Privacy

PRIVACY POLICY


Hey there! Thanks for reading our privacy policy (you’re living proof that lawyers should exist👩🏻‍💼). As with our T&Cs, we’ve written this in both legalese (in italics) as well as in plain English (in bold).


This privacy policy applies between you (the User of this Website) and us (Habitual Health Ltd., or Habitual for short), the owner and provider of this Website. We take the privacy of your information very seriously. This privacy policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website.


  1. Intros & terminology

Legal docs use a bunch of formal terms. Here are the definitions of everything you’ll see in this document.


1.01. WE are Habitual (the trading name for Habitual Health Ltd), a company registered in England and Wales at The Frames, 1 Phipp St, Unit 411, London EC2A 4PS, company number 12193474. In this document we will be referred to as “Habitual”, “we”, and “us”. 

1.02. YOU are the lovely person who’s decided to browse our Website or sign up for our program (we’ll refer to you as “the User” and “you”).

1.03. This document (referred to as “the Agreement”) is legally binding between you and Habitual.

1.04. When we refer to our“Website”, this includes tryhabitual.com and all associated subdomains, including your tracking app.

1.05. When we refer to the “Program”, this means our weight loss and habit-change program which includes total diet replacement food products, expert articles, a health tracking web app, and virtual social networks with others going through the Program.

1.06. When we refer to Data, this means collectively all information that you submit to us via the Website and Program. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws.

1.07. When we refer to Cookies, this means a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website.

1.08. Data Protection Laws refer to any applicable law relating to the processing of personal Data, including but not limited to the Directive 96/46/EC (Data Protection Directive) or the GDPR, and any national implementing laws, regulations and secondary legislation, for as long as the GDPR is effective in the UK. GDPR refers to the General Data Protection Regulation (EU) 2016/679;

1.09. UK and EU Cookie Law refers to the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.


In this privacy policy, unless the context requires a different interpretation:

  1. the singular includes the plural and vice versa;
  2. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this privacy policy;
  3. a reference to a person includes firms, companies, government entities, trusts and partnerships;
  4. "including" is understood to mean "including without limitation";
  5. reference to any statutory provision includes any modification or amendment of it;
  6. the headings and sub-headings do not form part of this privacy policy.


2. What this policy does and doesn’t apply to (scope)

We often link to external websites, however this privacy policy only applies to this Website and associated subdomains. 


2.01. This privacy policy applies only to the actions of Habitual and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites. You are advised to read the privacy policy or statement of other websites prior to using them.

2.02. For purposes of the applicable Data Protection Laws, we are the "data controller". This means that we determine the purposes for which, and the manner in which, your Data is processed.


3. Which data we collect 

If you choose to participate in the Habitual program, we will collect your personal and health data. We also collect data on your website usage (doing so is all the rage these days).

 

3.01. We may collect the following Data, which includes personal Data, from you:

3.01.01. personal data (including but not limited to first and last names, date of birth or age, address, email, and phone number)

3.01.02. lifestyle or health data (including but not limited to height, weight, medical and medication history, blood test readings, sleep and eating habits, sleep quality, mood, and GP contact details, ); 

3.01.03. details of your visits to the Website and the resources that you access (including, but not limited to, traffic data, location data, weblogs, other communication data, and the resources that you access).

in each case, in accordance with this privacy policy.


4. How we collect data

Some data is collected automatically, but there’s lots of data you will give to us, primarily through online forms or applications.


4.01. We collect Data both automatically as well as when you give us data. 

4.02. Data that is given to us by you may be collected as follows:

4.02.01. When you contact us through the Website, by telephone, post, e-mail or through any other means. 

4.02.02. When you elect to receive marketing communications from us;

4.02.03. Via online forms on our website and/or hosted by various other third-parties

in each case, in accordance with this privacy policy.

4.03. Data that is collected automatically may be collected as follows: 

4.03.01 We automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.

4.03.02. We will collect your Data automatically via cookies, in line with the cookie settings on your browser. For more information about cookies, and how we use them on the Website, see the section below, headed "Cookies".

4.03.03. We automatically collect information about your interactions with our email marketing communications and product-related emails, such as whether or not you open the email. 


5. How we use data

Data is incredibly powerful and helps us to not only improve your experience but also to ensure your safety and success as you go through our program.


