This Policy is between you, the user of this website, and Care Wellness Ltd, its owner and supplier. This Policy governs our use of any and all Data acquired in connection with your use of the Web Site and any Services or Systems provided therein.

Important information

Our website is not meant for minors, and we do not knowingly gather data about children. This Privacy Policy supplements the other policies (including our Terms of Service) and is not intended to replace them. Care Wellness Ltd is the controller and responsible for your personal information (we, us, or our). To help you understand this Privacy Policy, Part 5 of Schedule 1 includes a glossary of words, examples of personal data we collect, how we use it, the lawful basis for processing, and your rights.
We have appointed a Data Privacy Manager (DPM). If you have any queries regarding our Privacy Policy or wish to exercise your legal rights, please contact our DPM in writing. Send an email to: info@carewellnessltd.co.uk Postal address: Care Wellness Ltd, Unit A, 82 James Carter Road, Mildenhall, United Kingdom. IP28 7DE You have the right to file a complaint with the Information Commissioner’s Office (ico.org.uk). We would appreciate the opportunity to address your issues before approaching the ICO. Please contact us first.
It is critical that the information we have on you is accurate and up to date; thus, please notify us of any changes to your personal information. Our website may contain hyperlinks to third-party websites, plug-ins, and applications. Clicking on these links or enabling connections may allow third parties to collect and share your personal data. We have no control over third-party websites, plug-ins, or applications and are not responsible for their privacy policies. Please read their privacy policies to understand the personal data they collect and how it is used.

We collect data about you.

We may collect, use, retain, and transfer the personal data about you described in Part 1 of Schedule We also gather, analyse, and exchange aggregated data. However, if we combine aggregated data with your personal data in such a way that it can be used to directly or indirectly identify you, we consider it your personal data. We do not collect any particular types of personal data, including information about criminal convictions and offences.
If we are compelled by law or under the terms of a contract with you to collect your personal data and you fail to submit it, we may be unable to complete the contract with you and may be forced to terminate a product or service. We will notify you of this at the appropriate time.

How is personal data collected?We collect personal information in the following ways:

Direct interactions -you may supply personal data when you complete online forms, request products/services, subscribe to our services, register a user account, or otherwise engage with us (by post, phone, or email). We acquire personal data (technical and use) automatically when you view or interact with our website via cookies, server logs, and other similar technologies. We may also acquire technical information about you when you visit other websites that employ our cookies. We may obtain personal data from publicly available sources, including Companies House, the Electoral Register, and credit reference organisations located within the EU. Third parties
We may obtain personal data from third parties, including analytics companies situated outside the EU (e.g. Google), payment providers, shipping services, website support vendors, and maintenance providers.

How We Use Your Personal Data

We will only use your personal information if the law allows it. We will typically use your personal information to fulfil the contract we have with you.
To fulfil a legal requirement, or when our legitimate interests (or those of a third party) trump your basic rights.
Part 2 of Schedule 1 outlines the legal basis on which we shall process your personal data.
We normally only use consent as a legal basis for processing your personal data to send email and SMS marketing communications, and you can withdraw your consent at any time by contacting us. Please keep in mind that depending on the exact purpose for which we are using your personal data, we may treat it under more than one lawful basis.
We will obtain your express opt-in consent before sharing your personal information with any third parties for marketing reasons. We may share your personal information with third parties (e.g. Lifestyle Supplements LLP) for marketing purposes.
To opt out of email marketing, use the unsubscribe button within the marketing email. You may remove your permission to marketing at any time by emailing our DPM.
Even if you opt out of receiving marketing communications, we may still use your personal information for other purposes if we have a legal basis for doing so.
We will only use your personal information for the purpose for which it was acquired, unless we reasonably believe that we need to use it for another reason that is compatible with the original purpose.
If we need to use your personal data for an unconnected purpose, we will tell you and explain the legal basis for doing so.
We may treat your personal information (without your knowledge or agreement) if it is needed or permitted by law.

