We are The Gut Stuff Limited (“The Gut Stuff”). Our contact and other details are set out at the end of this policy. We are the controller in relation to the personal data processed in accordance with this policy, except where this policy explains otherwise.
We are a UK company that provides a platform for all things gut health, including education, partnerships and products.
How we process personal data depends on the purpose for which we obtain it and the individual to whom it relates. We will normally only process personal data relating to you if:
We may process information relating to you to enable us, or other suppliers of ours (for example, if we use a third party to manage our fulfilment of orders), to manage and administer the supply of our goods or services to you or the person that you work for and to communicate with you in relation to that provision. This may include (where relevant) processing any information necessary to enable us to provide or arrange any facilities, resources, insurance or anything else necessary to supply the goods or services.
Where you are individual customer, the processing is necessary for the performance of a contract to which you are a party or to take steps at your request to enter into such a contract – article 6(1)(b) GDPR.
Where you are an individual who works for a business customer, the processing is necessary for the purpose of legitimate interests pursued by us in relation to our business; that is, the sale and supply of our goods and services – article 6(1)(f) GDPR.
We keep the personal information relating to you for as long as is necessary in relation to your purchase or potential purchase, and then for a period of at least 6 years after which we will delete it unless it is necessary to retain it for archival purposes.
To send marketing material to you, or advertise our goods or services to you
The processing is necessary for the purpose of legitimate interests pursued by us in relation to our products – article 6(1)(f) GDPR
We will keep the personal information for a reasonable period consistent with sending you marketing communications, after which we will either confirm that you are happy for us to continue to do so, or delete it (except to the extent we need to retain it for the sole purpose of supressing further marketing communications to you).
We may collect information on your visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive. We may keep a record of the content on our website that you have clicked on and use that information to target advertising on this website to you that is relevant to your interests and which we have identified based on content you have looked at. [This information is set out in our Cookies Policy.
You give consent to the processing – Article 6(1)(a) GDPR.
The processing is necessary for the purpose of legitimate interests pursued by us in relation to the development – article 6(1)(f) GDPR.
We will keep the information for a reasonable period and then delete it.
If we are carrying out social media monitoring and you interact with, or mention or tag us on social media, we may process details regarding that interaction and your social media ID for the purposes of keeping ourselves informed in relation to the interaction concerned and, if appropriate, communicating with you.
The purpose of legitimate interests pursued by us in relation to the development – article 6(1)(f) GDPR
We keep the personal information relating to you for as long as is necessary in order to enable us to communicate with you, after which we will delete it. Normally, we will not keep this information for more than 6 months following its collection.
We may process information relating to you to enable us, or other suppliers of ours, to manage and administer the provision of goods or services by you or the person that you work for and to communicate with you in relation to that provision. This may include (where relevant) processing any information necessary to enable us to provide or arrange any facilities, resources, insurance or anything else necessary to enable or assist you to provide goods or services in relation to our products.
The processing is necessary for the performance of a contract to which you are a party or to take steps at your request to enter into such a contract – article 6(1)(b) GDPR.
The processing is necessary for the purpose of legitimate interests pursued by us in relation to our products – article 6(1)(f) GDPR.
Details relating to your health will only be processed with your prior explicit consent, or to the extent necessary for carrying out our legal obligations or protecting your vital interests, or in relation to legal claims – Article 9(2) GDPR.
We will keep the information for as long as necessary to facilitate the provision of the relevant goods or services and then for a period of up to 6 years afterwards, after which we will normally delete it. If we consider you or the person that you work for, but decide not to select you or the person that you work for, to provide such goods or services, then we will normally keep any relevant information provided by you for a period of 6 months, after which we will delete it (unless it has been agreed that we will retain it in case, for example, we may wish to contact you in the future regarding other opportunities to provide goods or services).
Where appropriate, we may disclose your personal data to third parties:
If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers and suppliers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you; or to protect the rights, property, or our safety or that of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
The data that we process in relation to you will be processed within the European Economic Area (“EEA”).
All personal data processed by us is stored securely. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Under data protection law, you have certain rights. Your rights depend on our reason for processing your personal information.
If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal complaint with the Information Commissioner.
You can withdraw your consent to any relevant processing of personal data:
You can exercise your right of access to your personal data:
Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.
The Gut Stuff Limited
30 Oval Road
Contact: Data Protection Officer, The Gut Stuff, email@example.com
This policy was last updated on 1 July 2020