15% off £30 or 20% off £40
What is Personal and Sensitive Data?
Personal data means any information that may be used to identify you on its own or, when combined with other information, will enable identification. Sensitive data may include data revealing racial or ethnic origin, or data concerning your health.
We may collect, use, store and transfer different kinds of personal and sensitive data about you including the following:
Security – Keeping your Data Safe
Data security is never taken for granted and H&B invest significantly in security to constantly update our systems and procedures. Our security team works with a dedicated independent Data Protection Officer to ensure your personal data remains a top priority.
If you want more details about what we do to keep your data secure, please contact the GDPR team on GDPR@hollandandbarrett.com
Sharing Data within the Group
The H&B group comprises a number of separate legal entities. We will responsibly share data between the group where the reason for doing so is defined and aligned to the original purpose for which we collected your data, and for their digital services and for analysis purposes.
Data retention – How Long do you Keep my Data?
Your personal information will only be retained for as long as necessary to fulfil the purposes for which it was collected, including for purposes of satisfying any legal, accounting, or reporting requirements. Sometimes we might have a Legitimate Interest to hold your data for longer than normal, such as in the case of a dispute or where it is necessary to retain account and order information for any periods required by law (including local tax requirements).
To determine the appropriate retention period for personal data, we follow the guidelines where they are available, including from the supervisory authorities in the relevant country. We take into consideration additional factors such as legal requirements, exceptions, and the potential risk of retaining your personal data.
Anonymous data is not personal data. Our anonymisation process follows guidance and best practice methods to ensure that the data is truly anonymous.
We are Holland & Barrett International Limited (company registration number 04515115). Our address is Samuel Ryder House, Barling Way, Eliot Park, Nuneaton, Warwickshire, CV10 7RH
Our Group Companies include:
We have websites that trade under a brand but are ‘Powered by Holland & Barrett’. If you are uncertain if a website is a genuine Holland & Barrett brand, contact gdpr@hollandandbarrett.com with the name of the website in question and we will confirm its authenticity.
We are registered with the Information Commissioner’s Office in the United Kingdom (the UK supervisory authority for data protection issues. Our registration number is Z5145046.
We have appointed a GDPR team. Please contact the GDPR team using the details set out below. Our GDPR team will be happy to help with any questions that you may have.
GDPR@hollandandbarrett.com | |
Post | GDPR Team, Samuel Ryder House Barling Way Eliot Park Nuneaton Warwickshire CV10 7RH United Kingdom |
You have several rights in relation to your personal and sensitive data as provided by the UKGDPR, the Data Protection Act 2018 and the General Data Protection Regulation 2016 (GDPR).
United Kingdom | Ireland |
Email: casework@ico.org.uk Phone: 0303 123 1113 Post: Information Commissioner’s Office, Wycliffe House Water Land, Wilmslow Cheshire, SK9 5AF Website: ico.org.uk | Email: dpo@dataprotection.ie Phone: +353 (0)761 104 800 or +353 (0)57 868 4800 Post: Data Protection Commission 21 Fitzwilliam Square South Dublin 2, D02 RD28 Ireland Website:dataprotection.ie |
Belgium | Holland |
Email: dpo@apd-gba.be Phone: +32(0)2 274 48 00 or +32(0)2 274 48 35 Post: Data Protection Authority Drukpersstraat 35 1000 Brussels Website: dataprotectionauthority.be/citizen | Phone: +31 (0)70 888 85 00 Post: Autoriteit Persoonsgegevens PO Box 93374 2509 AJ DEN HAAG Website: autoriteitpersoonsgegevens.nl/en |
We have several stores, online shopping websites and apps which you may use to buy products or services from us, or simply browse for information.
When you purchase from us, we need to collect information about you to process the order. We may also use that information to learn more about your browsing and buying habits so that we create tailored products and services we think you’ll be interested in.
We want to make this as clear as possible, so we’ve made a brief list below that summarises the personal data we collect. We also set out the "legal basis for processing", i.e., to tell you on what grounds we are allowed to use your information. The legal basis for each purpose is that (a) we have your consent for the use of your personal information, or (b) that we need to use your personal information to perform a contract with you, or (c) that the use of your personal information is necessary for our legitimate interests (in which case we will explain what those interests are).
