This Notice contains the following definitions used throughout:
|Healthspan||Healthspan Limited and its affiliates and subsidiaries from time to time|
|The Notice||The Privacy Notice|
|Personal Data||Any information that is related to an identified or identifiable natural person|
|Site/Website||Healthspan New Zealand: www.healthspan.nz|
Healthspan Limited is committed to safeguarding your personal privacy. This privacy notice provides you with details of how we collect and process your personal data through your use of our sites.
Healthspan Limited is registered as a Data Controller with the Office of the Data Protection Commissioner in Guernsey (01481 742074 https://odpa.gg/) under the current Data Protection (Bailiwick of Guernsey) Law, 2017 (which is the equivalent of the General Data Protection Regulation((EU) 2016/679) (“GDPR”) and the UK GDPR), and The Data Protection Act 2018 (DPA) legislation.
By providing us with your data, you warrant to us that you are over 13 years of age.
Healthspan Limited is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
We have appointed a Data Protection Officer who oversees privacy related matters for us. If you have any questions about this privacy notice, please contact the Data Protection Officer using the details set out below.
Data Protection Officer: Mr Matthew Loaring
Email address: DPO@healthspan.co.uk
Postal address: Healthspan House St Peter Port Guernsey GY1 2QH.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by:
- emailing us at firstname.lastname@example.org,
- by accessing your account details via My Account.
How Do We Collect Personal Information?
We may receive data from third parties such as analytics providers such as Google based outside the UK and/or the EU, advertising networks such as Facebook based outside the UK and/or the EU, such as search information providers such as Google based outside the UK and/or the EU, providers of technical, payment and delivery services, such as data brokers or aggregators.
We may also receive data from publicly availably sources such as Companies House and the Electoral Register based inside or outside the UK and/or the EU.
What Personal Information Do We Collect And Why?
When purchasing goods from Healthspan, you are entering into a contract with us.
|Order History data|
|Our Purpose:||We process this data for financial reporting, VAT, and auditing purposes.|
|Our Legal Basis:||Legal obligation|
|Data Type:||Healthspan does not process, transmit or store credit or debit card information electronically. All card payments are securely processed by our payment gateway provider CyberSource which then provides us with a token (expiry date and last four digits) to take future payments or apply refunds. Debit or credit card information sent by direct mail, is subscribed manually to obtain a token, and the physical copy destroyed.|
|Data Type:||Healthspan does not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data. We do not collect any information about criminal convictions and offences.|
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at email@example.com. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Marketing CommunicationsOur lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
To Manage Your Preferences
You control your preferences in respect of how your Personal Data is used for marketing, and you can change these preferences at any time by:
- logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences by selecting Manage preferences under My Account, OR
- following the opt-out links on any marketing message sent to you or, OR
Please note that it may take around five working days to unsubscribe you from email marketing, and up to six weeks to unsubscribe you from postal marketing (as mailings are printed in advance). Whatever your marketing preferences, we will not share your data with third parties, without your explicit consent.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
Who Do We Share Your Data With And Why?
Healthspan will never pass or sell your data outside the Healthspan Group of companies, except where required to fulfil order delivery, or to provide communications as part of Healthspan’s normal service, including marketing and analytics.
We share your data with our trusted fulfilment partners and ensure all appropriate contractual safeguards and security is in place. These include warehouse packing services, IT systems, hosting providers and IT support; mailing houses, email services, marketing analysis third parties and an independent product and service review provider (see below).
We are subject to the provisions of the current Data Protection (Bailiwick of Guernsey) Law, 2017, which is the equivalent of the UK General Data Protection Regulations and the EU General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of Guernsey, the UK, and the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
- We may transfer your personal data to countries that the European Commission has approved as providing an adequate level of protection for personal data ('authorised jurisdictions') or
- We may transfer data to other countries that are based outside of the EEA and are not an authorised jurisdiction, however we will only do so where equivalent and appropriate safeguards are in place (for example Standard Data Protection Contractual Clauses or codes of conduct or certification mechanisms approved by the European Commission or Data Protection Authority). These safeguards are designed to ensure that your personal data is provided with the same level of protection that it has in Guernsey, the UK and/or Europe; or.
If none of the mentioned safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We share your Personal Information with external companies that provide services on our behalf including:
- Customer service center
- Media agencies
- Mailing houses and printers
- Market research agencies
How We Use Information From Social Media Channels
Information publicly available on social media Sites may be used by us to monitor and review how customers engage with our brand. This process does not always identify individual users. Should we wish to use information posted publicly by you on a social media Site such as Facebook, we will not do so without your permission.
In order to provide improved offers, advice, and information, and to evaluate our advertising across various online marketing channels and social media Sites (such as Facebook), we may analyse the following: your Personal Information, products you view and buy, your browsing habits and other ways you interact with us. Facebook Ireland is a Joint Controller of the Joint Processing of Personal Data; for more information on how Facebook processes Personal Data and ways to exercise data subject rights, visit Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy.
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions, and they must keep it confidential. We also have procedures in place, should a suspected personal data breach occur and will notify you and any applicable regulator of a breach if we are legally required to.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Healthspan needs to keep transaction information for auditing and statutory reporting purposes; therefore, the decision was made to only retain your related data for a period of 10 years after your last interaction with us. However, we can remove you from our marketing database at your request.
When deciding what the correct time is to keep the data for, we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your Personal Data is protected by legal rights, which include:
|Right to be informed||To know what Personal Data we process, how and why.|
|Right of access||To request access to your Personal Information and information about how we process it.|
|Right to rectification||To have your Personal Information corrected if it is inaccurate and to have incomplete Personal Information completed.|
Right to erasure (also known as the Right to be Forgotten)
|To have your Personal Information erased.|
Right to data portability
|To electronically move, copy or transfer your Personal Information in a standard form.|
|Right to restrict processing||To restrict processing of your Personal Information.|
|Rights in relation to automatic decision-making including profiling||Rights with regards to automated individual decision making, including profiling.|
Should you wish to action any of these rights, please contact our friendly Customer Care Services via email: firstname.lastname@example.org, or call +44 (0) 0800 73 123 77.
To contact Healthspan’s Data Protection Officer: Mr Matthew Loaring, and/ or if you have any concerns as to how your data is processed, please email DPO@healthspan.co.uk.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
If you are within the EU and are not happy with any aspect of how we collect and use your data, you have the right to complain to the data protection authority of the country in which you are based. We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
You also have the right to lodge a complaint to The Office of the Data Protection Commission in Guernsey (odpa.gg) if you believe that we have not complied with the legal requirements regarding your Personal Data.
Reviews and Ratings
To leave a product rating or review you must have purchased that product.
All reviews are collected by Feefo, an independent review engine. Healthspan do not vet poor reviews but may respond directly to them.
The poster of a product rating or review continues to own all rights to content provided to Healthspan. However, Healthspan reserves the right to use this content royalty free as part of its marketing and communication programs.
The purpose of reviews is to help people who haven’t brought the product to learn from the experiences of those that have.
Third Party Links
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Updates To This Notice
Healthspan reserves the right to update this notice in line with current legislation and best practices. If we make changes to this notice, we will notify you by updating it on our Website.
Last amended date: November 2021