10% OFF £25 | 15% OFF £35 | 20% OFF £50
Definitions
This Notice contains the following definitions used throughout:
Terminology | Meaning |
---|---|
Healthspan | Healthspan Limited and its affiliates and subsidiaries from time to time |
The Notice | The Privacy Notice |
Personal Data | Any information that is related to an identified or identifiable natural person |
Site/Website | Healthspan Elite UK: www.healthspanelite.co.uk |
Privacy Notice
Healthspan Limited is committed to safeguarding your personal privacy. This privacy notice provides you with details of how we collect and process your personal data through your use of our sites.
Healthspan Limited is registered as a Data Controller with the Office of the Data Protection Commissioner in Guernsey (01481 742074 https://www.odpa.gg) under the current Data Protection (Bailiwick of Guernsey) Law, 2017 (which is the equivalent of the General Data Protection Regulation((EU) 2016/679) (“GDPR”) and the UK GDPR), and The Data Protection Act 2018 (DPA) legislation.
By providing us with your data, you warrant to us that you are over 13 years of age.
Healthspan Limited is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
We have appointed a Data Protection Officer who oversees privacy related matters for us. If you have any questions about this privacy notice, please contact the Data Protection Officer using the details set out below.
Contact Details
Healthspan Limited
Data Protection Officer: Mr Matthew Loaring
Email address: DPO@healthspan.co.uk
Postal address: Healthspan House St Peter Port Guernsey GY1 2QH.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by:
- emailing us at customercare@healthspan.co.uk,
- calling +44 (0) 0800 73 123 77, or
- by accessing your account details via My Account.
How Do We Collect Personal Information?
We may collect data about you by you providing the data directly to us (for example whenever you use our Site, complete an application form, contact Healthspan electronically, or purchase online products offered by Healthspan). We may automatically collect certain data from you as you use our website by using cookies and similar technologies. Please see our cookie policy for more details about this.
We may receive data from third parties such as analytics providers such as Google based outside the UK and/or the EU, advertising networks such as Facebook based outside the UK and/or the EU, such as search information providers such as Google based outside the UK and/or the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We may also receive data from publicly availably sources such as Companies House and the Electoral Register based inside or outside the UK and/or the EU.
What Personal Information Do We Collect And Why?
When purchasing goods from Healthspan, you are entering into a contract with us. We may process the following categories of personal data about you:
Communication Data | |
---|---|
Data Type: | Any communication that you provide us whether that be through the contact form on our website, through email, text, social media messaging, live chat, Whatsapp, social media posting, telephone recordings or any other communication that you send us. |
Our Purpose: | We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance, or defense of legal claims. Further to telephone recordings, this is for training purposes and also to enforce that staff use agreed protocols. |
Our Legal Basis: | Legitimate Interest. |
Our Legitimate Interest explained: | To reply to communications sent to us, to keep records and to establish, pursue or defend legal claims. Telephone calls are also recorded for a limited period for the purposes of quality control and coaching. |
Customer Data | |
---|---|
Data Type: | Data relating to any purchases of goods and/or services such as Subscribe & Save. This would include your name, title, billing address, delivery address email address, phone number, contact details, and purchase details. |
Our Purpose: | We process this data to supply the goods and/or services you have purchased or requested and to keep records of such transactions. We also use the data for generation of reports (i.e. sales reports etc.) and to learn from customer transactional behaviour for internal business purposes only. |
Our Legal Basis: | Contractual. |
Order History data | |
---|---|
Our Purpose: | We process this data for financial reporting, VAT, and auditing purposes. |
Our Legal Basis: | Legal obligation. |
Credit/Debit Cards | |
---|---|
Data Type: | Healthspan does not process, transmit or store credit or debit card information electronically. All card payments are securely processed by our payment gateway provider CyberSource which then provides us with a token (expiry date and last four digits) to take future payments or apply refunds (which can be completed via cheque or BACS) where a customer wishes to return a product. Debit or credit card information sent by direct mail, is subscribed manually to obtain a token, and the physical copy destroyed. |
User Data | |
---|---|
Data Type: | Data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. |
Our Purpose: | We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication and administration of our website, other online services, and business. |
Our Legal Basis: | Legitimate Interest. |
Our Legitimate Interest explained: | To enable us to properly administer our website and our business. |
Technical Data | |
---|---|
Data Type: | Data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. |
Our Purpose: | We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. |
Our Legal Basis: | Legitimate Interest. |
Our Legitimate Interest explained: | To enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy. |
Marketing Data | |
---|---|
Data Type: | Data about your preferences in receiving marketing from us and our third parties and your communication preferences. This would include your name, title, address, email address, and purchase details. |
Our Purpose: | We process this data to enable you to partake in our promotions such as competitions and prize draws, to deliver relevant website content, service enhancement notifications, and advertisements to you and measure or understand the effectiveness of this advertising. |
Our Legal Basis: | Legitimate Interest. |
Our Legitimate Interest explained: | To study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy. |
Customer Data, User Data, Technical Data, Order History and Marketing Data | |
---|---|
Data Type: | Direct Marketing: To provide you with marketing communications informing you of special offers, promotions, competitions, new lines, sales, advice, and information across various marketing channels including online advertising and social media Sites. Our aim is to deliver relevant marketing content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. |
Our Legal Basis: | Consent or Legitimate Interest. |
Our Legitimate Interest explained: | Healthspan has a legitimate interest to provide you with direct marketing to grow our business, to study how customers use our products/services, to develop them, and to decide our marketing strategy. Please see section 5 Marketing Communications for an explanation around your consent in this instance. |
Sensitive Data | |
---|---|
Data Type: | Healthspan does not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data. We do not collect any information about criminal convictions and offences. |
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at customercare@healthspan.co.uk. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law. An example of this processing may be where Healthspan receives a transaction query from a bank due to concerns of fraudulent activity.
