DATA PROTECTION – PRIVACY NOTICE
Nutrition Bites is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This Privacy Notice sets out the types of personal data that Nutrition Bites “we” collect and process about our suppliers, clients, and customers, “you”. There is a separate policy for employees, workers, and contractors.
Data Protection Principles
We will comply with the data protection principles set out in the GDPR. This means that your personal data will be;
- processed fairly, lawfully and transparently;
- collected and processed only for specified, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- accurate and kept up to date;
- not kept for longer than is necessary for the purposes for which it is processed, and;
- processed securely.
The Personal Data We Collect and Use
Personal data means data that relates to a living person who can be identified from that data on its own or when taken together with other information which is likely to come in to our possession. It does not include anonymised data or data about an organisation rather than an individual.
In the course of us supplying services to you or you supplying services to us, we may collect the following information:
- names, addresses, job titles, contact telephone numbers, email addresses, and other similar contact detail;
- credentials: passwords, password hints and similar security information used for authentication and account access;
- demographic data: such as your age, gender, country, and preferred language;
- payment and account history: data about the items you purchase and activities associated with your account;
- data to process payments, such as your payment instrument number (such as a credit card number) and the security code associated with your payment instrument;
- subscription data: information about your subscriptions and other entitlements;
- data about the web pages you visit;
- feedback and ratings: information you provide to us and the content of messages you send to us, such as feedback, survey data, and reviews you write;
- professional accreditations and references;
How We Use Your Personal Data
The collection and processing of this data are required in order to perform a contract, to provide or supply a service, or, for the purposes of our legitimate interests or those of a third party, but only if these are not overridden by your interests.
We seek to ensure that our collection and processing of personal data is always proportionate. We will notify you of any material changes to the personal data that we collect or to the purposes for which we collect and process it.
Where we are required to collect personal data by law or in order to perform the terms of a contract between us, if you do not provide us with the data when we request it we may not be able to perform the contract; for example, to deliver a service.
We will be using the email addresses to notify you about new content or new functionality available on the site.
Sharing Your Personal Data
We may share your personal data with other organisations, contractors or agents in order to provide a service to you, to perform a contract, to answer questions from insurers or in relation to any litigation. We will ensure that any organisation with whom we share your personal data is compliant with the requirements of GDPR.
Protecting Your Data
We have appropriate security measures in place to prevent personal data from being lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business reason to do so and have been trained in the principles of GDPR.
We also have processes in place to deal with any suspected data security breach. We will notify you and the appropriate regulator in the event of any suspected data security breach where we are legally required to do so.
How Long Will Your Personal Data Be Kept?
In accordance with the GDPR, we will only keep your personal data for as long as necessary. This will be for as long as we continue to provide services to you or you provide services to us and for a reasonable period afterwards as required for accounting purposes and to respond to any post-contract issues.
The law on data protection gives you certain rights in relation to the data that we hold on you. These are:
- the right to be informed. This means that we must tell you how we use your data and this is the purpose of this Privacy Notice;
- the right of access to your personal data by way of a subject access request. This should be made in writing. We will respond within one month unless the request is complex or numerous in which case we can extend the deadline for a response by a further two months;
- the right to have inaccuracies in your personal data corrected;
- the right to have personal data deleted, where we are not entitled in law to process it or it is no longer necessary to process it for the purposes it was collected;
- the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh ours;
- the right to apply for the use of your personal data to be restricted while you are contesting the lawfulness of our processing;
- the right to receive a copy of your personal data and to transfer it;
- the right not to be subjected to automated decision making, with some exceptions. We do not currently take automated decisions using your personal data. We will inform you if we do in the future.
If you wish to exercise any of these rights above, you should contact firstname.lastname@example.org. We may require proof of your identity.
How to Complain
If you believe that your data protection rights have been breached, you can complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found at www.ico.org.uk