Privacy Policy

1. Introduction 

This Privacy Policy explains how we collect, process, and protect your personal data, as well as your rights regarding your information. Your privacy is important to us. As the data controller, Healthyat100 ("we", "our", "us") determines how your personal data is used in compliance with applicable data protection laws.

We are Healthyat100, 14 Hintlesham Avenue, Edgbaston, B15 2PH. For any questions about this Privacy Policy or to exercise your rights, please contact us at this address or via email at team@healthyat100.com.

We reserve the right to update this Privacy Policy periodically. If significant changes affect your rights, we will notify you if we have your email address. Otherwise, you should review this Privacy Policy regularly to stay informed of any updates.

2. Collection of Personal Data 

Personal data refers to identifiable information, including your name, email address, gender, age, phone number, and IP address.

If you purchase a report from us, we may collect sensitive personal data, such as health-related information, including genetic and blood data. This is categorized as special category data under data protection laws, and we process it strictly for fulfilling your request.

Information You Provide:

You may provide personal data when you:

  • Use our website
  • Purchase a report
  • Complete a consent form for a sample test
  • Contact us via forms or email
  • Apply for a job with us
  • Provide services to us
  • Communicate with us for queries, feedback, or complaints

We may collect personal data through social media interactions and when analyzing your sample to prepare a report.

Providing personal data may be mandatory for fulfilling your request (e.g. processing a report), and we will indicate when this is necessary. The information must be accurate, and we may request verification.

If you order a report for someone else, you must have their consent before sharing their personal data.

Information We Automatically Collect:

When you use our website, we automatically collect:

  • Technical details about your device (e.g., browser type, operating system)
  • Preferences (e.g., time zone, language)
  • Website usage data (e.g., visit duration, accessed pages)

This data is collected via cookies and analytics tools like Google Analytics. For more information, see our Cookies Policy.

Information We Receive from Third Parties: We may receive personal data from:

  • Individuals who order reports for you (with your consent)
  • Laboratories processing test samples
  • Payment providers and security service providers

3. Lawful Basis for Processing

We process personal data under the following legal bases:

  • Consent (when you provide explicit permission)
  • Contractual necessity (to fulfil our services)
  • Legal obligations (compliance with regulations)
  • Legitimate interests (operating and improving our business, provided this does not override your rights)

The primary reason for using your data is to prepare and deliver your report. We may also use personal data for legal compliance, service improvements, business transactions, and research (on an anonymous basis).

4. Sharing Your Data

We only send reports to individuals who have provided consent.

We may share personal data with:

  • Laboratories (under strict confidentiality agreements)
  • Service providers (e.g., IT, payment processors, auditors, legal advisors)

All third-party providers must comply with our data protection standards and delete or anonymize data once their services are complete.

5. Data Storage and Transfers:

Your personal data may be stored or processed outside the European Economic Area (EEA), including in countries that have adequate data protection laws or organizations that comply with recognized security frameworks (e.g., Standard Contractual Clauses, Privacy Shield). We only work with reputable service providers, including:

  • Google (cloud storage, email, analytics)
  • MailChimp (marketing emails)
  • WordPress (website)
  • Hostinger (website hosting)
  • Stripe (payment processing)

6. Security Measures:

We implement technical and organisational measures to secure your personal data, including:

  • Restricted access to sensitive data
  • Password protection and encryption
  • Secure data storage and transmission

Despite these measures, electronic data storage is not completely risk-free. In case of a security breach, we will act promptly to mitigate any impact.

7. Marketing Communications:

You can opt in to receive marketing emails and opt out at any time by:

  • Clicking "unsubscribe" in marketing emails
  • Contacting us directly

We will update our records accordingly and stop sending marketing messages, though we may still contact you for service-related matters.

8. Cookies:

We use cookies for functionality, analytics, and performance improvements. For more details, see our Cookies Policy or visit www.aboutcookies.org.

9. External Links and Services:

Our website may include links to third-party sites (e.g., YouTube, social media). These sites may collect your data independently, and we encourage you to review their privacy policies.

10. Payment Processing:

Payments are processed securely through Stripe. For details, see Stripe’s Privacy Policy.

11. Your Rights:

You have the following rights under data protection laws:

  • Access – Request a copy of your personal data
  • Rectification – Correct inaccuracies in your data
  • Portability – Transfer your data to another provider
  • Restriction – Request limited processing under certain conditions
  • Erasure – Request deletion of your data when it is no longer needed
  • Marketing opt-out – Withdraw consent for marketing communications

We may charge an administrative fee for excessive or unfounded requests. If you have concerns, you can also contact the Information Commissioner’s Office (ICO) or your local data authority.

12. Data Retention:

We retain data as long as necessary for:

  • Service fulfillment and customer support
  • Legal and regulatory compliance
  • Business operational needs

Test reports are securely stored, and samples are kept for up to 3 months unless you request earlier disposal.

13. Governing Law:

This Privacy Policy is governed by English law and subject to the jurisdiction of the English courts.