Privacy Policy

TABLE OF CONTENTS:

 

    1. GENERAL PROVISIONS
    2. BASES OF THE DATA PROCESSING
    3. PURPOSE, BASIS, PERIOD AND SCOPE OF PROCESSING OF DATA IN THE INTERNET -BASED SERVICE/ ON THE WEB SITE
    4. THE RECEIVERS OF DATA IN THE INTERNET-BASED SERVICE/ WEB SITE
    5. PROFILING IN THE INTERNET-BASED SERVICE/ WEB SITE
    6. THE LEGAL PERSON TO WHOM THE DATA IS RELATED
    7. COOKIES IN THE INTERNET BASED SERVICE/ WEB SITE, OPERATING DATA AND ANALYTICS
    8. FINAL PROVISIONS.

 

 

 

1) GENERAL PROVISIONS

      1. This privacy policy contains first of all the principles related to the processing of personal data by the Administrator in the Internet Service/ on the Web Site, including the bases, purposes and the scope of personal data processing as well as the rights of the persons to whom they are related and also information related to the use of cookie files in the Internet Service/ on the Web Site and of analytical tools.
      2. The administrator of the personal data, which is collected via the Internet-based Service/ Web Site is the company BC DIETS UK LIMITED which is franchise partner of Body Chief Poland, registered in England under number 10722747, having the following registered address and address for service: Unit 40 Lythalls Lane, Coventry CV6 6FL or by the e-mail addresses and contact telephone numbers are indicated on the Web Site in the bookmark/ tab, Contact” – hereinafter referred to as , the Administrator” and being at the same time the Service provider of the Web Site and the Seller.
      3. The personal data in the Internet-based Service/ on the Web Site are processed by the Administrator in accordance with the provisions of law being in force, in particular in accordance with the Data Protection Act 2018 and to the extent applicable Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or General Data Protection Regulation”. The official text of the General Data Protection Regulation https://eur-lex.europa.eu/legal-content/uk/TXT/?uri=CELEX%3A32016R0679
      4. Contact details for data inspector chosen by administor are: Data Officer, Unit 40, Lythalls Lane Industrial Estate, CV6 6FL, Coventry, United Kingdom and email: dataofficer@bcdiets.uk
      5. The use of the Internet-based Service/ Web Site, including the conclusion of contracts is voluntary. Similarly the provision of personal data, which is connected with it, by the Recipient of Services who uses the Internet-based Service/ Web Site is voluntary subject to two exceptions: (1) conclusion of the contracts with the Administrator - the non-provision in the cases and within the scope indicated on the site of the Internet-based Service and in the Regulations of the Internet-based Service/ Web Site and in the present privacy policy, of personal data being necessary for the conclusion and for the execution of the contract for the provision of the Service or of the Electronic Service with the Administrator results in the inability to perform the said contract. The provision of personal data is in such a case a contractual requirement and if the person to whom the data is related, wants to conclude the given contract with the Administrator, this person is obligated to provide the required data. Each time the scope of data being required for the conclusion of the contract is indicated previously on the page of the Internet-based Service/ Web Site and in the Regulations of the Internet-based Service/ Web Site; (2) the statutory obligations of the Administrator - the provision of personal data is a statutory requirement resulting from the provisions of law being generally in force, which impose the obligation on the Administrator to process the personal data (for example the processing of data in order to keep accounting records) and its non-provision will make it impossible for the Administrator to fulfil the said obligations.
      6. The Administrator takes the utmost care in order to protect the interests of the persons whose personal data is being processed by the Administrator and in particular the Administrator is responsible for and ensures that the data collected by the Administrator, is: (1) processed in accordance with law; (2) collected for designated purposes, which are compliant with law, is not subjected to further processing not being compliant with the said purposes; (3) is correct from the point of view of the substance and are adequate for the purposes for which it is being processed; (4) is kept in a form allowing the identification of persons to whom it is related, not longer that is necessary for the achievement of the goal of the processing and (5) is processed in a manner which assures the appropriate security of the personal data, including the protection against non-permitted processing or processing which is not compliant with law or against accidental loss, destruction or damage, with use of appropriate technical or organisational means.
      7. While taking into account the nature, the scope, the context and the purposes/ goals of processing as well as the risk of infringement of the rights or of freedoms of natural persons with different probability and importance of the threat, the Administrator implements appropriate technical and organisational means in order that the processing takes place in accordance with the present regulation and in order to be able to demonstrate it. These means are subjected to review and to updates if the need arises. The Administrator uses technical means, which prevent the acquisition and modification of personal data, which are sent electronically, by unauthorised persons.
      8. Any words, expressions and acronyms, which appear in the present privacy policy and which begin with a capital letter (for example Service provider, Internet-based Service/ Web Site, Electronic Service) have to be understood in accordance with their definition which is contained in the Regulations of the Internet-based Service/ Web Site, which are available on the pages of the Internet-based Service/ Web Side.

 

 

 

2) BASES OF THE DATA PROCESSING

      1. The Administrator is authorised to process the personal data in the cases in which - and within such a scope - at least one of the following conditions is met: (1) the person to whom the data is related, has expressed consent to the processing of his/ her personal data for one or more purposes of ; (2) the processing is necessary for the execution of the contract to which such a person to whom the data is related is a party or for the taking of actions at the demand of the person to whom the data is related, before the conclusion of the contract; (3) the processing is necessary for the fulfilment of the legal obligation incumbent on the Administrator; or (4) the processing is necessary for the purposes resulting from legally justified interests being realised by the Administrator or by a third party, with exception of such a situation, in which the interests or the basic rights and freedoms of the person to whom the data is related have a superior nature in relation to these interests and they require the protection of personal data, in particular when the person to whom the data is related, is a child.
      2. The processing of personal data by the Administrator requires each time the existence of one of the bases indicated in point 2.1 of the privacy policy. The concrete bases of the processing of personal data of the recipients of the services of the Internet-based Service/ Web Site by the Administrator are indicated in the next successive point of the privacy policy - in relation to a given purpose of the processing of data by the Administrator.

 

 

 

3) PURPOSE, BASIS, PERIOD AND SCOPE OF PROCESSING OF DATA IN THE INTERNET -BASED SERVICE/ ON THE WEB SITE

      1. Each time the purpose, the basis, the period and the scope and the recipients of personal data being processed by the Administrator result from the actions being taken by a given Recipient of services or by the Client in the Internet-based Service/ Web Site. To give an example, if the Client decides to make purchases in the Internet-based Service/ on the Web Site and if the Client chooses the personal collection of the purchased Service instead of the delivery of the parcel by a courier, his/ her personal data will be processed in order to execute the concluded contract, but they will not be made available to the carrier at the request of the Administrator.
      2. The Administrator may process the personal data in the Internet-based Service/ on the Web Site for the following purposes, on the following bases, in the following periods and within the following scope:

 

Purpose of the data processing The legal basis of the processing and the period of the storage of data The scope of the processed data

The execution of the contract for the provision of the Service or of the Electronic Service or the taking of actions at the demand of the person to whom the data is related, before the conclusion of the above-mentioned contracts

Article 6 paragraph 1 letter b) of the General Data Protection Regulation (execution of the contract) and article 9 paragraph 2 letter a) of the General Data Protection Regulation (consent - it is related to the processing of the data related to health)

The data is stored during a period necessary for the execution, for the dissolution or for the expiry in another way of the concluded contract

The maximum scope: first name and surname, e-mail address, contact telephone number, password and the data related to the provision of possible Services: address of the Service (street, number of the house/ flat, postcode, locality: town/ village), address of the deliveries on the weekend/ on public holidays, code to the entrance phone and in case of Clients who have provided these data - the data related to health (i.e. the information on health troubles, including alimentary allergies and other diseases which require the elimination or limitation of consumption of specific products).

In case of Recipients of services or of Clients who are not consumers, the Administrator may process in addition the business name of the company, the address of the conduct of the business/ of the registered office and the tax identification number (NIP) of the Recipient of the service or of the Client.

