basis:||Consent or Legitimate Interest|
|Our Legitimate Interest explained:||Healthspan has a legitimate interest to provide you with direct marketing to grow our business, to study how customers use our products/services, to develop them, and to decide our marketing strategy. Please see section 5 Marketing Communications for an explanation around your consent in this instance.|
|Data Type:||Healthspan does not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data. We do not collect any information about criminal convictions and offences.|
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don't provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at email@example.com. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under the Privacy and Electronic Communications Regulations (PECR), we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and, in each case, you have not opted out of receiving such communications since. Under these regulations, as a limited company, we may send you direct marketing communications without your consent. However, you can opt out of receiving marketing communications from us at any time.
You control your preferences in respect of how your Personal Data is used for marketing, and you can change these preferences at any time by:
Please note that it may take around five working days to unsubscribe you from email marketing, and up to six weeks to unsubscribe you from postal marketing (as mailings are printed in advance). Whatever your marketing preferences, we will not share your data with third parties, without your explicit consent.
If you opt out of receiving marketing communications, this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
Healthspan will never pass or sell your data outside the Healthspan Group of companies, except where required to fulfil order delivery, or to provide communications as part of Healthspan's normal service, including marketing and analytics.
We share your data with our trusted fulfilment partners and ensure all appropriate contractual safeguards and security is in place. These include warehouse packing services, IT systems, hosting providers and IT support; mailing houses, email services, marketing analysis third parties and an independent product and service review provider (see below).
We are subject to the provisions of the current Data Protection (Bailiwick of Guernsey) Law, 2017, which is the equivalent of the UK General Data Protection Regulations and the EU General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of Guernsey, the UK, and the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
If none of the mentioned safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Healthspan shares hashed data with Facebook to enable us to provide offers and content which may be of interest to you. For more information please visit: https://www.facebook.com/policy.php. Healthspan and Facebook Ireland have entered into a Controller Addendum with regard to the Joint Processing of Personal Data; Facebook Ireland is responsible for enabling Data Subjects' rights with regard to Personal Data stored by Facebook Ireland after the Joint Processing.
We share your Personal Information with external companies that provide services on our behalf including:
Information publicly available on social media Sites may be used by us to monitor and review how customers engage with our brand. This process does not always identify individual users. Should we wish to use information posted publicly by you on a social media Site such as Facebook, we will not do so without your permission.
In order to provide improved offers, advice, and information, and to evaluate our advertising across various online marketing channels and social media Sites (such as Facebook), we may analyse the following: your Personal Information, products you view and buy, your browsing habits and other ways you interact with us. Facebook Ireland is a Joint Controller of the Joint Processing of Personal Data; for more information on how Facebook processes Personal Data and ways to exercise data subject rights, visit Facebook Ireland's Data Policy at https://www.facebook.com/about/privacy.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions, and they must keep it confidential. We also have procedures in place, should a suspected personal data breach occur and will notify you and any applicable regulator of a breach if we are legally required to.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Healthspan needs to keep transaction information for auditing and statutory reporting purposes; therefore, the decision was made to only retain your related data for a period of 10 years after your last interaction with us. However, we can remove you from our marketing database at your request.
When deciding what the correct time is to keep the data for, we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Personal Data is protected by legal rights, which include:
|Right to be informed||To know what Personal Data we process, how and why.|
|Right of access||To request access to your Personal Information and information about how we process it.|
|Right to rectification||To have your Personal Information corrected if it is inaccurate and to have incomplete Personal Information completed.|
|Right to erasure (also known as the Right to be Forgotten)||To have your Personal Information erased.|
|Right to withdraw consent to direct marketing at any time||To choose not to receive any direct marketing content.|
|Right to data portability||To electronically move, copy or transfer your Personal Information in a standard form.|
|Right to restrict processing||To restrict processing of your Personal Information.|
|Rights in relation to automatic decision-making including profiling||Rights with regards to automated individual decision making, including profiling.|
Should you wish to action any of these rights, please contact our friendly Customer Care Services via email: firstname.lastname@example.org, or call FREEPHONE 080 073 12377.
To contact Healthspan's Data Protection Officer: Mrs Esteé Watchorn, and/ or if you have any concerns as to how your data is processed, please email DPO@healthspan.co.uk.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
If you are within the EU and are not happy with any aspect of how we collect and use your data, you have the right to complain to the data protection authority of the country in which you are based. We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
You also have the right to lodge a complaint to The Office of the Data Protection Commission in Guernsey (www.odpa.gg) if you believe that we have not complied with the legal requirements regarding your Personal Data.
To leave a product rating or review you must have purchased that product.
All reviews are collected by Feefo, an independent review engine. Healthspan do not vet poor reviews but may respond directly to them.
The poster of a product rating or review continues to own all rights to content provided to Healthspan. However, Healthspan reserves the right to use this content royalty free as part of its marketing and communication programs.
The purpose of reviews is to help people who haven't brought the product to learn from the experiences of those that have.
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Healthspan reserves the right to update this notice in line with current legislation and best practices. If we make changes to this notice, we will notify you by updating it on our Website.
Last amended date: January 2022