We understand that your privacy is important and we are committed to respecting your privacy in how we handle any personal data that you might provide through Our Site. Our relationship with you is valuable and we understand the importance you place on having your personal data handled securely. Please read the following policy to understand our practices and the rights you have regarding your personal data. Your use of the site indicates your acceptance of the terms of this Privacy and Cookies Policy.
1. Who Are We?
We are Longevity Inc. Ltd, a company incorporated in Scotland (company number SC490834) and having our registered office at 168 Bath Street, Glasgow G2 4TP. We are trading as MyOptimalWellbeing (“We/Us/Our”)
We own and operate www.myoptimalwellbeing.com (“Site”)
We confirm that we are the data controller in respect of any personal data that you might share with us while you are using our site.
Our Data Protection Lead is Dianne Murray and can be contacted by email at firstname.lastname@example.org, or by writing to Longevity Inc Ltd, 168 Bath St, Glasgow, G2 4TP.
2. What Does This Policy Cover?
3. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details. It also covers online identifiers, such as your IP address and location data that might be collected through Our Site. It also covers information about your medical history, known as Special Category Data.
The personal data that we collect and use is set out in Part 5.
4. What Are Your Rights?
Under the GDPR, you have the following rights, which we will always work to uphold. You can contact Our Data Protection Lead at any time using the contact details above to find out more how we use your data in line with these rights:
- The right to access the personal data We hold about you. Part 10 will tell you how to do this.
- The right to have your personal data changed if any of the data held by Us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of the personal data that we have.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to Us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling.
Further information about your rights can be obtained from the Information Commissioner’s Office.
If you have cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
5. What Personal Data Do We Collect and Why?
Throughout our site, there are a number of different ways in which you are able to interact with us. In doing so, you will be required to provide us with personal information.
It is not necessary to create an account if you wish to browse our site. If you wish to create an account with us, you will be asked to enter your email address. By entering your email address, you are consenting to us sending you a confirmation message about your new account which will contain a generated password for you to access your account.
If you would like to use your account to purchase products from our site, it is necessary for you to enter additional information:
- Full name
- Shipping address
- Billing address
- Contact telephone number
We collect and process this data on the basis that it is necessary for us to do so in order to perform our obligations under the contract between you and us.
It is possible for you to interact with our blog posts by leaving comments. In doing so, you are consenting to the processing of any personal data you might share in these comments. This includes any data relating to you medical history or condition which is classified as Special Category Data under the GDPR.
While you are using the site, we may also collect online identifier information from your computer including your internet protocol (IP) address and other location data. We have the right to process this data on the basis that it is within our legitimate business interests for us to do so.
You are entitled at any time to request that your personal data not be used for a specific purpose.
We will not use any of the data provided in Part 5 to send you messages marketing any offers on our products to you.
If you would like to receive special offers and information about our products, you can sign up to receive these promotions.
By signing up to our promotions and newsletters, you are consenting that we use your personal information to send you direct marketing messages. You will be able to unsubscribe from these messages at any time, by clicking the “unsubscribe” link in the email, or by contacting our Data Protection Lead using the contact details above.
7. How Long Will We Retain Your Data?
Any personal data which you provide attributed to your account will be retained for no longer than 24 months [two years] from the last date on which you logged in to our site, unless it is still necessary for us to hold that data to fulfil any obligations that are outstanding between the parties.
Should you cancel your account, any personal data that you have provided attributed to your cancelled account will be retained for no longer than 12 months [one year] from the date on which you cancel your account, unless it is still necessary for us to hold that data to fulfil any obligations that are outstanding between the parties.
This retention period does not limit your right to request that we delete, remove, or return any of your personal data that we hold, in accordance with your rights under the GDPR, listed in Clause 4. For more information about your right to be forgotten in relation to data that We hold, please contact Us using the details above.