Disclosure of Your Personal Data

We may need to disclose your personal information with third parties, as detailed in Part 4 of Schedule 1. We require that all third parties maintain the security of your personal data and treat it in line with the law. We do not allow third-party service providers to use your personal information for their own reasons. They may only process your personal information for specific reasons and in compliance with our instructions.

International transfers

We share your personal information with the [Lifestyle Supplements LLP India] Group. Your data will be
transferred outside of the European Economic Area (EEA).
When we transfer your personal data outside of the EEA, we ensure that it receives a comparable level
of protection by implementing at least one of the precautions listed below:
We will only transmit your personal data to countries where the European Commission has determined
that a sufficient level of personal data protection exists.
We use particular contracts certified by the European Commission that guarantee personal data the
same protection as it has in Europe with our service providers.

Data Security

We have implemented necessary security measures to prevent your personal information from being
mistakenly lost, used or accessed in an unauthorised manner, altered, or disclosed. We also restrict
access to your personal data to employees, agents, contractors, and other third parties who have a
business need to know. They can only process your personal data under our instructions and are bound
by a duty of secrecy.
We have protocols in place to handle any suspected personal data breach, and we will notify you and
any applicable regulator of a breach if we are legally compelled to.

Data retention

We will only keep your personal information for as long as necessary to accomplish the reasons for
which we collected it, including to meet any legal, accounting, or reporting requirements.
Details on retention periods for various components of your personal data are available in our retention
policy, which you can obtain from us. However, we are legally required to keep basic information about
our customers (including contact, identity, financial, and transaction data) for six years after they no
longer use our services for tax purposes.
We may also anonymise your personal information (so that it can no longer be linked to you) for research
or statistical purposes. We may use anonymised information indefinitely without further notice to you.

Your Legal Rights

Data protection law grants you specific rights in certain instances. These are fully detailed in Part 3 of
Schedule 1. If you would like to exercise any of your rights, please contact our DPM.
You will not be charged a price to exercise any of your rights. However, if your request is plainly
baseless, repetitive, or unreasonable, we may charge a reasonable price for the information or refuse to
comply.
When you contact us, we may ask for certain details to validate your identity. This is a security step to
ensure that personal information is not disclosed to anybody who does not have permission to receive it.
Types of Personal Data
Contact information includes billing address, delivery address, email, and phone number.
Financial information, including bank account and payment card details
Identity data includes first and maiden names, surnames, usernames, marital status, title, date of birth,
and gender.

Marketing and communication data include your preferences for getting marketing from us and our third-
party partners, as well as your communication preferences.

Profile dataYour login and password, any purchases or orders you make, preferences, feedback, and
survey responses.
technical data: internet protocol (IP) address, your login data, browser type and version, time zone
setting and location, browser plug-in types and versions, operating system and platform, and other
technologies on the devices you use to access our website.
Transaction data includes payment information and product/service purchase details.

Lawful basis and processing operations

The lawful basis on which we can rely to treat your personal data are:
You have given your explicit approval for us to process your personal data for particular purposes.
Contract processing is required for us to fulfil our contractual obligations with you, or if you have
requested specific steps before entering into a contract. Legal obligations may also require processing.
Legitimate interests: Processing is necessary for our or a third party’s legitimate interests, such as
providing the best service to you through our website. Before we treat your personal data on this basis,
we make sure we examine and balance any potential impact on you. We will not use your personal data
on this basis if such impact outweighs our interest.
Specific details about the processing activities we carry out with your personal data, as well as the lawful
basis for doing so, are provided below.

Purpose/Activity Type data Lawful foundation for processing.