Personal data collected | Legal Basis for processing |
When you shop with us, communicate with our contact centre, browse our websites or other organisations' websites where our adverts are shown, or use our digital services, we will collect:
If you have given your consent for this, then we may share your data with third party networks such as Facebook and Google to place appropriate advertising. If you are not a registered user with us, then we don’t share your data with any third parties. If you register an account with us, we may be able to link the information collected from you before registration and apply it to either your registered account or to future information that we collect after you have registered. |
|
When you register an account with us, we will capture your personal contact information, including name, telephone number, email address and postal address. We will also collect your order history and may contact you with information related to your order via email, SMS text, post, or telephone. If you are placing an order, we will also ask for your payment card number, expiry date and CVV number. If your order is for delivery or a Click & Collect from store, we will share the required information, to fulfil this request, with our third-party delivery partners. This will include Name, email, mobile number, and postal address (if a direct delivery) |
|
When calling our customer services team, you may talk to one of our agents based in South Africa. The agent has access to your registered account to assist with your enquiry. Personal data transferred in this case, is carried out lawfully based on the measures taken to allow transfer of data to international third countries. |
|
Contact Details for keeping in touch with you to market related products and services, including exclusive offers, vouchers, free gifts, deals, and information about events. |
|
CCTV when you visit our stores – your personal image, but not audio. This is to ensure the safety and security of customers, employees and third parties at our premises We will delete this after 30 days unless an event requires us to hold it longer. |
|
When you sign up for a loyalty card – your name, email, postal address, and email address. |
|
A record of your correspondence and/or conversations with our customer contact centre. |
|
Address any claims made against us. |
|
When a request for a return of a product is made in store we will capture your name, email address, telephone number and RFL number. |
|
When a report of an adverse reaction is made in store, we will capture your name, email address, telephone number and RFL number. We may also ask for information of any allergies or details of the reaction i.e rash, headaches this may include life threatening side effects such as seizures. You will be asked if you if you would like a response from the customer services team. |
|
Contact you about leaving a review on a product or service or providing feedback once your order has been completed or the service has been provided |
|
Contact Details for completing a market research related questionnaire to give feed back to us about your experience using the App, the website or visiting our stores and what we can do better. |
|
Notify you about changes to our services and to otherwise communicate with you. For example, we will use your contact details to respond to any queries that you submit to us. |
|
Review your past purchases and viewing history on our Digital Services to provide you with special offers or to tailor your experience online. |
|
Help us review, develop and improve the products and services we offer. For example, calls to our contact centres are monitored and recorded for quality control and training purposes. We may also send you market research requests via email (which you can opt out of via that email). If you raise a query (for example about a product or about our service) while we still hold a recording of your telephone call, and we can investigate or answer your query by referring to this call, we may do so. This may mean that your call recording will be held until your query has been resolved. |
|
Improve and measure the effectiveness of our marketing communications, including online advertising. We sometimes compare limited information that we hold about you (for example, your email address or mobile phone number) with third parties that also hold your information or have an existing online relationship with you to identify you as our customer and to enable us (or third parties on our behalf) to provide you with relevant marketing online. For example, we may compare your information with the information that social networking sites such as Twitter, Instagram, LinkedIn, Pinterest, Reddit and Facebook hold on you, so that they can identify you as a H&B customer and hence tailor the H&B marketing you receive via their sites and products. We also share cookie and other data (including online and offline purchase data) with entities such as Google, YouTube, Twitter, Instagram, LinkedIn, Pinterest, Reddit and Facebook in order to make our advertising more relevant to you. We require any such third parties to treat your personal information as fully confidential and to fully comply with all applicable data protection legislation. |
|
Carry out security checks to protect against fraudulent transactions and to prevent and detect criminal activity. |
|
Provide, enhance, and personalise your experience on our Digital Services. This may include a mini questionnaire of likes and dislikes that customers, who accept the tracking cookie banner. |
|
When you accept the tracking cookie, which is within the cookie banner on the website, you will be asked to complete a short questionnaire to determine some of your likes and dislikes this will help us provide, enhance, and personalise your experience on our Digital Services. |
|
We would store your contact details to keep you up to date on product launches this will include any seasonal launches. |
|
If you agree to be a H&B research survey participant via our website, we will collect and store your name, contact email address, age range & gender. If you are selected to take part in one of our surveys this will be carried out via a live video chat. Your data will be held for 12 months from the date of the completed survey. You can withdraw your consent at any time. |
|
If you sign up to our wait list for our Beauty Advent Calendar, we will ask you to provide your email address, first name & surname. The data collected will only be used for the notification of the product launch. |
|
If you sign up for our RFL Food Giveaway we will ask you to provide your full name, email address and postal address. The data collected will only be used for the purpose of the giveaway. |
|
When you visit our stores, you may notice some staff wearing body worn cameras – these devices record footage & audio from interactions, and only record when manually activated by the user to ensure staff safety, prevention & detection of a crime. |
|
Holland & Barrett are working with a supply chain mapping tool which tracks our products right down to farm level to ensure we have visibility and traceability within our supply chains.
