Privacy Policy

We are committed to protecting your privacy and comply fully with the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

The Really Healthy Company Ltd. (registration Z8480955) is the data controller responsible for the personal information we collect. We use your data only as needed to process orders and provide good service. We never sell or exchange customer information with third parties, except where required by law.

Any information collected about you is used solely to process orders and ensure we provide the best possible service. You will not be contacted for marketing purposes unless you have opted in to our occasional newsletter. When accounts become inactive for a few years, we permanently delete them.

Information we collect and store may include:

  • Name
  • Trading name (if applicable)
  • Address (including delivery address if different)
  • Telephone number (only for order-related issues)
  • Email address (for order information and optional newsletters)
  • Where you heard about us
  • Purchase history
  • Referral practitioner name (if applicable)
  • Practitioner client name and address (if applicable)
  • Web address (if applicable)
  • Emails you send us

Information we do not collect or store:

  • Payment details such as credit or debit card information. Payments are handled by Stripe, a secure third-party payment gateway. Card details are SSL-encrypted and stored on their servers only. Any card information provided to us by phone or post is either immediately placed on the Stripe servers, or is shredded within two business days after processing.
  • Medical information. We do not add or retain medical notes within our customer database. Emails that mention health matters remain only within normal email correspondence.

Your rights to access, modify, or delete your data

You may request a digital copy of the data we hold about you at any time. We will respond within one calendar month. You may also request corrections to your data, which we will usually make immediately or within a couple of business days after receiving your email.
Customers have the right to ask us to delete their accounts. However, accounting law requires us to retain order records for six years, after which they can be deleted. We can always remove you from our newsletter list and delete non-order-related correspondence.

Additional points:

  • All online collection and storage of your information use SSL encryption.
  • Our web platform and third-party payment and accounting systems are GDPR and PCI compliant.
  • This site uses cookies to support basic functionality such as the shopping basket and remembering you between visits. If you disable cookies, you may not be able to place online orders. You can manage cookies in your browser or through our cookie-consent tool.
  • We monitor website traffic anonymously using analytics software. Only IP address data is visible to us.
  • Linked websites are not covered by this policy; please check their privacy statements before submitting information.

If you have any questions or concerns about privacy, please contact us.