Lastinghealth.com Limited (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This policy (together with our terms and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.lastinghealth.com (the “Website”) you are accepting and consenting to the practices described in this policy.
- WHO ARE WE?
Your personal data i.e. any information which identifies you, or which can be identified as relating to you personally, will be collected and used by Lastinghealth.com Limited a company registered in England with company number 10573539 and registered office at Maple House, Wood Lane, Paradise Industrial Estate, Hemel Hempstead, Hertfordshire, HP2 4TL.
- THE DATA WE COLLECT FROM YOU
2.1. Information you give us
When you place an order via the Website, or contact our customer service team we may collect any or all of the following information about you:
- personal details (name, date of birth, email, delivery address, telephone number, mobile number etc.);
- financial information (payment information such as credit/debit card or direct debit details and the registered name and address of the cardholder and/or account holder).
- Data we collect automatically
When you visit the Website, we may collect any or all of the following technical data:
- Device Identifiers (the internet protocol address used to connect your device to the internet, your log-in information, browser type and version, regional settings, operating system and platform);
- data about your use of our Website (the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), products you viewed or searched for, time spent on certain pages or screens, interaction data (such as scrolling, clicks, and mouse-overs).
- Data we collect from your test samples
When you return a test kit and provide biological samples these samples will be used (by a third party laboratory) to measure levels of various chemicals according to the test(s) you have ordered. The results are then used to provide you with a bespoke report as part of the services you have asked us to supply.
When the laboratory has provided the test results it is possible that the biological samples may be retained and stored by the laboratory. Paragraph 8.2 explains how you can request that your biological samples be destroyed.
3.1. What cookies are and why we use them
Cookies are small data files which we may place on your device, if you permit this, to allow us to recognise you and tailor the Website to your preferences, as further explained below. Cookie settings vary depending on the browser. Your browser’s help menu will describe how to modify your cookie settings. You can choose not to accept any cookies at all, or only to accept certain kinds of cookies. Note that certain cookies e.g. the one we use to keep track of the contents of your shopping bag, are necessary for the Website to work correctly – you will not be able to use certain Website functions without them.
- The cookies we use
The cookies we use will:
- collect statistics about website traffic;
- improve the website’s look and feel;
- make your experience smoother by adapting our offers and messages to you personally (language used, display resolution, operating system etc.);
- keep track of the information you enter on forms and about products or services which you have shown an interest in.
- HOW WE USE YOUR PERSONAL DATA
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you e.g. to fulfil any orders you place through the Website or over the phone;
- perform the services you have asked us to provide;
- comply with a legal duty;
- protect your vital interests;
- remember your preferences e.g. if you ask not to receive marketing material, we'll keep a record of this, or
- for our own (or a third party's) lawful interests, provided your rights don’t override these.
In any event, we will only use your personal data for the purposes for which it was collected, or purposes which are very similar.
You can withdraw your consent at any time.
5.1 Sending you special offers and other marketing material
From time to time, we may wish to send you details regarding upcoming special offers, new product ranges and other information about Lastinghealth.com which may be of interest to you. Where you have purchased goods from us, we may send you messages about other, similar goods and services which we think you may like.
Alternatively, you can opt-in to receiving this information by ticking the appropriate box when requested. This means you'll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (email, phone, or post).
If you decide that you wish to stop hearing from us, or change how we contact you, you can do so in any of the following ways:
- clicking the appropriate link at the bottom of our e-mails;
- contacting us at email@example.com; or
- writing to us at Maple House, Wood Lane, Paradise Industrial Estate, Hemel Hempstead, Hertfordshire, HP2 4TL.
- HOW WE PROTECT YOUR PERSONAL DATA
6.1 Technical and organisational measures
We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access to, use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receives data protection training and we have a set of data protection procedures which personnel are required to follow when handling personal data.
Of course, we cannot absolutely guarantee the security of the internet or external networks and any online communications (e.g. information provided by email or through our website are at your own risk).
- Account security
You are fully responsible for access to your account. You undertake not to allow unauthorised third parties to use your account for any reason whatsoever. You undertake to contact us as soon as possible should you suspect that an unauthorised person has gained access to your account. We shall not be held liable for any misuse of your account and any resulting consequences for you, your partner, or any third party.
- Payment security
To ensure the security of your card purchases with us, all the data sent by you is encrypted. This means that data is communicated via a secure connection and it cannot be easily read by a third party. For card purchases, we work with an authorised payment provider (Lloyds Bank Cardnet) which allows us to verify, directly with your bank, whether your card is valid for purchases. Our payment provider processes your card data in accordance with the PCI DSS international security standard. This means that your card details are processed with a very high level of security.
- WHO CAN ACCESS YOUR PERSONAL DATA
We will not communicate, sell or transfer your personal data to third parties without obtaining your prior written consent, except where we are required to do so by law.
If you have opted-in to receiving marketing messages from us, we may contact you with information about our partners, or third party products and services, but these communications will always come from us and are usually incorporated into our own marketing materials (e.g. advertisements in magazines or newsletters).
We may share personal data with subcontractors or suppliers who provide us with services. For example, if you order something from us, your name and address will be shared with the delivery company. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure.
- STORAGE OF PERSONAL DATA
8.1. Where it is stored
We only store data within the European Economic Area (EEA). If our trusted service providers transfer any of it outside of the EEA we will take steps to make sure adequate levels of privacy protection, in line with UK Data Protection legislation, are in place.
- How long it is stored for
The data we collect will be stored and kept for as long as your account remains active. If you delete your account with us, the data it contains will be removed without undue delay. We continually review the personal data we hold and delete what is no longer required. We never store payment card data.
If you require the destruction and/or deletion of any data (including biological samples) held by us please contact us on firstname.lastname@example.org and we shall ensure that this is deleted and/or destroyed within 30 days.
- YOUR RIGHTS
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request) within one month of our receiving your request;
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to see any personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
If you would like further information on your rights or wish to exercise them, please write to us at email@example.com or Maple House, Wood Lane, Paradise Industrial Estate, Hemel Hempstead, Hertfordshire, HP2 4TL.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk