Privacy Policy

This privacy policy applies between you, the User of this Website, and NUTRITANK COMMUNITY INTEREST COMPANY the owner and provider of this Website. We take the privacy and security of your information very seriously. We work hard to comply with GDPR and we will immediately rectify any mistakes that we may make. If we do make a mistake we sincerely apologise.  This privacy policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website.

Please read this privacy policy carefully.

Definitions and interpretation

In this privacy policy, the following definitions are used:

NUTRITANK CIC or us	NUTRITANK COMMUNITY INTEREST COMPANY, a company incorporated in England and Wales with registered number Company number 11728669 whose registered office is at …. NUTRITANK COMMUNITY INTEREST COMPANY  is registered with the Information Commissioner’s Office (ICO) – Reference  XXXXXXXX For purposes of GDPR, is the “data controller” is Dr Iain Broadley
Data	collectively all information that you submit to NUTRITANK COMMUNITY INTEREST COMPANY via the Website. This definition incorporates, where applicable, the definitions provided in the new General Data Protection Regulation (GDPR).
Website	the website that you are currently using, NUTRITANK COMMUNITY INTEREST COMPANY, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
User or you	any third party that accesses the Website and is not either (i) employed by NUTRITANK  COMMUNITY INTEREST COMPANY and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to  NUTRITANK COMMUNITY INTEREST COMPANY and accessing the Website in connection with the provision of such services.
GDPR	The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU.
Cookies	a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause titled Cookies.
UK and EU Cookie Law	the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
“including”	is understood to mean “including without limitation”.

1. Introduction and scope

This privacy policy applies only to the actions of NUTRITANK COMMUNITY INTEREST COMPANY and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including but not limited to, any links we may provide to social media websites.

2. Data collected

Subject to the interaction we might collect the following Data, which includes personal Data, from you including:

• Identity Data: Title, First name, and Last name (surname).
• Professional data: Job title, Country you work in, Place of work (for attending specific online events, courses, webinars, conferences), and Medical Licence number (for CME/CPD)
• Contact Data: Email address, billing address, delivery address, and telephone number.
• Transaction Data: Any purchases and payments made to us.
• Technical Data: Login data, browser type, time zone setting, and location, etc.
• Profile Data: Username and password for this website (and subsites), your interests (medical specialities/topics), preferences, feedback, and survey responses.
• Usage Data: How you use our website, services, and products.
• Marketing and Communications Data: Your marketing and communication preferences from us and our third parties.

Sensitive Data

We do not collect any sensitive data about you (date of birth, national insurance number, passport details,  family, ethnicity, religious beliefs, sexual orientation, health, genetics, criminal offences etc)

4. How we collect data

We collect data using various methods, including:

Direct Interaction: When you fill in any forms on our websites or when you communicate with us via email, post, phone, or social media and also:

• Order our products and services.
• Attend an online event (webinar, conferences, and courses)
• Connect with us on social media.
• Create an account with us.
• Subscribe to our publications.
• Request information to be sent to you.
• Take part in a survey or provide us with feedback.
• Leave a comment on our website.

Automated technologies and interactions: Whilst you use our website, we may automatically collect Technical Data through cookies, server logs, and similar technology.

Google Analytics

We use Google Analytics in order to improve our website and services. In this instance, Google is the Data Processor and Dr Iain Broadley is the Data Controller.

You can opt-out of being tracked by Google Analytics.

To opt-out of being tracked by Google Analytics across ALL websites, visit http://tools.google.com/dlpage/gaoptout.

5. Our use of Data

We will only use your personal data when legally permitted to do so, including:

• Perform a contract of services.
• Provide you with a free or paid product/service that you ordered.
• Connecting with you on social media such as LinkedIn where your email address forms part of your contact data.
• Give you access to any course, webinar, conference, forum or any online resource centre that we have on our website and any sub-domains.
• Internal record keeping for legal and regulatory obligation (Tax etc)
• We will retain any Data you submit for 12 months (unless we are legally required to hold it for longer, i.e. for tax purposes.)

All personal Data is stored securely in accordance with GDPR. For more details on security see the clause titled Security.

6. Marketing Communications

You can unsubscribe at any time by emailing UNSUBSCRIBE  or contact our Data Protection Officer at…..

7. E-Newsletters

All of our e-newsletters are handled by SendInBlue or MailChimp (GDPR compliant and Privacy Shield certified) where you can directly unsubscribe by emailing UNSUBSCRIBE

8. Disclosure of your personal data

We will only disclose your personal data to the following parties located in the UK and the European Economic Area (EEA) for the reasons explained below:

HM Revenues & Customs	If you undertake any financial transactions with us (purchasing products and services) we legally have to record all transactions for tax purposes.
Professional advisers (accountants, bankers, auditors, insurers, legal etc)	Our accountant processes our financial data, and any payments you make to us will be recorded in our banking system. We are insured and legally covered. Any data relevant to claims would need to be legally provided to our professional advisers.
Service Providers (IT and System administration)	We may employ third-party IT companies to manage our website and systems. We will ensure any company that we use is GDPR compliant.

9. Third-party services providers in and outside of the EEA

Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European Law has prohibited transfers of personal data outside of the EEA unless the transfer meets the criteria.

NUTRITANK CIC currently uses the following third-party service providers which are based in and outside of the EEA.

Provider	Why we use them	Location	Link to their Privacy Policy	GDPR/ Privacy Shield
MailChimp (The Rocket Science Group LLC )	E-Newsletter	USA	mailchimp.com/legal/privacy	privacyshield.gov
SendInBlue	E-Newsletter	France (In EEA)	https://www.sendinblue.com/legal/privacypolicy/	GDPR Policy
Google Analytics	Improve the website	USA	https://policies.google.com/privacy
logmeininc.com GoToWebinar, GoToMeeting, and GoToTraining	Webinars, Conferences, Courses, and CME/CPD videos.	USA	https://www.logmeininc.com/gdpr/resource-center	https://www.logmeininc.com/gdpr/resource-center
Zoho Forms	All forms: Event registration, Feedback, Surveys, etc	Netherlands	https://www.zoho.com/privacy.html	https://www.zoho.com/gdpr.html
Zoho Desk	Customer Services helpdesk and online chat	Netherlands	https://www.zoho.com/privacy.html	https://www.zoho.com/gdpr.html
WooCommerce	WordPress Plugin for our online store to sell products and service	USA	https://woocommerce.com/privacy%20policy/	https://woocommerce.com/gdpr/
Stripe	Process Payments	UK	https://stripe.com/gb/privacy	https://stripe.com/privacy-shield-policy

Any Data used by such parties is used only to the extent required by them to perform the services that we request. Any use for other purposes is strictly prohibited.

11. Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Before our Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies.

By giving your consent to the placing of Cookies, you are enabling NUTRITANK COMMUNITY INTEREST COMPANY to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

How to change your Cookie setting

Please note that most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

• • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Microsoft Internet Explorer
  • Opera
  • Apple Safari

Our website currently uses the following Cookies:

Type	Cookie Name	Reason	Duration
Pixel	q.stripe.com	This cookie is necessary for making credit card transactions on the website. The service is provided by Strip e.com which allow s online transactions without storing any credit card information.	Session
HTTP	__cfduid	Used by the content network, Cloudflare, to identify trusted web traffic.	29 days
HTTP	__stripe_mid	This cookie is necessary for making credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing any credit card information	1 Year
HTTP	__stripe_sid	This cookie is necessary for making credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing any credit card information	1 Day
HTTP	_zcsr_tmp   (Zoho Forms)	This cookie is necessary for the login function on the website.	1 Day
HTTP	JSESSIONID   (Zoho Forms)	Preserves users states across page	1 Day
HTTP	m.stripe.com	Determines the device used to access the website. This allow s the website to be formatted accordingly.	2 Years
HTML	rc::a (Google)	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	Persistent
HTML	rc::b (Google)	This cookie is used to distinguish between humans and bots.	Session
HTML	wc_cart_hash_# (Woocommerce)	Purchase products/services	Persistent
HTML	wc_fragments_# (Woocommerce)	Purchase products/services	Session
HTTP	Zfccn (Zoho Forms)	Ensures visitor brow sing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.	Session
HTTP	_ga   (Google)	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 Years
HTTP	_gat	Used by Google Analytics to throttle request	1 Day
HTTP	_gid (Google)	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 Day
HTTP	NID (Google)	Registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads.	6 months

 

• • 12. Accessing your own Data / Subject Access Request

You have the right to ask for a copy of any of your personal Data held by NUTRITANK COMMUNITY INTEREST COMPANY (where such Data is held) by contacting the DPO

• • 13. Your right to be forgotten (Erasure Request)

You have the right to have all of your personal data (with the exception of data that is required for legal reasons i.e. financial transactions) removed from all of our systems by contacting the DPO

• • 14. Links to other websites

We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.

• • 15. Security

Data security is of great importance to NUTRITANK COMMUNITY INTEREST COMPANY and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.

Our website uses a Multi-level firewall, Proven anti-virus and detection of intrusion attempts, Encrypted data transmission using SSL.

If password access is required for certain parts of the Website, you are responsible for keeping this password confidential.

We endeavour to do our best to protect your personal Data. However, transmission of information over the internet is not entirely secure and is done at your own risk. We cannot ensure the security of your Data transmitted to the Website.

• • 16. Breach Notification

If there is a data breach, we will report it to you within 72 hours, unless the breach is considered harmless and poses no risk to individual data.

• • 17. General

You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

• • 18. Changes of business ownership and control

NUTRITANK COMMUNITY INTEREST COMPANY may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of NUTRITANK COMMUNITY INTEREST COMPANY. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

We may also disclose Data to a prospective purchaser of our business or any part of it.

In the above instances, we will take steps with the aim of ensuring your privacy is protected.

• • 19. Changes to this privacy policy

NUTRITANK COMMUNITY INTEREST COMPANY reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations.