This policy was last updated on July 30, 2018
This policy outlines the way in which we manage any personal data obtained through http://bodybio.co.uk (the “Website”) or otherwise provided by or about individuals (“you”, “your”) in the course of you purchasing or enquiring about products through the Website or signing up to our newsletter (our “Services”). It explains:
- what personal data we collect about you in the course of your engagement with our services, why we collect it, who it goes to and how long we keep it
- how we use your personal data
- how we protect your personal data
- your legal rights in respect of your personal data, including how to access and update the information we hold about you.
You can navigate to the relevant sections of the policy by clicking the links below:
- About us
- What information do we collect about you?
- Why do we collect your personal information and on what grounds?
- Marketing communications
- Who do we share your information with?
- Will my data be sent abroad?
- How long do you keep my personal data?
- Your rights in respect of your personal data
- Third party links on the Website
- Changes to this policy
- Contact us
By continuing to use the Website and our Services, you agree to our use of your personal data on the terms outlined in this policy.
For the purposes of applicable data protection laws, BodyBio Limited, a company incorporated in England and Wales with its registered address at Eldo House Kempson Way, Bury St Edmunds, Suffolk IP32 7AR (“BodyBio”, “we”, “us” or “our”) is the controller of your data. This means that we are the primary entity who decides the purposes and means for dealing with your personal data.
What information do we collect about you?
When you access or receive our Services, we may collect a variety of personal information about you, including:
Personal information we collect directly from you
- Information required to subscribe to our newsletter, i.e. name, email and type of customer;
- Information required to sign up for a customer account, i.e. name, address, email, phone number, fax number, company, country of residence and billing address;
- Information required to sign up for a professional healthcare practitioner account, i.e. name, qualification details, company name, contact details, personal information contained on your license or degree;
- Information required to purchase items through our Website, i.e. name, contact details, billing information, payment information, any other information you provide in your order comments at checkout;
- Personal information provided to us if you contact us or make an enquiry, such as your contact details in our records of that correspondence or submitting an online contact request form (covering your name, company, email and phone number);
- Personal information provided to us if you choose to complete any surveys or questionnaires for us, enter a competition or promotion of ours or participate in forums, discussion boards or other social media functions on our Website;
- Personal information if you post or transmit information via the Website to other users, e.g. a guest contributor to our news articles or YouTube videos; and
- Records of which products you are interested in and which products you purchase from our Website.
Information received from other sources
- Any relevant personal information that you may have submitted to our third party service providers in the course of them providing the Services on our behalf, including for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers.
We will let you know at the point of collecting your information whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If the latter and you do not wish to provide us with this information, this may limit the services we are able to provide you.
If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected.
Why do we collect your personal information and on what grounds?
We will only use your personal data if we have a permitted lawful basis to do so. Generally we collect your personal data because is it necessary for:
- performing our contract for the Services with you;
- the pursuit of our legitimate interests (as set out below); or
- complying with our legal obligations.
We may also rely on your consent to use your personal data for:
- keeping you informed of the latest BodyBio updates, products and offers through our newsletter (see “Marketing Communications” below);
- administering competitions or promotions;
- Using your profile or images in promotional materials (e.g. if you are contributing to a newsletter article or featured in one of our YouTube videos)
You have the right to withdraw your consent to these activities at any time, which will mean (unless another lawful basis applies to your data) that we will cease to process the affected data after consent is withdrawn. However, please note this may result in us being unable to provide you with certain features of the Website and/or Services.
The primary purpose for which we collect information about you is to provide you with Services you have requested from us (i.e. to perform our contract with you). We also collect information about you for the following purposes:
To perform our contract with you
- For selling and supplying products to you through our Website;
- To open and run your customer or practitioner account;
- To provide you with information, products or services that you request from us; or
- For handling customer contacts, queries, complaints or disputes.
For our legitimate interests
- For market research and analytical purposes, e.g. to improve our understanding of customer trends and profiles;
- For improving existing services and developing new products and services;
- For promoting, marketing and advertising our services;
- Protecting BodyBio and our customers by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to BodyBio;
- To effectively handle any legal claims or regulatory enforcement actions taken against BodyBio;
- To generally run the Website and for internal operations, in order to provide you with an up to date, efficient and reliable Service;
- Making important communications about your accounts and orders; or
- Maintaining our customer database.