Marketing Communications
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).We may send you marketing via direct mail without your consent, the lawful basis for this communication is legitimate interest instead as the processing does not fall under the remit of the Privacy and Electronic Communication Regulation (PECR). You can opt out of receiving marketing communications at any time (see "To Manage Your Preferences" below).
To Manage Your Preferences
You control your preferences in respect of how your Personal Data is used for marketing, and you can change these preferences at any time by:
- logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences by selecting Manage preferences under My Account, OR
- following the opt-out links on any marketing message sent to you or, OR
- contacting us via customercare@healthspan.co.uk, or calling +44 (0) 0800 73 123 77, at any time.
Please note that it may take around five working days to unsubscribe you from email marketing, and up to six weeks to unsubscribe you from postal marketing (as mailings are printed in advance). Whatever your marketing preferences, we will not share your data with third parties, without your explicit consent.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
Who Do We Share Your Data With And Why?
Healthspan will never pass or sell your data outside the Healthspan Group of companies, except where required to fulfil order delivery, or to provide communications as part of Healthspan’s normal service, including marketing and analytics.
We share your data with our trusted fulfilment partners and ensure all appropriate contractual safeguards and security is in place. These include warehouse packing services, IT systems, hosting providers and IT support; mailing houses, email services, marketing analysis third parties and an independent product and service review provider (see below).
We are subject to the provisions of the current Data Protection (Bailiwick of Guernsey) Law, 2017, which is the equivalent of the UK General Data Protection Regulations and the EU General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of Guernsey, the UK, and the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
- We may transfer your personal data to countries that the European Commission has approved as providing an adequate level of protection for personal data ('authorised jurisdictions'); or
- We may transfer data to other countries that are based outside of the EEA and are not an authorised jurisdiction, however we will only do so where equivalent and appropriate safeguards are in place (for example Standard Data Protection Contractual Clauses or codes of conduct or certification mechanisms approved by the European Commission or Data Protection Authority). These safeguards are designed to ensure that your personal data is provided with the same level of protection that it has in Guernsey, the UK and/or Europe; or
- If none of the mentioned safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Healthspan shares “pseudonymized” data with Meta to enable us to provide you, and other audiences with similar interests, with offers and content which may be of interest via ads on Meta. You are able to opt-out of receiving ads on Meta and can do so through the following link: https://www.facebook.com/policy.php. Meta does not share the data or use it for any other purpose other than what is stipulated in this Notice. The pseudonymized data that is provided to Meta is basic personal data (for example, email, name, address etc.). Healthspan and Facebook Ireland have entered into a Controller Addendum with regard to the Joint Processing of Personal Data; Facebook Ireland is responsible for enabling Data Subjects' rights with regard to Personal Data stored by Facebook Ireland after the Joint Processing.
Healthspan also shares “pseudonymized” data with Google to enable us to provide you, and other audiences with similar interests, with offers and content which may be of interest via Google ads. You can manage these ads through the following link: https://adssettings.google.com.
We share your Personal Information with external companies that provide services on our behalf including:
- Customer service center
- Media agencies
- Mailing houses and printers
- Market research agencies
How We Use Information From Social Media Channels
Information publicly available on social media Sites may be used by us to monitor and review how customers engage with our brand. This process does not always identify individual users. Should we wish to use information posted publicly by you on a social media Site such as Facebook, we will not do so without your permission.