Personal data collected | Legal Basis for processing |
We share limited amounts of personal data from supplier companies that work with H&B this will include supplier name, personal supplier contact name, contact email address and position. For information on how our cookies share data, see the Cookies section |
|
So that you can make full use of the interactive features on our website, your computer, mobile phone or other device (all referred to here as device) will need to accept cookies.
Here you can see what cookies may be sent to your device by hollandandbarrett.com and what we use each cookie for. You can set your browser to reject cookies (see the 'Help' menu of your browser to find out how to do this), but please bear in mind that if you do this, certain personalised features of this website cannot be provided to you.
When you visit our website or apps, we’ll ask you what data we can collect about you. We use five principal types of cookies:
Using cookies and mobile Ad identifiers, we share information with Google for the purpose of delivering personalised and non-personalised advertising. You can read more about how Google uses your data here.
Strictly Necessary
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
Functional
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all these services may not function properly.
Targeting
We may set these cookies on our site or through our advertising partners. These are used to build a profile of your interests.
Using information that identifies you, such as your IP address or client ID, we will track which pages you visit, transactions you make, and ads you click. In addition to your email address, we can share information with third parties, such as Google, to determine which advertising brought you to our website. If you do not allow these cookies, you will experience less targeted advertising.
You can see the full list of partners that we share data with here. You can also manage or withdraw consent for part or all optional cookies here: Cookie Settings.
Strictly Necessary
FIRST PARTY | ||||
Host | Cookie Name | Description | Expiry Duration | Expiry Unit |
hollandandbarrett.be | bm_sz | 0 | Days | |
www.hollandandbarrett.be | hzn_ssc | 0 | Days | |
hollandandbarrett.be | ak_bmsc | This cookie is associated with Akamai and is used to differentiate between traffic from humans and bots. | 0 | Days |
help.hollandandbarrett.be | __cfruid | Cookie associated with sites using CloudFlare, used to identify trusted web traffic. | 0 | Days |
hollandandbarrett.be | bm_mi | This cookie is associated with Akamai. It is used to analyse traffic to determine if it is automated traffic generated by bots or a human user. | 0 | Days |
www.hollandandbarrett.be | hbi-session-id | 2 | Years | |
auth.hollandandbarrett.be | auth0_compat | 2 | Days | |
hollandandbarrett.be | _abck | 1 | Years | |
hollandandbarrett.be | bm_sz | 0 | Days | |
hollandandbarrett.be | OptanonAlertBoxClosed | This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a normal lifespan of one year and contains no personal information. | 1 | Years |
www.hollandandbarrett.be | hbi-cookie-consent | 2 | Months | |
auth.hollandandbarrett.be | auth0 | 2 | Days | |
hollandandbarrett.be | bm_sv | This cookie is associated with Akamai and is used to differentiate between traffic from humans and bots. | 0 | Days |
auth.hollandandbarrett.be | did_compat | 1 | Years | |
www.hollandandbarrett.be | testCookie | This is a very generic cookie name that could relate to a number of different uses. However in most cases it would be a session cookie designed to test whether a browser is set to accept first party cookies. | 0 | Days |
www.hollandandbarrett.be | testCookie | This is a very generic cookie name that could relate to a number of different uses. However in most cases it would be a session cookie designed to test whether a browser is set to accept first party cookies. | 0 | Days |
auth.hollandandbarrett.be | did | 1 | Years | |
hollandandbarrett.be | OptanonConsent | This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor. | 1 | Years |
hollandandbarrett.be | ak_bmsc | This cookie is associated with Akamai and is used to differentiate between traffic from humans and bots. | 0 | Days |
www.hollandandbarrett.be | auth_verification | 0 | Days | |
www.hollandandbarrett.be | _dd_s | 0 | Days | |
www.hollandandbarrett.be | hbi-session-id | 2 | Years | |
www.hollandandbarrett.be | bid | 0 | Days | |
THIRD PARTY | ||||
Host | Cookie Name | Description | Expiry Duration | Expiry Unit |
www.hollandandbarrett.com | OptanonConsent | 1 | Years | |
www.hollandandbarrett.com | OptanonAlertBoxClosed | 1 | Years |
Performance
First Party | ||||
Host | Cookie Name | Description | Expiry Duration | Expiry Unit |
hollandandbarrett.be | _gat | This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes. | 0 | Days |
hollandandbarrett.be | _gid | This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited. | 0 | Days |
hollandandbarrett.be | _ga_XXXXX | Used by Google Analytics to identify and track an individual session with your device. | 1 | Years |
hollandandbarrett.be | _ga_xxxxxxxxxx | To generate statistical data on how the visitor uses the Service | 1 | Years |
hollandandbarrett.be | _ga | This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners. | 1 | Years |
THIRD PARTY | ||||
Host | Cookie Name | Description | Expiry Duration | Expiry Unit |
wepublish.com | _ga_xxxxxxxxxx | 1 | Years | |
wepublish.com | _gid | _gid | 0 | Days |
wepublish.com | _ga_xxxxxxxxxx | 1 | Years | |
wepublish.com | _ga | 1 | Years | |
wepublish.com | _ga | 1 | Years |
Functional
FIRST PARTY | ||||
Host | Cookie Name | Description | Expiry Duration | Expiry Unit |
hollandandbarrett.be | _pin_unauth | This cookie is assocate with pinterest. It is used to track the usage of services. | 1 | Years |
www.hollandandbarrett.be | HnBI-SP-IDv2 | 1 | Years | |
www.hollandandbarrett.be | _tq_id.TV-6381547227-1.b66e | _tq_id.TV | 1 | Years |
help.hollandandbarrett.be | cf_clearance | Used to verify user is not a bot; user/system has solved a challenge successfully | 1 | Years |
www.hollandandbarrett.be | locale | This cookie is commonly used to store the user's preferred language or locale, allowing the website to serve content in the user's preferred language or format. | 0 | Days |
www.hollandandbarrett.be | dd_cookie_test_ | dd_cookie_test | 0 | Days |
www.hollandandbarrett.be | currency | 0 | Days | |
hollandandbarrett.be | ab.storage.sessionId.xxx | ab.storage.sessionId | 1 | Years |
www.hollandandbarrett.be | currency | 0 | Days | |
www.hollandandbarrett.be | HnBI-SP-RV | 1 | Months | |
help.hollandandbarrett.be | _help_center_session | This cookie aids in session for the Zendesk guide. | 0 | Days |
THIRD PARTY | ||||
Host | Cookie Name | Description | Expiry Duration | Expiry Unit |
hollandandbarretthelp.zendesk.com | __cfruid | 0 | Days | |
help.hollandandbarrett.com | __cfruid | 0 | Days |
Targeting
FIRST PARTY | ||||
Host | Cookie Name | Description | Expiry Duration | Expiry Unit |
hollandandbarrett.be | _dlt | This cookie is associated with Google's real time bidding advertising exchange. The main purpose of this cookie is targeting. | 0 | Days |
hollandandbarrett.be | __qca | This is a cookie usually associated with Quantcast, a digital advertising company. They provide website rankings, and the data they collect is also used for audience segmentation and targeted advertising. | 1 | Years |
hollandandbarrett.be | _uetvid | This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website. | 1 | Years |
hollandandbarrett.be | ab._gd############# | This cookie is associated with software provided by Braze, is a marketing company that develops customer relationship management and mobile marketing automation software which businesses use to manage their applications. These cookies track session_id, device_id, and external_id. This is a pattern type cookie with a common root of ab._gd followed by a string of numbers. | 0 | Days |
hollandandbarrett.be | _tt_enable_cookie | 1 | Years | |
hollandandbarrett.be | _ttp | 1 | Years | |
hollandandbarrett.be | cto_bundle | 1 | Years | |
hollandandbarrett.be | tfpsi | 0 | Days | |
hollandandbarrett.be | _gcl_au | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services | 2 | Months |
hollandandbarrett.be | cto_tld_test | This is a Criteo cookie used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. | 0 | Days |
hollandandbarrett.be | _fbp | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers | 2 | Months |
www.hollandandbarrett.be | criteo_write_test | This is a Criteo cookie used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement - The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. | 0 | Days |
hollandandbarrett.be | ab.storage.deviceId. | Out-of-the-box randomly generated string used by Braze to identify anonymous users, and to differentiate users’ devices and enables device-based messaging | 1 | Years |
hollandandbarrett.be | _uetsid | This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site. | 0 | Days |
hollandandbarrett.be | _cs_nnnnnnnnnnnnn | This is a session cookie. This is a pattern type cookie where a random 13-digit number is appended to the prefix _cs_. | 0 | Days |
www.hollandandbarrett.be | pmVisitSource | 0 | Days | |
THIRD PARTY | ||||
Host | Cookie Name | Description | Expiry Duration | Expiry Unit |
casalemedia.com | CMID | This domain is owned by Casale Media. The main business activity is: Advertising | 1 | Years |
dnacdn.net | browser_data | This domain is commonly associated with the delivery of digital advertising material and tracking of user interactions with ads, often as part of a content delivery network (CDN) for advertising content. | 1 | Years |
bing.com | MUID | This domain is owned by Microsoft - it is the site for the search engine Bing. | 1 | Years |
tiktok.com | _ttp | 1 | Years | |
casalemedia.com | CMPRO | This domain is owned by Casale Media. The main business activity is: Advertising | 2 | Months |
service2.loyaltyinabox.com | APPID | 0 | Days | |
www.facebook.com | This domain is owned by Facebook, which is the world's largest social networking service. As a third party host provider, it mostly collects data on the interests of users via widgets such as the 'Like' button found on many websites. This is used to serve targeted advertising to its users when logged into its services. In 2014 it also started serving up behaviourally targeted advertising on other websites, similar to most dedicated online marketing companies. | 0 | Days | |
doubleclick.net | test_cookie | This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange | 0 | Days |
dpm.demdex.net | dpm | This domain is owned by Adobe Audience Manager. The main business activity is online profiling for targeted marketing. | 5 | Months |
youtube.com | YSC | YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. | 0 | Days |
casalemedia.com | CMPS | This domain is owned by Casale Media. The main business activity is: Advertising | 2 | Months |
youtube.com | VISITOR_PRIVACY_METADATA | YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. | 5 | Months |
wepublish.com | _gat_UA-XXXXXX-X | Google Analytics Cookies | 0 | Days |
adnxs.com | uuid2 | This domain is owned by AppNexus Inc. The company provides a range of online advertising technology and services. | 2 | Months |
youtube.com | VISITOR_INFO1_LIVE | This cookie is used as a unique identifier to track viewing of videos | 5 | Months |
bing.com | MSPTC | This domain is owned by Microsoft - it is the site for the search engine Bing. | 1 | Years |
www.youtube.com | TESTCOOKIESENABLED | YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. | 0 | Days |
ct.pinterest.com | _pinterest_ct_ua | This domain is associated with Pinterest, a social media platform that allows users to share images and media content through collections known as pinboards. The domain is likely used for conversion tracking and advertising purposes. | 1 | Years |
criteo.com | optout | This domain is owned by Criteo. The main business activity is: Advertising | 1 | Years |
demdex.net | demdex | This cookie helps Adobe Audience Manger perform basic functions such as visitor identification, ID synchronization, segmentation, modeling, reporting, etc. | 5 | Months |
doubleclick.net | IDE | This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange | 1 | Years |
pinterest.com | ar_debug | This domain is owned by Pinterest. The main business activity is: Social Content Sharing platform | 1 | Years |
quantserve.com | mc | This domain is owned by Quantcast. The main business activity is: Market and Audience Segmentation, Targeted advertising services | 1 | Years |
criteo.com | uid | This domain is owned by Criteo. The main business activity is: Advertising | 1 | Years |
Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside the EEA.Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
For further details, see European Commission: Adequacy of the protection of personal information in non-EU countries.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe.
For further details, see European Commission: Model contracts for the transfer of personal information to third countries.
Where we use processors in countries outside of the UK and EEA, we first see if they have a adequacy decision from the EC, which means data subjects whose data are processed in those countries enjoy the same level of protection as in the EU. If no adequacy decision exists, we ensure those same levels of protection are in place through legal transfer mechanisms such as Standard Contractual Clauses or the UK’s International Data Transfer Agreement (IDTA).
Please contact gdpr@hollandandbarrett.com if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
Our services online and through mobile apps empower you to better understand your health and wellness. Using technology, subject matter experts and helpful tips and recommendations, the app works to help you achieve your wellness goals.
H&B &Me analyses your health and lifestyle data in order to support wellness goals, for example, it calculates your biological age, and monitors activities such as sleep and exercise to present insightful trends.
To deliver the service, we need to collect a wide range of health data about you. H&B only uses the health data collected to provide this service, and we never sell or share this information with third parties that are not participating in the delivery of the service.
If you book a blood test through us we will share personal information, limited to only that which is strictly necessary, with the third party qualified nurses who collect the blood samples on our behalf.
Where we partner with other companies, such as a laboratory for testing samples & technical for calculations of biological age and tracking, the partner may have a legal or regulatory obligation to be an Independent Controller for some information provided. and may, as a result, have their own retention obligations they need to comply with for personal data.
To use The Service, you must have an account, which you can create inside the app. When you do this, we’ll ask you to give us consent so we can use your personal data for one or more specific purposes. We acknowledge that consent must be freely given, but without consent for processing your health information, delivery of the intended service will not be possible.
Data We May Process | Lawful Basis |
Contact information such as email and phone number date of birth and gender |
|
Collecting information about your health, we will capture your personal information necessary for the service including detailed data about your health and wellness |
|
Qualified to advise will collect your contact details through a booking service, and information about your status and condition that you may supply to us to assist in your assessment, this can also lead to a live video chat with a Qualified to advise colleague. |
|
Data Category | Retention Time |
Contact information such as email and phone number date of birth and gender | 18 months after last activity or within 30 days of you closing your account |
Health data | 18 months after last activity or within 30 days of you closing your account |
Withdrawing Consent
If you decide you want to withdraw your consent from the service, you can do this easily through the settings menu in the App. Withdrawing consent will result in the erasure of any data we hold about you, which we are not legally obliged to retain. If the option in our app exists to delete your data, this is also considered equivalent to withdrawing consent.
Where you receive emails about the service, they will have instructions on how to unsubscribe or withdraw consent.
Sharing Data to Deliver the Service
To deliver the service, we rely on partners that are experts in their field, such as phlebotomy (blood testing). When we enter into agreements with those partners, we put technical and organisational measures in place that ensure they only have the minimum data necessary to fulfil their purpose, and that the data is processed securely and in line their obligations under the agreement.
We share some data with partners that may operate under a legal requirement to process and retain personal data, and in those cases, they will be an Independent Controller, along with Holland & Barrett.
Data We May Process When You Use this Service
Data We May Process | Lawful Basis |
Performing the Service in Store, collecting data about your health. Contact information such as email and phone number. |
|
Performing the service at your Home, collecting data about your health. Contact information such as email and phone number and address |
|
Customer Service – contact information |
|
How Long we Hold Your Data
Data Category | Retention Time |
Performing the Service in Store - Contact information such as email and phone number | 18 months after last activity or within 30 days of you closing your account |
Performing the service at your Home - Contact information such as email and phone number and address | 18 months after last activity or within 30 days of you closing your account |
Customer Service – contact information | 12 months after last activity, or longer on case-by-case basis if there is a complaint |
Health Data is a ‘Special Category’ under the GDPR, meaning that we must consider carefully how we capture and use this data. Here’s what we do in a nutshell.