To comply with our legal obligations
- To help prevent fraudulent activity, including on your account (for example, if we collect your card details we will check these details with credit agencies and reserve the right to refuse to make available the Website and/or our Services if, for example, the card details provided are reported to be fraudulent or credit agencies report the activities as being fraudulent);
- To monitor and record telephone calls for training purposes and to improve the Service to you;
- To comply with our legal and regulatory obligations (including under applicable data protection laws);
- For preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies; or
- To fulfil our duties to our customers, colleagues and other stakeholders.
Where you have opted into marketing communications from us, you agree that we may use your information to contact you by email or post (e.g. about tailored offers, events, competitions, items or related activities that you may find useful, as well as other similar products and services offered by us or any of our related entities from time to time). We do not sell, trade or rent your personal information to any third parties.
You can withdraw your consent to receiving these marketing communications at any time by updating your communication preferences in your customer account portal or clicking the "unsubscribe" option in any marketing communications you get from us.
Who do we share your information with?
We may also share your information with the following third parties:
- Our suppliers and contractors where necessary to provide the Services, including Shopify (our e-commerce website provider), Paypal and APS Merchant Services (our payment processing providers), and our other providers of data hosting, marketing , IT and software services;
- BodyBio Inc (our US headquarters) and other companies within our group as may be required from time to time;
- The public, if you have consented to being featured in our promotional materials;
- Any potential or actual third party buyer of our business and/or assets in the event that we sell, trade or licence ownership of any part of the AES business or assets (including management of the Website); or
- Third parties we may be required to disclose such personal data to in order to comply with our legal obligations or enforce our legal rights, e.g. any relevant authority or enforcement body and fraud protection and credit risk reduction agencies.
Will my data be sent abroad?
Yes. Although our Website services only UK customers, our parent company and main data servers are based in the US, and any personal data you submit to us will be processed there.
This means your personal data may be transferred outside of the European Economic Area to a jurisdiction with differing standards of privacy regulations. Where this is the case and we are responsible for making such transfer, we will ensure that these are made subject to appropriate safeguards as required by applicable data protection laws, to ensure that a similar degree of protection is afforded to your personal data. These will include the use of recipients certified under the Privacy Shield regime and/or EU Commission approved standard contractual clauses. You can obtain further information about the safeguards in place for your international transfers of personal data by contacting us.
How long do you keep my personal data?
You can manually delete your customer account by contacting us, or delete any stored contact or payment information stored on your account by logging into your customer account on the Website. Otherwise, we keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements. Please note that such legal requirements may oblige us to keep certain personal data after deletion of these details from your account. As a general rule, we will keep your customer account information for 6 years from the date of your last order with us.
To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.
Your rights in respect of your personal data
In certain circumstances you have rights under data protection laws in relation to the personal data we hold about you. You can request to:
- access information held about you.
- rectify any incorrect or incomplete data we hold about you. It is both in our interest and yours that any personal information we hold about you is accurate, complete and current. If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected or update these details yourself by logging into your customer account on the Website.
- delete, restrict or remove the data we hold about you.
- transfer the data we hold about you to another party.
- object to any further processing of your data.
You can make all such requests via email@example.com to
Eldo House Kempson Way
Bury St Edmunds
Suffolk, IP32 7AR
We will endeavour to respond to your requests within one month and free of charge. Please note that in respect of all these rights, we reserve the right to:
- refuse your request based on the exemptions set out in the applicable data protection laws
- request for proof of your ID to process the request or request further information
- charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests.
If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision.
If you have any concerns about how we handle your data, please contact us in the first instance. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with our regulator, the UK Information Commissioner’s Office (www.ico.org).
Security of your data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. When you place orders or access your personal information, we offer the use of a secure server. All sensitive/credit information you supply is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our databases to be only accessed as stated above. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Third party links on the Website
Our site may, from time to time, contain links to and from the websites of our group companies, service providers, partners, sponsors, social media pages and affiliates. If you follow a link to any of these websites, please note that websites have their own privacy policies and that we are not in control of, and do not accept any responsibility or liability for these policies or any third party website linked to the Website. Please check these policies before you submit any personal information through these websites.
Changes to this policy