Curate

Facebook Twitter Youtube
Free shipping on all orders over £20

Privacy Policy

Effective Date: 01/11/2023

1. Introduction

1.1. Welcome to Curate Health (“us,” “we,” or “our”). We value your privacy and are deeply committed to protecting and respecting your personal information. This Privacy Policy (“the Policy”) provides essential details on who we are and how and why we collect, store, use, and share your personal data. Additionally, it outlines your rights concerning your personal data and offers guidance on how to reach us or regulatory authorities in case of any concerns.

1.2. Our data processing activities are in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 (“the Regulation”). For matters relating to data processing, Curate Health is the ‘data controller,’ meaning we are responsible for managing and controlling the processing of your personal data.

2. Key Terms

2.1. To ensure clarity, let’s begin by defining some essential terms used throughout this policy:

    • We, us, our Refers to TheCurateGroup, trading as (www.curatehealth.co.uk).
    • Our Data Protection Officer: Mr. Andrew Welford
    • Personal Data: Any information related to an identified or identifiable individual.
    • Special Category : Personal Data
      Self-reported data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership.
    • Genetic and Biometric Data: Data regarding health, sex life, or sexual orientation.
3. Personal Data We May Collect

3.1. We may collect and use the following types of personal information:

    • Your name and contact details, including your address, email address, telephone number, and company information.
    • Information necessary for identity verification, such as your date of birth.
    • Medical records obtained from your “health profile.”
    • Gender information.
    • Genotype data derived from DNA sample analysis.
    • Biomarker data acquired from blood sample analysis.
    • Location data, including postal code and address details.
    • Billing information, transaction history, and payment card information.
    • Contact history, purchase history, and saved items.
    • Information needed for credit or other financial checks.
    • Usage data regarding your interactions with our website.
    • Responses to surveys, competitions, and promotions.

3.2. When using specific sections of our website, you may be required to register by providing personal information, including ‘sensitive personal data’ as defined by the Regulation. For instance, we collect this data when you register, complete online questionnaires, submit feedback, contact us, subscribe to a service, or purchase goods or services from us.

3.3. Should you voluntarily provide sensitive personal information through the online medical questionnaire, you are giving your consent for us to process this data for the purpose of medical assessment and treatment. This information is crucial to offer products and services effectively. Failure to provide requested personal information may limit our ability to provide products and services.

3.4. We may employ cookies and similar tracking technologies to monitor your use of our website. For instance, we may gather data on your visit frequency, pages visited, traffic data, location data, and the domain name of your internet service provider. While some of this information may be aggregated or statistical, ensuring your anonymity, it helps us understand user behavior better. For more on our use of cookies, please refer to our Cookie Policy.

3.5. Occasionally, we may receive information from external sources (e.g., credit reference agencies) to enhance the data we already have on you. This additional data may help us personalize our services to you.

4. How and Why We Use Your Personal Information

4.1. We can only process your personal information when there is a legitimate reason. Our justifications include:

    • Compliance with legal and regulatory obligations.
    • Fulfilling our contractual obligations with you or taking pre-contractual steps at your request.
    • Medical diagnosis and healthcare provision.
    • Pursuing our legitimate interests or those of a third party.
    • Processing based on your consent.

4.2. The following table explains the purposes for which we process your personal information and the legal basis for doing so:

| Purpose | Legal Basis |

| Providing treatment, billing, and order fulfillment to our customers | Medical diagnosis, healthcare, contractual performance, legal obligations |
| Identifying our customers and their accounts | Contractual performance, legal obligations |
| Notifying customers of website or service changes | Legitimate interests, legal obligations |
| Fraud prevention | Legitimate interests, legal obligations |
| Customer identity verification | Legal obligations |
| Security screening and compliance with financial sanctions | Legal obligations |
| Performing necessary checks | Legal obligations |
| Sharing information required by regulatory bodies | Legal obligations |
| Ensuring business policy adherence | Legitimate interests |
| Operational purposes, administration, efficiency improvement, and quality control | Legitimate interests |
| Safeguarding confidential information | Legitimate interests, legal obligations |
| Statistical and behavioral analysis, and research | Legitimate interests |
| Customer profiling and personalizing website content | Legitimate interests |
| Preventing unauthorized access and system modifications | Legitimate interests, legal obligations |
| Updating and enhancing customer records | Contractual performance, legal obligations |
| Performing statutory returns | Legal obligations |
| Maintaining safe working practices and staff administration | Legitimate interests, legal obligations |
| Marketing services to customers | Legitimate interests |
| Credit reference checks | Legitimate interests |
| External audits and quality checks | Legitimate interests, legal obligations |
| Providing promotional communications | Consent, legitimate interests |
| Sharing personal information with associated companies, business partners, service providers, and regulatory bodies | Consent, contractual performance, legitimate interests, legal obligations |
| Transferring personal information outside the EEA | Consent, legal obligations |

5. Promotional Communications

5.1. We may use your personal data to send you updates about our services, including exclusive offers, promotions, or new services, via email, text message, telephone, or post. We have a legitimate interest in processing your personal data for promotional purposes, and we typically don’t require your consent for these communications.

5.2. We will always handle your personal data with the utmost respect and refrain from sharing it with other organizations for marketing purposes. If you wish to opt out of receiving promotional communications, you can do so by contacting us, using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts, or updating your marketing preferences in your secure Privacy settings in your online user portal.

5.3. If we require your consent for future data processing, we will seek it separately and clearly.

6. Data Sharing

6.1. We may share your personal information with the following parties:

    • Associated companies and business partners.
    • Third-party providers who assist in delivering our products and services, such as payment service providers, warehouses, and delivery companies.
    • Third parties who help us run our business, including marketing agencies and website hosts.
    • Third parties authorized by you, such as social media sites you link your account to or third-party payment providers.
    • Law enforcement agencies for the prevention of unlawful activity.
    • Credit reference agencies.
    • Our insurers and brokers.
    • Our banks.
    • Regulatory bodies.

6.2. We ensure that our service providers implement appropriate measures to protect your personal data and only allow them to use your personal information to provide services to us and you. We may also share your information with external auditors to meet audit and regulatory requirements.

6.3. We may disclose information as required to comply with legal and regulatory obligations, and under certain circumstances, we may share personal data with potential buyers of our business or during a re-structuring. Any shared information is subject to confidentiality obligations.

7. Where Your Personal Data is Held

7.1. Your information may be stored at our offices, as well as the offices of associated companies, third-party agencies, service providers, representatives, and agents. Some third parties may be located outside the European Economic Area (EEA).

7.2. We ensure that your personal data is safeguarded when transferred to countries outside the EEA, applying appropriate security measures to protect your information.

8. Data Retention

8.1. We retain your personal data while you have an account with us or while we provide products and services to you. Afterward, we keep your personal information for as long as necessary:

    • To respond to questions, complaints, or claims made by you or on your behalf.
    • To demonstrate that we treated you fairly.
    • To maintain records as required by law.

8.2. We will not retain your personal information for longer than required for the purposes outlined in this policy. Various retention periods apply to different types of personal information. Once it is no longer necessary, we will delete or anonymize your data.

9. Data Security

9.1. We have implemented appropriate security measures to prevent the loss, misuse, or unlawful access to your personal data. Access to your data is restricted to those who genuinely require it for authorized purposes. Our systems undergo regular testing.

9.2. Procedures are in place to address potential data security breaches, and we are committed to notifying you and relevant regulators in case of a suspected data security breach when required by law.

9.3. While we make all reasonable efforts to secure your personal data, we recognize that internet usage is not entirely risk-free. We cannot guarantee the security or integrity of data transferred via the internet.