5.01. Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:

5.01.01. internal record keeping;

5.01.02. improvement of our products / services;

5.01.03. transmission by email of marketing materials that may be of interest to you;

5.01.04. contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website;

5.01.05. evaluating your suitability for the program;

5.01.06. daily tracking information including weight, sleep, mood, and eating, exercise, and mental habits, is used for the purpose of calculating a daily “health score” as well as monitoring your progress;

5.01.07. in order to provide the User with more relevant advice and tips;

5.01.08. and daily journaling for the purpose of allowing you to reflect on your progress

in each case, in accordance with this privacy policy.

5.02. We may use your Data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see the section headed "Your rights" below).

5.03. For the delivery of direct marketing to you via e-mail, we require your explicit consent, which will be recorded before you share your email information with us. 

5.04. Product-related data including daily tracking information and health history will be de-identified during internal reviews and for analytics. By using our services, you consent to your profile data being used for the purposes outlined above.


6. Who we share data with

We’ll never sell your data, and we only share it with our employees, agents, and professional advisors in order to improve your experience. 


6.01. We may share your Data with our employees, agents and/or professional advisors in order to contact you with more information about the Habitual Program as well as to improve your experience on the Program.


7. Keeping data secure

The security of your data is incredibly important to us, and we take multiple measures to ensure it is stored safely and securely.


7.01. We will use technical and organisational measures to safeguard your Data, for example:

7.01.01. access to your account is controlled by a password and a username that is unique to you.

7.01.02. we store your Data on secure servers.

7.02. Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by emailing dpo@tryhabitual.com

7.03. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.


8. Data retention

We only hold onto your data for the purposes outlined in section 5.

8.01. Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Data be deleted.

8.02. Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.


9. Your rights

You own your data, which means you have tons of rights, including the right to view, correct, and erase it. Please direct all requests related to your data to dpo@tryhabitual.com.


9.01. You have the following rights in relation to your Data:

9.01.01. Right to access - the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is "manifestly unfounded or excessive." Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

9.01.02. Right to correct - the right to have your Data rectified if it is inaccurate or incomplete.

9.01.03. Right to erase - the right to request that we delete or remove your Data from our systems.

9.01.04. Right to restrict our use of your Data - the right to "block" us from using your Data or limit the way in which we can use it.

9.01.05. Right to data portability - the right to request that we move, copy or transfer your Data.

9.01.06. Right to object - the right to object to our use of your Data including where we use it for our legitimate interests.

9.02. To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), please contact us by emailing dpo@tryhabitual.com.

9.03. If you are not satisfied with the way a complaint you make in relation to your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner's Office (ICO). The ICO's contact details can be found on their website at https://ico.org.uk/.

9.04. It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.


10. Changes of business ownership and control

In the case that we sell all or part of the business, your data may be transferred to the new owner. 


10.01. We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Habitual Health Ltd. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

10.02. We may also disclose Data to a prospective purchaser of our business or any part of it.

10.03. In the above instances, we will take steps with the aim of ensuring your privacy is protected.


11. Cookies (yum)

Cookies are delicious, and also a nifty technical tool which allows us to improve your experience on our website. You can choose to opt in or out of cookie use.


11.01. This Website may place and access certain Cookies on your computer.  We use Cookies to improve your experience of using the Website. We have carefully chosen these Cookies and have taken steps to ensure that your privacy is protected and respected at all times.

11.02. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.

11.03. Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

11.04. This Website may place the following Cookies:

11.04.01. Strictly necessary Cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

11.04.02. Analytical/performance cookies: They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

11.05. You can find a list of Cookies that we use in the Cookies Schedule.

11.06. You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.

11.07. You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.

11.08. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

11.09. For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.


12. General

Some general terms of this policy. Nothing too exciting.


12.01. You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.

12.02. If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

12.03. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

12.04. This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.


13. Changes to this privacy policy

13.01. We reserve the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations. You may contact Habitual Health LTD by email at dpo@tryhabitual.com should you have any questions or concerns about this policy or changes to it.

Cookies schedule 

Below is a list of the cookies that we use. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know.



Cookie

Description

Duration

Type

_ga

This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.

2 years

Analytics

_gid

This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

1 day

Analytics

_gat_gtag_UA_148894388_1

Google uses this cookie to distinguish users.

1 minute

Analytics

__hstc

This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

1 year

Analytics

hubspotutk

This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

1 year

Analytics

__hssrc

This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.


Necessary

__hssc

This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.

30 minutes

Functional