Privacy Policy
- General information
- We take data protection and information security very seriously. The effective management of all personal data, including security and confidentiality, is the heart of our business and naturally underpins our practices and processes.
This privacy notice informs you about the type, scope and purpose of the processing of personal data we collect, use and process as a part of our website and its functions and content as well as our external online presences, such as our Social Media Profiles (the “Services”).
This notice applies to you, the User of our Services and us the provider of the Services and governs the processing of your personal data in context of our Services and business. - Name and contact details of the responsible person: NUTRIZONE LTD Company Reg. No. 14574619
- 128 City Road
- London
- EC1V 2NX
- E-mail: [email protected]
- Nutrizone proceeds with all data processing procedures (e.g. collection, processing and transmission) in accordance with the statutory provisions of the UK`s Data Protection Act 2018 and in line with Regulation (EU) 2016/679 (General Data Protection Regulation). The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures Nutrizone takes to protect your data and how you can exercise your rights.
- Collection, use and storage of personal data
- When you use the online offer, Nutrizone collects different data from you, partly also so-called personal data. This is information that relates to an identified or identifiable natural person (hereinafter "data subject").
- Visiting the Nutrizone website in general
-
When visiting the Nutrizone website, you transmit data to our web server (due to technical necessity) via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- complete IP address of the requesting computer
- amount of data transferred
For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data.
The legal basis for the storage is Article 6 lit. f) GDPR.
Further personal information is only collected if you provide it voluntarily, for example in the context of an enquiry or registration. Depending on the area concerned, Nutrizone uses the personal data provided by you to answer your enquiries, to process your order and for the purpose of technical administration of the websites. In detail, the use in the respective areas follows as follows:
Online Shop
When you place an order in our online shop, we store the following information in order to fulfil the contract concluded between you and Nutrizone or to carry out pre-contractual measures in accordance with Article 6 lit. b) GDPR:
- a) Order without setting up a customer account
When placing an order in the online shop, all data necessary for execution and processing are requested by means of mandatory fields: Your full name, your e-mail address, your address (billing address and, if applicable, different delivery address). Your data will only be used to process your order.
- b) Customer account / registration
It is also possible for you to register for your purchase at Nutrizone. For this purpose, you can choose a password together with your e-mail address, both of which will enable you to log in more easily without having to enter your data again when you make a purchase at a later date. Nutrizone stores the data you enter to set up a customer account through which your orders are recorded, executed and processed. Nutrizone will hold your data for further orders as long as you maintain your registration. You have the right to access, correct or delete your registration data at any time.
- c) Retention of order data
If you submit data to Nutrizone for an order, your data will be stored for as long as necessary for the processing of the purchase and mandatory according to the legal retention periods. The extended storage for the fulfilment of the storage obligations is carried out according to article 6 lit. c) GDPR.
Contact us
If you contact Nutrizone, the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done in accordance with Article 6 lit. b) GDPR to process your request. Your data provided via a contact form will not be used for any other purposes, in particular not for advertising.
- Disclosure and deletion of personal data
-
Visiting the Nutrizone website
The data stored during the mere visit of the Nutrizone website will not be passed on to third parties.
Online shop
- a) Disclosure within affiliated companies pursuant to Art. 6 Para. 1 lit. b GDPR
We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact a store or our customer hotline with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.
b)Disclosure to service providers according to Art. 6 para. 1 lit. b and f GDPR
For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g. for central IT services or the hosting of our website, for the payment and delivery of products or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g. name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract:
- In the case of delivery of goods to logistics companies and the postal service provider (Royal Mail) specified when the order was placed.
- In the case of payment for goods to the payment service provider specified (Opayo or PayPal ) when the order was placed.
We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.
- c) Disclosure to other third parties pursuant to Art. 6 para. 1 lit. c and f GDPR
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g. due to official or court orders, or if we are entitled to do so, e.g. because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.
Contacting us
Only if your enquiry or comment concerns a different Nutrizone than the one whose contact form you have used, will your message and the associated data be transmitted to the correct contact person within the company. The data you have entered in an Nutrizone online contact form will not be passed on to other third parties unless you are specifically informed of this.
Market Research
All your data collected on the Nutrizone website for the purpose of market research will be used exclusively for Nutrizone internal purposes and will not be passed on to third parties. They will be deleted when their knowledge is no longer necessary for market research.
Transfer to authorities and other public bodies
Your data will only be disclosed to third parties outside the Nutrizone if the responsible public authority or governmental institution orders the disclosure in an individual case, in which case Nutrizone is obliged to do so.
- Sending information
-
We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you.
- a) Newsletter registration on our website
On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us, i.e. at least your e-mail address. The registration is carried out by means of the so-called double opt-in procedure.
After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection notice. If you register for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for the purpose of sending you the newsletter.
- b) Dispatch due to the sale of goods
If you purchase goods or services on our website, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR, because advertising related products and services by way of direct advertising represents a legitimate interest for us as the provider of this website. You may object to the processing of your personal data for the purpose of direct advertising at any time. We will then refrain from further processing for such purposes. You can send us your objection as described below. In addition, you can object to the sending of such newsletters at any time in the future without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us in any other way.
We would like you to enjoy reading our e-mails. Therefore, we try to only include content that you are likely to be interested in. We therefore measure and store opening and click-through rates in your usage profile, i.e. whether and when you open our emails, which content of the emails you click on and when, as well as whether and why our emails could possibly not be delivered. We also use this data for statistical purposes. In particular, this serves our legitimate interest to evaluate the performance of the individual newsletter campaigns and to define optimisation measures in order to make the newsletter as attractive and suitable as possible for you. The legal basis for the processing is therefore Art. 6 para. 1 lit. f GDPR.
Of course, you can unsubscribe from receiving our information at any time, i.e. revoke your consent with effect for the future or object to data processing. For this purpose, you will find a corresponding unsubscribe link in every mail or newsletter and can confirm the unsubscription on our website. You can also contact us for a cancellation at any time.
- General technical organisational measures
-
Nutrizone has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by Nutrizone is protected by physical, technical and procedural measures that limit access to the information to specifically authorised persons in accordance with this Privacy Policy.
The Nutrizone website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.
Secure data transmission
The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer ("SSL") technology, (SSL encryption version 3).
Credit card information
Any credit card information you provide will not be stored by Nutrizone, but will be encrypted and collected directly from the payment service provider via hypertext transfer protocol secure ("https").
Passwords
You should never disclose your password for accessing our customer portal to any third party and you should change it regularly. If you want to leave your customer account in the online shop, you should press the logout and close your browser to prevent anyone from gaining unauthorised access to it.
- Online presence in social media
-
We maintain online presences within social media on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
Data processing by the operator of the social media platform
The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot, for example, switch this off.
Please be aware: It cannot be ruled out that the provider of the social media platform uses your profile and behavioural data, for example to evaluate your habits, personal relationships, preferences, etc. We have no influence on this. In this respect, we have no influence on the processing of your data by the provider of the social media platform.
Google Analytics
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR) Google Analytics, a web analytics service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.
Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information on Google's use of data, settings and opt-out options, please visit Google's websites: https://www.google.com/intl/en/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps"), https://policies.google.com/technologies/ads ("Data use for advertising purposes"), https://adssettings.google.com/authenticated ("Manage the information Google uses to serve you ads").
Your Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website (www.ico.org.uk).
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on each right on the Information Commissioners (ICO) website and you can simply follow the links provided to learn more.
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website ( www.ico.org.uk ).
The Supervisory Authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
International transfers
We do not directly and for the purpose of processing transfer your personal data outside the European Economic Area (EEA) and the United Kingdom.
Content Delivery Network
Our web site uses a so-called Content Delivery Network (CDN). A CDN is a network of powerful servers that cache content at various locations around the world. A CDN has two main tasks: to deliver content in the shortest possible time and to reduce the load on the web host by distributing traffic. CDNs transmit two types of content: Static and dynamic content. Static content is delivered to all website visitors in the same form, such as video content from streaming services or code frameworks (e.g. Javascript, jQuery). Dynamic content is first adapted to the user and only created at the moment of the request. This includes content that takes place via web applications, email or online shops and is personalised. In order to use the latter, information about the website visitor must first be transmitted to the CDN. The legal basis for the use of a CDN and the transmission of your data to it is our legitimate interest. The legitimate interest results from our need for a technically flawless and fast presentation of our web site and the relief of our IT infrastructure. You can object to the processing of your data on the basis of our legitimate interest at any time. To do so, please use the contact details provided.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Children Data
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
Do Not Track
Do Not Track is an HTTP header field and signals a website or web application's desire that it not create a usage profile about the visitor's activities. Note that if a Do Not Track signal is displayed in your browser, we will not change our website's data collection and usage practices
Am I Obliged To Provide Data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.
Data Breaches and Notification
Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Automated decision-making and profiling
We do not use automation for decision-making and profiling.
Changes
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.Contact us. For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [email protected].