We will register you as a new customer and provide your identity and contact information to fulfil our
contract with you.
To process and fulfil your order, manage payments, fees, and charges, and manage debt collection, we
may use your identification, contact, financial, transaction, and marketing information: (i) to fulfil our
contract with you, and (ii) for our legitimate interest in recovering debts.
We use your information to manage our relationship, notify you of changes to our Terms and Privacy
Policy, and request feedback. We also use it to perform our contract with you, comply with legal
obligations, and analyse customer usage.
We use your information to administer and protect our business and website, including troubleshooting,
data analysis, testing, system maintenance, support, reporting, and data hosting. We use your identity,
contact information, and technical information for legitimate business purposes, IT services, network
security, fraud prevention, and group restructuring. We also use it to comply with legal obligations.
We use your information to provide relevant website content/advertisements, measure advertising
effectiveness, and study customer usage for product/service development, business growth, and
marketing strategies.

We will use data analytics to enhance our website, products/services, marketing, customer relationships,
and experiences. This will help us define customer types, keep our website up to date, grow our
business, and inform our marketing strategy.
We may use your information, including identification, contact, technical, usage, and profile, to advise
and recommend items or services that may be of interest to you, including promotional offers. This is
important for us to build and grow our business.

Your Legal Rights

You have the following legal rights regarding your personal data:
You have the right to access and copy your personal data, as well as ensure that it is being processed
lawfully.
Erasure we can delete or remove your personal data if: (a) there is no valid reason for continuing to
process it; (b) you have exercised your right to object (see below); (c) we have processed your
information unlawfully; or (d) we are required to comply with local law.
(e) We may not always be able to comply with your request for specific legal reasons, which will be
communicated to you at the time of the request.
You have the right to object to the processing of your personal data when it is based on legitimate
interests (or those of a third party) and if it violates your fundamental rights and freedoms. You can also
object to processing for direct marketing purposes.
(c) in some cases, we may demonstrate that we have compelling legitimate grounds to process your
information that override your rights and freedoms; in such circumstances, we can continue to handle
your persona data for such purposes.
You have the right to object to the processing of your personal data if it is based on our legitimate
interests or those of a third party, and if it affects your fundamental rights and freedoms, or if it is for
direct marketing purposes.
(c) in some cases, we may demonstrate that we have compelling legitimate grounds to process your
information that override your rights and freedoms, and, in such cases, we can continue to process your
persona data for such purposes.
request a transfer you can request a transfer of your personal data which is held in an automated manner
and which you provided your consent for us to process such personal data or which we need to process
to perform our contact with you, to you or a third party. We will provide your personal data in a structured,
commonly used, machine-readable format
You can withdraw your consent to process your personal data at any time. However, this does not impact
the lawfulness of any previous processing.

Third parties

Service providers situated in the EEA and throughout the world offer sales, marketing, and IT/system
administration services.
professional advisors acting as processors or joint controllers including lawyers, bankers, auditors and
insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting
services
HM Revenue & Customs, regulators, and other bodies based in the EEA must report on processing
activity in specific circumstances.
If we sell, transfer, or merge parts of our business or assets, or if we acquire or merge with another
business, the new owners may use your personal data in accordance with this Privacy Policy.

Glossary

Aggregated data refers to statistical or demographic information that can be obtained from personal data
but does not identify individuals.
controller a body that determines the purposes and means of processing personal data
The term “data subject” refers to a living human identified by personal data, typically you.

personal data information identifying a data subject from that data alone or with other data we may hold
but it does not include anonymised or aggregated data
processor a body that is responsible for processing personal data on behalf of a controller
Special categories of personal data include race, ethnicity, political viewpoints, religious beliefs, trade
union membership, health, genetics, biometrics, sex, and sexual orientation.
The Information Commissioner’s Office is the UK’s supervisory authority for data protection problems.

Changes to This Policy

Care Wellness Ltd reserves the right to update this Privacy Policy as deemed appropriate from time to time or as required by legislation. Any changes will be immediately posted on the Web Site, and you will be deemed to have accepted the terms of the Policy upon your first use of the Web Site following the changes.

Cookies

Care Wellness Ltd may store and access cookies on your computer. Schedule 2 contains information
about first-party cookies that may be placed on your computer, as well as third-party cookies. [All
Cookies used on the Web Site are in conformity with the provisions of the Privacy and Electronic
Communications (EC Directive) Regulations 2003, as modified by the Privacy and Electronic
Communications (EC Directive) (Amendment) Regulations 2011.] Care Wellness Ltd carefully selected
these Cookies, which are used to assist certain services and features of the Website. [We also employ
cookies for analytical purposes. These Cookies monitor your movements and actions on the Web Site
and are intended to help us better understand our users, allowing us to enhance the Web Site and our
services.]
Before the Web Site places Cookies on your computer, you will be presented with a Pop-up requesting
your permission. [None of the Cookies set by the Web Site violate your privacy in any way, and no
personal information is gathered.] By agreeing to the use of our Cookies, you are allowing us to offer you
with the best possible experience and service through our Website. If you refuse to consent to the
placement of Cookies, some parts of the Web Site may not perform properly or as intended.]
Certain elements of the Web Site rely on Cookies to function and are legally considered strictly
necessary. These cookies are detailed in the schedule
You will not be asked for your approval to place these Cookies however you may still disable cookies via
your web browser’s settings, as set out in sub-Clause 11.4.
You can enable or disable cookies in your web browser. By default, your browser accepts Cookies;
however, this can be changed. For further information, please consult your browser’s help menu.
Disabling Cookies may prevent you from accessing the full range of Services accessible on the Website.
You can delete Cookies at any time, but you may lose any information that allows you to use the Web
Site faster.
[The Web Site uses the third-party Cookies listed in Schedule 3 for the purposes specified therein. These
Cookies are not necessary for the Web Site to offer you with its services and can be disabled at your
discretion through your internet browser’s privacy settings or by responding to the request for consent
outlined in sub-Clause 11.2.
It is recommended that you ensure that your internet browser is up-to-date and that you consult the help
and guidance provided by the developer of your browser if you are unsure as to how to adjust your
privacy settings.

First-Party Cookies Provider – WordPress

WordPress_[hash] stores authentication data during login. The authentication information includes the username and a double hashed copy of the password. However, this cookie usage is confined to the admin panel section, which is the website’s backend dashboard.
wordpress_logged_in_[hash] Used to indicate when you are logged in, and who you are. This cookie is maintained on the front-end of the website as well when logged in.
wp-settings-{time}-[UID]Used to customise the appearance of your admin interface and the website’s front-end. The value represented by [UID] is the user’s unique user ID as specified in the users’ database table.

Strictly Necessary Cookies: WooCommerce

Woocommerce_cart_hashThis cookie is utilised by Woocommerce and stores the end user’s cart
information.
wp_woocommerce_session_[hash]This cookie is utilised by Woocommerce and stores the end user’s
login information.
woocommerce_items_in_cartThis cookie is utilised by Woocommerce and stores the end user’s cart
information.

Cookies from third-party providers require GDPR consent.

viewed_cookie_policyGDPR Cookie Consent Checks if the user has provided consent to use cookies.
Cookie Law Info: Checkbox Required GDPR Cookie ConsentSave user preferences for this category.
cookielawinfo-checkbox-non-necessaryGDPR Cookie ConsentSave the user’s preferences for this
category.

Data Protection Notice

Care Wellness Ltd gathers, processes, and retains the information and personal data you provide on our website in order to complete a contract. All processing activities must be carried out in compliance with your individual rights as outlined in the European Union’s General Data Protection Regulation. Please keep in mind that by entering information about yourself on our website, you acknowledge that Care Wellness Ltd may process and store the information. This data will be maintained for the length of the previously stated purpose for collection. We never store or process your data for longer than necessary, and we never use it for anything other than the purposes you have agreed to. The information you provide on our website will never be shared or transferred to a third party entity. The following partners are exempt from this policy since they support Care Wellness Ltd in processing your personal data and providing services: Lifestyle Supplements LLP. You have the right to request that Care Wellness Ltd update your personal information at any time. You can also request information about your personal data, revoke your consent for us to process it, or request that we transfer or delete it.