Our Privacy Notice explains the way in which we collect, use, maintain, protect and disclose the personal information of the users of our website and all the products and services offered by Business Vitamins (UK) Ltd.
1.1 Who we are
Registered office address:
Handy Cross Farm, High Wycombe, HP10 9QD.
Company number: 09226874
If you have any questions about this privacy notice, including any requests to exercise your rights, please contact the DPC using the details set out below.
Data Protection Controller: Tom Crooke
Email address: data dot controller at onbio dot co dot uk
- Changes to the privacy notice and your duty to inform us of changes
This version was last updated on 17 May 2018. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
2.1 Which data do we collect?
Personal data is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, share and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data includes first name, last name, username or similar identifier, title, date of birth and social media account identifiers.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
- Aggregated Data includes statistical or demographic data for any purpose. It may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3.1 How do we collect your personal data?
We will only use the data captured for specific purposes in relation to the provision of services from OnBio, whether that’s as part of the Contact Us follow up process (legitimate interest) or as part of the provision of that service (under provision of a contract). We may also use your information to keep you up to date with relevant services and useful updates from OnBio (legitimate interest). At all times recipients will be given the option to opt-out of communications and removed if requested.
We use different methods to collect data from and about you including:
- Direct interactions. You may give us your Identity and Contact Data by filling in forms (including web forms) or by corresponding with us by post, phone, email or otherwise.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below
- Technical Data from the following parties:
(a) analytics providers such as Google based outside the EU;
(b) search information providers such as Google, Yahoo or Firefox based inside or outside the EU.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside the UK.
- Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
- Technical Data from the following parties:
4.1 How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Where we need to comply with a legal or regulatory obligation.
- Where you have given your consent to us to process your personal data.
- Information you provide on our site may be transferred to our CRM platform. In this case your information may be processed outside of the European Economic Area (EEA).
5.1 Grounds for Processing
We are processing the information you provide under the legal grounds of legitimate interest, we will use the information provided for legitimate business purposes such as contacting you in response to an enquiry submitted through our website. We have carried out a legitimate interest assessment on the data we collect to support this decision.
You have rights over the information that OnBio has collected from you, these include the following:
Right to be informed
We provide ‘fair processing information’ through our privacy notice.
Right of access
We will confirm that we process your data, and to provide access to any personal information we hold about you.
Right of rectification
If any data we hold about you is incomplete or inaccurate we will correct the information we hold.
Right to be forgotten
Where there is no compelling reason for the continued processing of your information we will erase the data we hold about you.
Right to restrict processing
We will stop processing or block your data on request. We may hold enough information to ensure that we can respect this restriction in the future. e.g. We may hold your email address on a list to prevent it being processed in the future.
Right to data portability
In certain circumstances you may request your data in a commonly used and machine-readable form.
Right to object
You may object to us processing your data, unless the processing is for the establishment, exercise or defence of legal claims.
6.1 Data retention – how long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you can ask us to delete your data: see Right to be Forgotten above for further information.
Complaints or queries
Business Vitamins strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
You may also complain to the supervisory authority in the UK, the ICO. You can read more about your individual rights on the Information Commissioner’s Office website.