Effective Date: January 1, 2024
Entity: GREEN VITALITY LTD ("we", "us", "our")
This Privacy Policy outlines how GREEN VITALITY LTD, registered in England and Wales, collects, processes, and protects your personal data. We are committed to upholding the highest standards of data protection in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all users of our website, subscription services, and corporate clients.
We collect "Identity Data" (names, usernames), "Contact Data" (billing address, delivery address, email, telephone), "Financial Data" (payment card details via secure third-party processors), "Transaction Data" (details about payments and services purchased), "Technical Data" (IP addresses, browser types), and "Health/Profile Data" (nutritional preferences, allergies, bio-data for specialized meal plans).
We process data under the following legal grounds: (a) Performance of a Contract – to deliver your meals; (b) Legitimate Interests – for business management and improvement; (c) Compliance with Legal Obligations; and (d) Explicit Consent – specifically for processing health-related data (Special Category Data) used in personalized nutrition.
We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law, we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
Under UK data protection laws, you have rights including: (a) Request access to your personal data; (b) Request correction of your personal data; (c) Request erasure of your personal data; (d) Object to processing; (e) Request restriction of processing; (f) Request transfer of your personal data; and (g) Right to withdraw consent at any time.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.