We are committed to protecting your privacy. We implement technical and organizational measures to secure your Personal Information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of your Personal Information.
Our e-commerce platform is Level 1 PCI DSS compliant – you can read more about PCI DSS here: https://www.pcicomplianceguide.org/faq/
Who We Are
Opti-Nutra Limited (based in the UK), collects, uses and is responsible for certain personal information about you.
When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
As some Opti-Nutra affiliates are based outside of the European Economic Area, these affiliates have appointed Opti-Nutra Limited to be their representative within the EEA as necessary. Contact details are available.
Personal Information We Collect
When you visit the Sites, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Sites, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Sites, and information about how you interact with the Sites. We refer to this automatically-collected information as ‘Device Information.’
We collect Device Information using the following technologies:
- ‘Cookies’ are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org
- ‘Log files’ track actions occurring on the Sites, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- ‘Web beacons,’ ‘tags,’ and ‘pixels’ are electronic files used to record information about how you browse the Sites.
Additionally when you make a purchase or attempt to make a purchase through the Sites, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card number or PayPal ID), email address, and phone number. We refer to this information as ‘Order Information.’
This information is mandatory, which means that it will not be possible to purchase a product from the Sites without it.
How Do We Use Your Personal Information?
We use the Order Information that we collect generally to fulfill any orders placed through the Sites (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you. Via our customer service program, in response to reviews, via social media or email.
- Screen our orders for potential risk or fraud.
- Provide you with information or offers relating to our products or services, in line with the preferences you have shared with us.
- Reviewing the functionality and effectiveness of the Sites.
- Analysing trends.
- Collecting reviews and testimonials.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Sites (for example, by generating analytics about how our customers browse and interact with the Sites and to assess the success of our marketing and advertising campaigns).
Sharing Your Personal Information
We share your Personal Information with third parties as Data Processors to help us use your Personal Information.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
- We use Shopify to power our online store — you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy
- We use PayPal to process payments for products ordered from the Sites — you can read more about how PayPal uses your Personal Information here: https://www.paypal.com/en/webapps/mpp/ua/privacy-full
- We also use Amazon Pay to process payments for products ordered from the Sites — you can read more about how Amazon Pay uses your Personal Information here: https://pay.amazon.com/uk/help/201751600
- Please note that we do not record or keep credit card numbers
- We use Google Analytics to help us understand how our customers use the Sites — you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/ You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout
- We use Zendesk to help us Deliver and manage our customer service program — you can read more about how Zendesk uses your Personal Information here: https://www.zendesk.co.uk/company/customers-partners/privacy-policy/
- We use DotDigital to deliver marketing communications we believe may be of benefit to, or interest you. This includes order confirmation details and notices of special offers — you can read more about how DotDigital uses your Personal Information here: https://www.dotdigitalgroup.com/privacy-policy/
- We use Yotpo to collect and publish reviews and testimonials — you can read more about how Yotpo uses your Personal Information here: https://www.yotpo.com/privacy-policy/
- Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Do Not Track
Please note that we do not alter the Sites’ data collection and use practices when we see a Do Not Track signal from your browser.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
If you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Sites), or otherwise to pursue our legitimate business interests. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
We need to process your personal information in order to:
- Perform our contract with you (see Article 6.1.b of the GDPR).
- Comply with our legal obligations (see Article 6.1.c of the GDPR).
- Pursue legitimate business interests of our own related to operating the Sites and providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (see Article 6.1.f of the GDPR).
- Establish, exercise or defend legal claims, where necessary (see Article 9.2.f of the GDPR).
- Operate an online review platform in compliance with, for example, the Unfair Commercial Practices Directive, ICPEN’s guidelines on online reviews and endorsements, The Consumer Protection from Unfair Trading Regulations 2008, The Competition and Markets Authority’s guidance on online reviews and endorsements.
Some of these grounds for processing your personal data overlap, so there may be several reasons which justify us processing your personal information.
In those limited circumstances where you have expressly given your consent to us to process your personal data (see Article 6.1.a of the GDPR), for example, when subscribing to our newsletters, you are free to revoke your consent at any time. However, please be aware that we may have the right to continue to process your information if it can be justified on one of the other legal bases mentioned above.
You have the right to object to how we process your personal information, or ask us to restrict the processing. Please see below for more details.
If you would like more information about our legal basis for processing your personal information, please contact our Data Protection Officer (DPO).
When you place an order through the Sites, we will maintain your Order Information for our records unless and until you ask us to delete this information.
The Sites are not intended for individuals under the age of 18.
We are the Data Controller of the Personal Data you enter to create and maintain your account.
We are also the Data Controller of the information which is disclosed to other services as Data Processors.
You are the Data Controller for content you choose to disclose on the Sites in a review and for the personal data disclosed when you connect your Social Network profile(s) with our profiles.
You can email firstname.lastname@example.org and request information about your personal data.
Upon receiving your request, we will let you know what personal information we have about you and whether that data is portable.
We reserve the right to block access to our sites and delete your Account on the Sites if, in our assessment, we find anything violates applicable laws, third party rights or our User Guidelines, or is inconsistent with the purpose of the Sites.
If we block access to or delete your Account, we will inform you of the reason for blocking or deleting your Account by sending an email to the address you provided when you created your Account.
In addition to the rights set out above concerning your Personal Data, you also have the following rights:
- You also have the right to object to the processing of your personal data and have the processing of your personal data restricted.
- In particular, you have an unconditional right to object to the processing of your personal data for direct marketing purposes.
- If our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing of data carried out before you withdrew your consent. You may withdraw your consent by emailing us at email@example.com
In some circumstances, these rights may be limited or conditional. For example, whether or not you have the right to data portability in a particular case depends on the specific circumstances of the processing activity.
Data Protection Officer
We have a Data Protection Officer (DPO). If you have any questions about the data processing activities performed by us, you are welcome to contact our DPO by email at: firstname.lastname@example.org
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email@example.com or by mail using the details provided below:
Data Protection Officer, Opti-Nutra Ltd. 7 Clarendon Place, Royal Leamington Spa, CV32 5QL, United Kingdom.