9.4. If you need guidance on safeguarding your information and devices against online threats, consult [www.getsafeonline.org](www.getsafeonline.org). This resource offers in-depth information on protecting your information and digital assets from fraud, identity theft, viruses, and other online issues.

10. Monitoring

10.1. We may monitor and record communications, such as phone conversations and emails, for training, quality assurance, fraud prevention, and compliance purposes.

11. Credit Checking

11.1. To make credit decisions and prevent fraud and money laundering, we may search the files of credit reference and fraud prevention agencies, with records of these searches. We may also share your account-related information with these agencies.

12. Information About Other Individuals

12.1. If you provide information about someone else, you confirm that the individual has authorized you to act on their behalf. They have also agreed that you can:

    • Receive data protection notices on their behalf.
    • Provide consent for the transfer of their personal data abroad.
    • Provide consent for the processing of their personal data.
    • Provide consent for the processing of their sensitive personal data, such as health information.
13. Transferring Your Personal Data Out of the EEA

13.1. Your personal data may be transferred to countries located outside the European Economic Area to fulfill our obligations and deliver our services. These transfers are subject to special rules under European and UK data protection law. We ensure appropriate security measures are in place to protect your personal data.

13.2. Your personal data may be transferred to countries assessed by the European Commission as providing an adequate level of protection for personal information. When your data is transferred to non-EEA countries without similar data protection laws, we use standard data protection contract clauses approved by the European Commission to safeguard your privacy rights and offer remedies in the event of a security breach.

14. Your Rights

14.1. You have several rights concerning your personal information, including:

    • Access: The right to receive a copy of your personal data.
    • Rectification: The right to request corrections to your personal data.
    • Erasure: The right to request the deletion of your personal data under certain circumstances.
    • Restriction of Processing: The right to request restrictions on the processing of your personal data in specific situations.
    • Data Portability: The right to receive your personal data in a structured, machine-readable format or transfer it to a third party in certain cases.
    • Objection: The right to object to the processing of your personal information, e.g., for direct marketing.
    • No Automated Individual Decision-Making: The right to object to decisions solely based on automated processing affecting you significantly.

14.2. For further information about each right and the scenarios in which they apply, please contact us or consult the guidance provided by the UK Information Commissioner’s Office (ICO) regarding individuals’ rights under the General Data Protection Regulation.

14.3. If you wish to exercise your rights, please:

    • Email, call, or write to us or our Data Protection Officer (see ‘How to contact us’).
    • Provide enough information to identify you.
    • Provide proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill).
    • Specify the incorrect information and the corrections you seek.
    • Specify your objection to specific data processing (if applicable).
    • Confirm the right you wish to exercise and the relevant information.
15. Changes to this Privacy Policy

15.1. This Privacy Policy was last updated on 19/10/2023.

15.2. We may make changes to this policy from time to time, and we encourage you to check it periodically to stay informed of the most recent version applicable each time you access our website.

16. How to Contact Us

16.1. We appreciate your feedback and questions. If you have inquiries about this Privacy Policy or the information we hold about you, please contact us or our Data Protection Officer through post, email, or telephone using the following details:

Registered Office Address: Century House, Wargrave Road, Henley-On-Thames, Oxfordshire, United Kingdom, RG9 2LT

Contact Email Address: info@curatehealth.co.uk

Contact Telephone Number: 0161 503 3731

17. How to Complain

17.1. We hope we or our Data Protection Officer can address any concerns or queries you may have regarding our use of your information.

17.2. If you wish to lodge a complaint, the General Data Protection Regulation grants you the right to do so with a supervisory authority, particularly in the European Union (or European Economic Area) state where you work, live, or where any alleged infringement of data protection laws occurred. In the UK, you can contact the Information Commissioner through (https://ico.org.uk/concerns) or by telephone at 0303 123 1113.

NEED HELP?

Feel free to submit an enquiry via the form and we will get back to you as soon as possible.

Contact us

What are you looking for?