8. Do We Share Your Personal Data?
From time to time it may be necessary for us to share some of your personal data with a third party in order to fulfil the purposes set out in Part 5. These parties include:
- Service providers based in the UK who provide IT and system administration services
- Companies and organisations who conduct fraud prevention and credit risk reduction services
- Our third party marketing partners
We are entitled to share data with them as it is within our legitimate business interest to do so.
- Service providers based in the UK, EU, and the USA who provide payment processing systems
- Third part product suppliers i.e. Specialist blood test providers
- Third party courier services who will ship products to you
We are entitled to share data with these parties as it is necessary for the fulfilment of the contract between us and you.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations as described in Part 9 below.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
9. How and Where Do We Store Your Personal Data?
Your personal data is stored on a non-public facing server, encrypted by 256bit SSL security technology and uses 2-way encrypted data transfer. This server undergoes monthly security penetration testing to ensure it is not vulnerable to attack.
Although it does not form part of our data practice at the moment, We may in the future store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR as follows.
It is within our legitimate interests to perform such transfers.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.
10. How Can You Access Your Personal Data?
If you want to know what personal data We have about you, you can ask us for details of that personal data and for a copy of it (where such personal data is held). This is known as a Subject Access Request.
All subject access requests should be made in writing addressed to our Data Protection Lead using the contact information above.
There is not usually a charge for such requests. If your request is “manifestly unfounded or excessive” (for example, if you make repetitive requests) a fee may be charged to cover the administrative costs of responding.
We aim to respond to your request within one month. If we are unable to do this, you will be kept informed of our progress after one month of your request.
Our site includes links to third party websites. You should take care to read and understand the privacy policies of these third party sites.
We shall not be held responsible for any unauthorised data processing that occurs through a website which was linked from our site.
12. Automated Decision Making and Profiling
We may take the personal data which you provide to us and use this to personalise your experience on the site. We may direct you to products or services that We think you will like based on your past site or order history.
We will only do this if we have obtained your express consent for us to use your data in this way.
If you decide that you would not like your data to be used in this manner, you can still use the site but the content that you see may not be as relevant to you.
13.2 By using our site, you may also receive certain third party cookies on your computer or device. Third party cookies are those placed by websites, services, and/or parties other than us. Third party cookies are used on our site to facilitate and improve your experience of our site and to provide and improve our services. For more details, please refer to Clause 13.5 below.
13.3 All cookies used by and on our site are used in accordance with current cookie Law. We may use some or all of the following types of cookie:
13.1.1 Strictly Necessary Cookies
A cookie falls into this category if it is essential to the operation of our site, supporting functions such as logging in, your shopping basket, and payment transactions.
13.1.2 Analytics Cookies
It is important for us to understand how you use our site, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information, helping us to improve our site and your experience of it.
13.1.3 Functionality Cookies
Functionality Cookies enable us to provide additional functions to you on our site such as personalisation and remembering your saved preferences. Some functionality cookies may also be strictly necessary cookies, but not all necessarily fall into that category.
13.1.4 Targeting Cookies
It is important for us to know when and how often you visit our site, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics cookies, this information helps us to better understand you and, in turn, to make our site and advertising more relevant to your interests.
13.1.5 Third Party Cookies
Third Party Cookies are not placed by us; instead, they are placed by third parties that provide services to us and/or to you. Third party Cookies may be used by advertising services to serve up tailored advertising to you on our site, or by third parties providing analytics services to us (these Cookies will work in the same way as analytics Cookies described above).
13.1.6 Persistent Cookies
Any of the above types of cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit our site.
13.1.7 Session Cookies
Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit our site until you close your browser. Session Cookies are deleted when you close your browser.
13.4 Cookies on our site are not permanent and will expire [after ].
13.5 We use the following cookies on Our Site
- INSERT COOKIES
13.6 Before Cookies are placed on your computer or device, you will be shown a message popup requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies [unless those Cookies are strictly necessary]; however certain features of Our Site may not function fully or as intended.
This Privacy & Cookie Notice was last updated July 2018