General Data Protection Policy
Including Special Category Data
This policy details the obligations of Alyve Wellness Limited regarding data protection and your rights under current EU Regulations “ General Data Protection Regulations .” ( GDPR ) in conjunction with your use of the services we supply
Your data will be processed, lawfully, fairly and transparently and only collected for specific, explicit and legitimate purposes and not processed further for any incompatible purposes other than the original purpose for collection.
In this Privacy notice, “ Personal data ” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as names, a identification number such as a National Insurance number, location data or an online identifier such as an IP address.
Personal data also refers to one or more factors specific to the physiological, genetic, mental economic, cultural or social identity of an individual.
“Special Category Data” (SCD) will also be collected from which we can determine from the data collected through testing (including feed back);
Alyve Wellness offer services, such as finger prick blood tests and bespoke vitamins and we may need to request details in respect of your health :-
Under Art 9 of the General Data Protection Regulations, this data is deemed to be Special
Category Data and we require explicit agreement to the collection of data in resect of your health and you are deemed to give your consent to its collection -
Definition of the data collected -
Any question we may need to ask you abut your health in order to supply you with the services we offer.
Our GDPR policy explains how and what we use this personal data for.
For the performance of our professional services; We provide services to individuals ( our clients ) .
The data we collect depends upon the services provided to you, and we only process personal data and Special Category Data for the purpose for which it was collected.
The purposes for which we process data and the legal basis for doing so
*for the performance of any contract we enter in to with you or pre-contract due diligence enquires should no contract subsequently be entered in to
* for either our or your legitimate interest
* in respect of any legal obligation we are subject to
* where you have provided your consent for us to do so
* where necessary to do so
Visitors to the Aurora Application - We also collect personal data about you when you visit our application.
Information which you provide to us voluntarily - for example when completing and online form to contact us. Or when agreeing to subscribe to a news letter or when registering with us to receive our services. Such voluntary information may be in the form of;
* Job title and role
* Contact information such as mobile number, email address and other telephone numbers.
* Demographic information, such as industry, post code any preferences and interests
* Any other relevant information to enable us to offer and supply our services to you
Any information which you provide on this basis which may be sensitive, this does not include the Special Category Data, is not collected or processed intentionally. Such information is provided by you on a voluntary basis and you acknowledge and agree that such information may be processed by us.
If you register on our app or, or instruct us in respect of our professional services your personal data is collected and stored in our storage facility within our computer system and any data held on individuals who have not been engaged or ceased to be engaged by us is deleted after a period of 18 months or sooner if required by law.
If you opt out of any of our services your basic data will remain on our opt out list.
Cookies - Data which is automatically collected when you visit our site through Cookies - When you visit our app we automatically collect certain personal data from your device, if you allow us.
Through our web site, In allowing Cookies ( which are small files ) they will transfer this small file to your computer hard drive through your web browser. This enables the site ( or our service provider ) to recognise your browser and capture and remember certain information. Such data is;
* IP address
* Unique device identifier number
* Device type
* Browser type
* Geographical location eg country or city location
* and other technical information
We collect this information to improve the services supplied to you and it enables us to better understand the visitors to our site.
The purposes for which we collect and/or process your personal data as a visitor to our site;-
* To assist in administering and managing our site.
* For site security for example to authenticate your identity and to prevent unauthorised access to the site.
* To more personalise your visits to our site, so we may enhance your experience.
* To analyse visitor data so as to enhance our marketing and other communications.
* To understand which feature of the site visitors use.
* To assist us in monitoring and enforcing all relevant regulations and applicable compliance.
* To assist us in continual risk management assessment.
* Any other purposes for which you provide us with your information including the ‘Special Category Data’.
Legal Grounds for processing personal data of visitors to the site;-
* For the effective and lawful operation of our business.
* To improve and develop our site to enhance visitor experience.
* Any matter for which we have been given your explicit consent.
If you would like to know more about cookies please go to www.allaboutcookies.org
Other purposes we may collect personal data from you can be; -
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
Performance of a contract with you
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this application (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)
We may also collect data when;
Recruitment - personal data may be collected directly from a job applicant, or indirectly via a recruitment agency when you or they correspond with us by telephone, email or online .
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyse the use of our Service. The details of which we have provided above ( see Special Category Data )
We take all appropriate security and legal precautions to safeguard the safety and integrity of all of your personal data that is collected and used within the company. Your personal data will only be accessed by persons within the company who have a legitimate need to do so.
Access to the confidential data we collect is limited and we have policies and procedures in place to safeguard your information from loss, miss use and improper disclosure.
All of our employees are subject to a company privacy and confidentiality policy which ensures that they are contracted to understand your confidentiality requirements and will work to the best of their ability inline with this policy.
5 Your Rights and our Complaints Procedure
You have the following rights in relation to your personal data;-
* You may access the data we hold about you
* If you note that you data is incorrect or incomplete you have the right to have that data corrected.
* You may opt out of any of the services provided, but please note some services we may be unable to provide should you do so.
* You may request that we delete your personal data ( this subject to any legal requirement we may have to retain such data ).
* You may request a copy of your personal data held, this may take up to thirty ( 30 ) days.
* You have the right to withdraw your consent to the use of any of your personal data for which you have previously given your consent to the use of.
* You have the right to complain to the Data Protection Authority, such a complaint should be directed to the authority in your country or a relevant court of competent jurisdiction. We do however have a complaints procedure which we will deal with any complaints you may have, any such complaint should be directed to our Data Protection officer firstname.lastname@example.org.Who will acknowledge your complaint and ensure it is investigated honestly and fairly and inform you how it will be handled.
If you have any other queries or wish to exercise any of your rights in respect of your personal data please contact our Data Protection officer on email@example.com.
You may also complain directly to https://ico.org.uk/
We will disclose your personal information to the following;-
* As described in clause 2 of this policy
* If required by law
* If we believe disclosure is appropriate to enforce any of our terms and conditions, to protect and defend our rights, property or safety.
* In compliance of any court order, proceeding or under any other legal obligation, regulatory or government requirement where we are specifically directed to do so.
* With your consent.
We are obliged under current laws and jurisdiction to report suspicious transactions and any other such activity to the relevant regulatory authorities under Anti Money Laundering, terrorist financing, or related legislation. We will also report any suspected criminal activity to the relevant law enforcement body. In some circumstances we may not be permitted to inform you about this in advance of any disclosure, or at all.
Third Party Recipients of Personal Data include;-
* Professional Advisors such as law firms, tax advisors or auditor all of whom are subject to privacy and confidentiality laws and regulations.
* Regulatory and other such bodies.
* Providers of identity verification services.
* The Courts, police and other relevant law enforcement agencies
* Relevant Government departments and agencies.
* Our Service Providers.
We retain your personal information only as long as it is needed by us see clause 2., thereafter we only retain any information as long as it is required under the regulatory requirements we are subject to.
To ensure we meet our legal liabilities we may retain some information for a significant time. Examples of the reason for this could be, to protect, defend or exercise our legal rights rights or for archiving and historical purposes.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If there is a security breach, or a suspected security breach we will inform you of the breach or suspected breach immediately it is known to us and report it to the appropriate regulatory body.
Once such a breach is discovered will will use all reasonable business measures to correct the breach and prevent any further breaches and recover or delete any lost in formation.
Under certain circumstances, you have rights under data protection laws ( General Data Protection Regulations ) in relation to your personal data. Specifically, you have the right to:
If you wish to exercise any of the rights set out above, please contact us.
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. We ask that you update us with any changes to your personal information.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Recruitment - personal data may be collected directly from a job applicant, or indirectly via a recruitment agency when you or they correspond with us by telephone, email or online.
If you are a supplier, subcontractor or an individual associated with them we will collect and process personal data. We process personal data only for the purpose for which they are collected. See clause 2.
Your personal data may be transferred to and stored outside of the country where you are located. This includes countries outside of the European Economic Area (EEA) and countries that do not have laws that provide specific protections for personal information.
Where we collect your personal data within the EEA, transfer outside the EEA will only be where we are able to ensure a similar level of protection for your personal information.
At least one of the following safeguards will be implemented;-
* we will only transfer your personal data to countries that have been deemed, by the European Commission, to provide an adequate level of protection for personal data.
* where we will use specific service providers, we may also use certain contracts approved by the European Commission which give the same protection to personal data as is provided in Europe.
* Providers used in the United States will use the Privacy Shield policy this ensures that they use the same protection for personal data as in Europe
If your personal data is going to be transferred and stored outside of the country and none of these safeguards are available we may request your permission and explicit consent to the transfer.
You have the right to with draw your consent at any time.
Children’s online privacy protection - The Company is in compliance with the requirements of COPPA ( Children's Online Privacy Protection Act ) The Company do not collect any information from any person under the age of 18 years old. The Aurora Application , its products and services are directed at people who are over the age of 18.
Because the Company value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We will therefore not distribute your personal information without your consent.
We will, from time to time, make changes to this policy. This may be to ensure that we continue to be in line with the legal requirements and any regulatory changes made in law. We may also change our practices to better serve our and your needs. We will revise the, “last updated’” date at the top of this notice and will, if such changes are material, post a prominent notice of the changes on the website.
We request that you read this policy from time to time and keep your personal information up to date at all times.
Last updated 08/05/20
What are cookies
Cookies are small files which transfer to your browser when you visit our website or use our online services. A cookie file is stored in your web browser and it allows us to recognise you and enhance your visit each time.
A “cookie" is technology that allows our website to store tokens of information (an 'identifier') in your browser used only by our site while you are on our site. Cookies are not used to determine the personal identity of anyone who is merely visiting our site.
They serve to help us track traffic patterns to determine a user’s preferred location on the site
Cookies have other uses as well. For example, they are used to provide entry for subscribers or users who have chosen any automatic log-on feature which may be available during registration.
On certain pages of our site, cookies are used to help us track your interests while you browse the internet, so we can tailor more relevant advertising to you and to understand what is important to you
How do I disable cookies?
If you do not want to receive a cookie from our site, you have the option of setting your browser to notify you when you receive a cookie, so that you may determine whether to accept it or not. However, please be aware that if you do turn off cookies in your browser, you will not be able to fully experience some of our website facilities. For example, you will not be able to benefit from any automatic log-on facility we may have.
What cookies do we use ?
The cookies used by our website perform the functions, as classified below:
Some cookies we use are essential to the functioning of our site. For example, remembering any log-in details, if used, to log-on to our website.
Some cookies help us with the performance and design of our website. This allows us to measure how many times a page has been visited, whether a page has been visited on our website through an advertisement or by other means.
Some cookies help us to remember your settings which you may have selected, or assist with other functionality when you browse and use our website. This helps us to remember what you have selected, so on your return visit we remember your preferences.
These cookies collect information relating to the origin of your visit, where you were exposed to advertising, what advertising feature you saw, whether you arrived directly or indirectly to our site, the device you used to visit our website and which downloads you performed. This information is collected on an anonymous basis via third party suppliers.
In addition, we also utilise cookies on certain pages of our site to communicate with third party data suppliers in order to extrapolate your digital behaviour. This helps us to understand and target more relevant advertising in the future. The information we receive is all aggregate and anonymous, but will include statistics such as demographics, online behaviour, product interests and lifestyle. Targeting and tracking cookies are provided via trusted third party suppliers. Should you require more information regarding our suppliers and how these cookies operate please contact us.
By navigating on our site, you agree that we can place cookies on your computer or device. If you prefer not to receive cookies, then you should no longer use our site or provide us with your preferences by contacting us at firstname.lastname@example.org.