In order to provide improved offers, advice, and information, and to evaluate our advertising across various online marketing channels and social media Sites (such as Facebook), we may analyse the following: your Personal Information, products you view and buy, your browsing habits and other ways you interact with us. Facebook Ireland is a Joint Controller of the Joint Processing of Personal Data; for more information on how Facebook processes Personal Data and ways to exercise data subject rights, visit Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy.
Healthspan operate their ‘Refer a Friend’ scheme, via third party supplier ‘Mention Me’. Please ensure that you read and understand the privacy policy and terms and conditions set out by Mention Me, when using this scheme: https://mention-me.com/help/privacy_policy.
Data Security
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions, and they must keep it confidential. We also have procedures in place, should a suspected personal data breach occur and will notify you and any applicable regulator of a breach if we are legally required to.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Healthspan needs to keep transaction information for auditing and statutory reporting purposes; therefore, the decision was made to only retain your related data for a period of 10 years after your last interaction with us. However, we can remove you from our marketing database at your request.
When deciding what the correct time is to keep the data for, we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Healthspan also utilises data matching and screening tools (for example MatchIT) to ensure that personal data relating to customers, who are deceased or have not interacted with Healthspan for a period of time, is erased.
Please see the below table for further information regarding Healthspan's retention of personal data.
Processing Description | Personal Data | Format | Retention Period |
---|---|---|---|
Customer Enquiries - Email, SMS, Telephone calls and Whatsapp | Full name, address, email, telephone number and any other data provided by the data subject | Electronic | Telephony recordings retained for 120 days |
Customer Enquiries - Live Chat | Full name, address, email, telephone number and any other data provided by the data subject | Electronic | Data retained for 6 months by communications provider |
Customer Enquiries - Post | Full name, address, email, telephone number and any other data provided by the data subject | Physical | Data received via post is shredded once customer enquiry has concluded |
Customer Enquiries - Social Media | Full name, address, email, telephone number and any other data provided by the data subject | Electronic | Data located on social media accounts are retained for 6 months |
Customer/Prospect Customer Data | Full name, address, email, telephone number and customer interactions | Electronic | Account related data retained for lifetime of customer account +5 years |
Direct Marketing - Email and Mail | Full name, address, email, telephone number | Electronic | Account related data retained for lifetime of customer account +5 years. Data transferred into mail print software is deleted daily |
Feefo - Customer Feedback/Review | Full name and email | Electronic | Feefo feedback exists on Healthspan website for 30 days before being replaced |
Marketing - Social Media Competitions | Full name and email | Electronic | Manual deletion of data following closure of event |
Your Rights
Your Personal Data is protected by legal rights, which include:
Your rights | Explanation |
---|---|
Right to be informed | To know what Personal Data we process, how and why. |
Right of access | To request access to your Personal Information and information about how we process it. |
Right to rectification | To have your Personal Information corrected if it is inaccurate and to have incomplete Personal Information completed. |
Right to erasure (also known as the Right to be Forgotten) | To have your Personal Information erased. |
Right to data portability | To electronically move, copy or transfer your Personal Information in a standard form. |
Right to restrict processing | To restrict processing of your Personal Information. |
Rights in relation to automatic decision-making including profiling | Rights with regards to automated individual decision making, including profiling. |
Should you wish to action any of these rights, please contact our friendly Customer Care Services via email: customercare@healthspan.co.uk, or call FREEPHONE 080 073 12377.
To contact Healthspan’s Data Protection Officer: Mr Matthew Loaring, and/ or if you have any concerns as to how your data is processed, please email DPO@healthspan.co.uk.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
If you are within the EU and are not happy with any aspect of how we collect and use your data, you have the right to complain to the data protection authority of the country in which you are based. We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
You also have the right to lodge a complaint to The Office of the Data Protection Commission in Guernsey (https://www.odpa.gg) if you believe that we have not complied with the legal requirements regarding your Personal Data.
Reviews and Ratings
To leave a product rating or review you must have purchased that product.
All reviews are collected by Feefo, an independent review engine. Healthspan do not vet poor reviews but may respond directly to them.
The poster of a product rating or review continues to own all rights to content provided to Healthspan. However, Healthspan reserves the right to use this content royalty free as part of its marketing and communication programs.
The purpose of reviews is to help people who haven’t brought the product to learn from the experiences of those that have.
Third Party Links
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.
Updates To This Notice
Healthspan reserves the right to update this notice in line with current legislation and best practices. If we make changes to this notice, we will notify you by updating it on our Website.
Last amended date: September 2024