Privacy and Cookies Policy
and tell you about your privacy rights and how the law protects you.
Details of how to contact us if you have any questions about privacy or data protection can be found in the Contact Details section, below.
We must have a lawful basis to process your personal data, and this policy explains what our lawful basis is in respect of each purpose for which we keep and use information about you. Generally, we are allowed to process your personal data where it is necessary in connection with a contract between us (such as a contract to supply our products or services), where it is necessary in order for us to comply with our legal obligations, or where we have a legitimate interest to do so (but we will always consider whether your right to privacy overrides our interest).
Please note that links from our website may take you to external websites which are not covered by this policy. We recommend that you check their privacy policies before submitting any personal information to such sites. We will not be responsible for the content, function or information collection policies of these external websites.
What information do we collect?
We may collect information from you when you register on the site, place an order, enter a contest or sweepstakes, respond to a survey or communication such as an email, or participate in another site feature.
When ordering or registering, we may ask you for your name, email address, mailing address, telephone number, credit card information or other information. You may, however, visit our site anonymously. We do not store credit card details, nor do we share customer details with any 3rd parties.
We may also collect information about gift recipients, so that we can fulfil the gift purchase. Any information we collect about gift recipients is not used for marketing purposes.
Like many websites, we use “cookies” to enhance your experience and gather information about visitors and visits to our websites. Please refer to the “Do we use ‘cookies’?” section below for information about cookies and how we use them.
How do we use your information?
We may use the information we collect from you when you register, purchase products, enter a contest or promotion, respond to a survey or marketing communication, surf the website or use certain other site features in the following ways:
- To personalise your site experience and to allow us to deliver the type of content and product offerings in which you are most interested.
- To allow us to better service you in responding to your customer service requests.
- To quickly process your transactions.
- To administer a contest, promotion, survey or another site feature.
- If you have opted-in to receive our email newsletter or have purchased a product from us, we may send you periodic emails. If you would no longer like to receive promotional emails from us, please refer to the “How can you opt-out, remove or modify information you have provided to us?” section below.
What are the data protection rules?
- We must process personal data fairly, lawfully and transparently. This obligation includes that we must have a valid legal basis for our processing of personal data (whether the consent of the person, or that the processing is necessary for our legitimate interests (as long as these interests do not outweigh the rights of data subjects) or some other legal basis set out under the DPAs or (when applicable) the GDPR). It also means that we must be transparent with individuals about our processing of their personal data.
- We can only collect personal data for specified, identified and legitimate purposes.
- We can only then process the personal data that we have collected for the purposes which we have identified or for purposes that are compatible with the purposes that we have identified.
- The personal data that we collect and process must be adequate, relevant and limited to what is necessary for the purposes.
- The personal data that we collect and process must be accurate and (where necessary) kept up to-date.
- We must not keep personal data any longer than is necessary, bearing the purpose for which we collected it. This includes that we should keep personal data in a form which permits identification of the data subject for no longer than is necessary.
- We must keep personal data safe and secure from unauthorised access, deletion, disclosure or other unauthorised uses. This includes not just keeping data safe and secure from persons outside our organisation, but also from people within our organisation who have no need to access or use the personal data. We must also be careful when transferring personal data outside the European Economic Area (“EEA”, being the EU plus Norway, Liechtenstein and Iceland), and make sure that we have a valid legal basis on which to transfer that data. Transfer can include using a cloud server that is located outside the EU or allowing people who are located outside the EEA access to personal data that is stored within the EEA.
- We must comply with data subjects’ rights of information about, and (separately) access to, their personal data and with their other data protection rights, including rights to correct or erase their personal data, rights “to be forgotten”, rights to object to processing (including profiling), rights against automated decision-making and (under the GDPR) rights to data portability.
How do we protect visitor information?
- We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
- We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself. In addition, we have appropriate written agreements in place with all of our data processors.
- We maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
- Confidentialitymeans that only people who are authorised to use the data can access it.
- Integritymeans that personal data should be accurate and suitable for the purpose for which it is processed.
- Availabilitymeans that authorised users should be able to access the data if they need it for authorised purposes.
- We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The Healthy Tree Ltd uses third party vendors and hosting partners to provide the necessary hardware, software networking, storage, and related technology required to run. The data you provide to us is protected using modern encryption, intrusion prevention, and account access techniques.
- When we transfer your personal data out of the EEA, we ensure an adequate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use, providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
- Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Do we use “cookies”?
We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf, except to help us conduct and improve our business.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (e.g. Internet Explorer) settings. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you won’t have access to many features that make your site experience more efficient and some of our services may not function properly. However, you can still place orders over the telephone by contacting customer service.
Furthermore, we will make no attempt to identify individual visitors, or to associate the technical details listed above with any individual. We will only use the technical information for statistical and other administrative purposes. You should note that technical details, which we cannot associate with any identifiable individual, are not “personal data” within the meaning of the GDPR.
Do we disclose the information we collect to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice, except as described below. The term “outside parties” does not include The Healthy Tree Ltd. It also does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We need to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the data protection rules, and that we have in fact complied with the rules. We do this, among other ways, by our written policies and procedures, by building data protection compliance into our systems and business rules, by internally monitoring our data protection compliance and keeping it under review, and by taking action if our employees or contractors fail to follow the rules. We also have certain obligations in relation to keeping records about our data processing.
- We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. At the point at which you provide us with your personal data you will be asked whether you wish to receive any marketing communications from u
- We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
- We will not share your personal data with any third party for marketing purposes.
How can you opt-out, remove or modify information you have provided to us?
In accordance with applicable law, you may;
- request access to any personal data we hold about you;
- request that it be updated, rectified, deleted or blocked;
- request that we delete personal data we hold about you;
- request that we restrict our processing of your personal data;
- request that we provide you or a third party with a copy of certain personal data about you (that is referred to as the right of “data portability”). You can also object to any of our uses of your personal data described in this policy, including our marketing activities.
To modify your email subscriptions, please let us know by modifying your preferences in the “My Account” section. Please note that due to email production schedules, you may receive any emails already in production.
To delete all of your online account information from our database, sign into the “My Account” section of our site and remove your shipping addresses, billing addresses and payment information. Please note that we may maintain information about an individual sales transaction in order to service that transaction and for record-keeping purposes.
Third party links
In an attempt to provide you with increased value, we may include third party links on our site. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work).
Changes to our policy
Online policy only
Terms and Conditions
Please also visit our Terms & Conditions section, which establishes the use, disclaimers and limitations of liability governing the use of our website.
Any questions about privacy or data protection please contact:
Telephone: +44 (0) 1582658300
The Healthy Tree Ltd
63 Wardown Crescent
Luton- LU2 7JT- UK