www.lowcarbprogram.com and our Low Carb Program mobile app (each of and together the “Sites”) are owned and operated by Diabetes Digital Media Limited of Technology House, Sir William Lyons Road, University of Warwick Science Park, Coventry, CV4 7EZ (“we”, “us”, “our“).
For the purpose of the Data Protection Act 1998, the data controller is Diabetes Digital Media Limited with registration number Z3613413.
1. WHAT IS PERSONALLY IDENTIFIABLE INFORMATION (PII) / PERSONAL DATA?
Personal data or PII means any information relating to a person who can be identified either directly or indirectly by that information; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase history (“Personal Data”).
2. INFORMATION WE MAY COLLECT FROM YOU
2.1 We may collect and process the following data about you:
- Information you provide to us – This includes:
- Information provided at the time of registering to use our Sites, for the use of our services, posting material, submitting testimonials, reviewing products, raising quotes or general enquiries, completing an offer submission, entering a competition or requesting further services. We may also ask you for information when you report a problem with our Sites or regarding the products and services provided by us.
- Sensitive Personal Data concerning health matters from or about you if you disclose such information on our Sites (when signing up for an account with us, making enquiries or otherwise). This includes information relation to your health condition, treatments and medications you make take and healthcare and medical devices you may use.
- If you contact us, we may keep a record of that correspondence and/or any video or audio uploads or telephone calls.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our Sites and of the fulfilment of your orders.
- Payment details including but not limited to the name on your bank card, the invoice address and partial card number.
- Information we collect about you – When you visit the Sites we may automatically collect information about your computer or device, including your IP address, information about your visit, your browsing history, and how you use the Sites. This information may be combined with other information you provide to us, as described above.
- Information we receive from other sources – We are also working closely with third parties (including, for example, business partners, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may be combined with other information you provide to us, as described above.
2.2 Please note you have the option of what information in your account is publicly displayed. Furthermore, within your account, you have the option to opt-in or opt-out of automatically generated e-mails from us.
3. OUR NEWSLETTER
3.1 On registration, you opt-in to receive email newsletters as part of your Subscription.
3.2 In order to unsubscribe from our newsletter please select the “unsubscribe” option in your welcome email (or any subsequent newsletter emails). Please note this is an automated service and as such we cannot be responsible for any errors which may occur in submitting your unsubscription request. Please contact us at firstname.lastname@example.org if you require any assistance with unsubscribing from our newsletter.
4. MEDICAL INFORMATION
You should be aware that information captured via our Sites may be viewed by our medical team. None of this information will be passed to any other person except for:
- disclosure for the prevention of crime;
- in accordance with applicable law;
- compliance with the direction of any regulatory or governing bodies;
- for the purposes of preventing injury or harm to you as the data subject; or
- when registering to receive services or take part in clinical trials/surveys, to the responsible organisation(s).
5. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
5.1 We will only process your Personal Data, in accordance with applicable law, for the following purposes:
- creating and maintaining your customer account, if you become a registered customer with us;
- handling and fulfilling your requests, if you request goods and/or services from us;
- offering our services to you in a personalised way, for example, we may provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- facilitating your relationship with your health insurance company, if you have been referred to us and based solely on your involvement with the Low Carb Program;
- to publish testimonials you submit about us and/or the Sites and to identify you as the author of such testimonial(s) (identification will be limited to your name, age and location;
- for research and statistical purposes, but any Personal Data relating to your health will always be anonymised and aggregated and will not identify you;
- administering any promotion or competition, that you enter via the Sites or via email communication;
- to allow you to participate in interactive features of our services, when you choose to do so;
- resolving any disputes, if you lawfully exercise your rights or if you wish to dispute any part of our service offering;
- sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our products and services, as well as those of our selected partners’ and Providers’, which we (or they) consider may be of interest to you;
- providing you, or allow carefully selected third parties to provide you, with information about products or services, that may interest you;
- ensuring the security of your account and our business, preventing or detecting fraud or abuses of our Sites, for example, by requesting verification information in order to reset your account password (if applicable);
- developing and improving our products and services, for example, by reviewing visits to the Sites and its various subpages, demand for specific products and services and user comments;
- to administer the Sites and for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to notify you about changes to our services and to send you service emails relating to the activities you have asked us to undertake on your behalf;
- as part of our efforts to keep the Sites safe and secure; and
- to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
5.2 Your consent, as the “Data Subject”, to the processing as specified in this Policy is the primary legal ground for our processing of your Personal Data. However, there may be circumstances where we may also rely on other valid legal grounds for the processing of your Personal Data, such as:
- your request for content, products or services necessitating steps including processing of your Personal Data to be taken prior to entering into contract with you and any processing that is necessary for the performance of such contract;
- legitimate interests we pursue as a business, except where such interests are overridden by your interests and fundamental rights; and
- compliance with any legal obligation to which we are subject, such as, for example, the processing for the purposes of complying with applicable law.
6. DISCLOSURE OF YOUR INFORMATION
There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure to:
- our subsidiaries, branches or associated offices;
- your health insurance company (who may have referred you to the Low Carb Program or who you have otherwise notified us of) in order for them to contact you to discuss your insurance policy in connection with your participation in the Low Carb Program;
- the Swiss Re Group, who is a leading global reinsurer and who facilitates our relationship with your health insurance company. Any information shared with the Swiss Re Group will be in anonymised aggregated form only and will not identify you;
- our selected marketing agents, where you submit testimonials about us and/or the Sites, in order for those agents to publish such testimonials via various media (which may include online and printed publications and/or film);
- our outsourced service providers and suppliers to facilitate the provision of goods and/or services to you, together with such other goods and/or services as we and/or they feel may interest you;
- to research organisations where the information has been anonymised and aggregated;
- our advertising partners who enable us to deliver personalised ads to your devices or similar advertising;
- subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, you may unsubscribe by notifying us at email@example.com by clicking “unsubscribe” in the message concerned;
- analytics and search engine providers that assist us in the improvement and optimisation of the Sites. Your Personal Data is generally shared in a form that does not directly identify you;
- third party analytics providers that assist us in establishing trends amongst our users based on the information you provide to us and generating associated content (for example, news articles and/or social media posts);
- selected third party service providers in order to share the statistical and analytical information generated above, in an anonymised and aggregated format only;
- third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor company;
- public authorities where we are required by law to do so;
- if required, in order to receive legal advice; and
- any other third party where you have provided your consent.
7. INTERNATIONAL TRANSFER OF PERSONAL DATA
We may transfer your Personal Data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In particular, your Personal Data may be transferred throughout our group and to our outsourced service providers located abroad. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means. Please contact firstname.lastname@example.org for a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances.
8. RETENTION OF PERSONAL DATA
8.1 Your Personal Data will be retained until your last use of our services and normally for a period of three years thereafter, unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your Personal Data that is no longer required for the purposes set out in this Policy. The retention of your Personal Data will be subject to periodic review.
8.2 We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
8.3 Please contact us at email@example.com if you would further details about our data retention periods.
9. DATA SUBJECT RIGHTS
9.1 Data protection law provides Data Subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their Personal Data. Data Subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law.
- Right to make subject access request (SAR). Data Subjects may, where permitted by applicable law, request copies of their Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by writing to firstname.lastname@example.org whose contact details are above. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee.
- Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data.
- Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.
- Right to object to processing, including automated processing and profiling. You may, as permitted by applicable law, request that we stop processing your Personal Data. In relation to automated processing and profiling, you may object to the processing and you will have the right to obtain human intervention.
- Right to erasure. You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
- Right to data portability. In certain circumstances, you may request that we provide your Personal Data to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services. We will comply with such transfer as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your Personal Data which may still be required for legitimate and lawful purposes.
- Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
The Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates and other third parties. If you follow a link to any of these websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
1.2 You may delete and block all cookies from our Sites by changing your browser settings to refuse the setting of all or some cookies. Making this change may affect the functionality of our Sites and you may not be able to access all or parts of the Sites.
2. OUR COOKIES
2.1 Strictly necessary cookies
These are cookies that are required for the operation of our Sites for example, cookies that enable you to log into secure areas of our Sites or use the shopping basket.
2.2 Tracking cookies and pixels
- Tracking cookies are used to provide information on the pages that are viewed. This information is anonymous, not shared with anyone else and used on our Sites. Tracking cookies set from our Sites will be predominantly from Google Analytics and Hitslink.
- Tracking pixels may also be set in emails and banner display advertising to monitor the number of times that an email or banner has been seen. They are not used for any other purpose.
- Cookies may occasionally be used to display some users’ surveys or different versions of a page. We then use analytics to identify which version of a page provides a better user experience.
- Cookies may also be set to see how well certain banners ads are received. This helps to identify how many times an advertisement has been seen, clicked on or downloaded.
- Common cookies you may encounter on our Sites are __utma, __utmb, __utmc, __utmz, __utmv which are for Google Analytics (see the Google cookie page for more information); reg_fb_gate, reg_fb_ref which are Facebook cookies (see more about these cookies here). Cookies beginning with hellobar_ are used to show you relevant offers on pages that you are visiting and the cookie expires in 1 year.
3. MORE INFORMATION
For more detailed information about cookies please visit www.allaboutcookies.org.
4. CONTACT US