The indicated scope is the maximum scope.

Direct marketing

Article 6 paragraph 1 letter a) of the General Data Protection Regulation (consent)

The data is stored until the moment of the withdrawal of the consent by the person to whom the data is related, to the further processing of his/ her data for this purpose.

The maximum scope: first name and surname, address (street, number of the house/ flat, postcode, locality: town/ village), e-mail address, contact telephone number and the history of the purchases made in the Internet-based Service/ on the Web Site so far.

Marketing of the services and products of the Administrator

Article 6 paragraph 1 letter a) of the General Data Protection Regulation (consent)

The data is stored until the moment of the withdrawal of the consent by the person to whom the data is related, to the further processing of his/ her data for this purpose.

The maximum scope: first name and surname, address (street, number of the house/ flat, postcode, locality: town/ village), e-mail address, contact telephone number and the history of the purchases made in the Internet-based Service/ on the Web Site so far.

Marketing of the services and products of the partners of the Administrator

Article 6 paragraph 1 letter a) of the General Data Protection Regulation (consent)

The data is stored until the moment of the withdrawal of the consent by the person to whom the data is related, to the further processing of his/ her data for this purpose.

The maximum scope: first name and surname, address (street, number of the house/ flat, postcode, locality: town/ village), e-mail address, contact telephone number and the history of the purchases made in the Internet-based Service/ on the Web Site so far.

Keeping of the accounting books

Article 6 paragraph 1 letter c) of the General Data Protection Regulation

The data is stored during the period required by the provisions of law, which impose (the obligation) on the Administrator to keep accounting records.

The first name and the surname, the address of the residence/ of the conduct of business/ of the registered office (if it is different than the address of the delivery), business name of the company and the tax identification number (NIP) of the Recipient of the service or of the Client, number of the banking account (it is related to the situation when goods are returned).

The establishment, enforcement and defence of claims, which may be filed by the Administrator or against the Administrator

Article 6 paragraph 1 letter f) of the General Data Protection Regulation

The data is kept during the period of the existence of the legally justified interest being realised by the Administrator, not longer, however, than during the prescription of claims in relation to the person to whom the data is related, on account of the business activity conducted by the Administrator. (The basic term of prescription is 6 years in England and Wales and 5 years in Scotland).

The maximum scope: first name and the surname, e-mail address, contact telephone number, password and the data related to the provision of possible Services: address of the Service (street, number of the house/ flat, postcode, locality: town/ village), address of the deliveries on the weekend/ on public holidays, and in case of Clients who have provided these data - the data related to health (i.e. The information in health troubles, including alimentary allergies and other diseases which require the elimination or limitation of consumption of specific products), number of the banking account.

In case of Recipients of services or of Clients who are not consumers, the Administrator may process in addition the business name of the company, the address of the conduct of the business/ of the registered office and the tax identification number (NIP) of the Recipient of the service or of the Client.

The indicated scope is the maximum scope.

 

 

 

4) THE RECEIVERS OF DATA IN THE INTERNET-BASED SERVICE/ WEB SITE

      1. For the correct operation of the Internet-based Service/ Web Site, including the realisation/ execution of the contracts for the provision of services being concluded, it is necessary that the Administrator uses the services of external entities (such as for example the provider of software, the IT company or the entity, which services the electronic payments and the payments made with a pay card). The Administrator uses exclusively the services of such processing entities, which provide sufficient guarantees of the implementation of appropriate technical and organisational means so as the processing meets the requirements of the General Data Protection Regulation and so as that it protects the rights of the persons to whom the data are related. The personal data is not transferred outside the Euroean Union.
      2. The transmission of data by the Administrator does not take place in each case and it is not made to all the recipients or categories of recipients who are designated in the privacy policy - the Administrator transmits the data exclusively when it is indispensable for the realisation of a given purpose of processing of personal data and only within the scope being indispensable for its realisation/ execution.
      3. The personal data of the Recipients of services and of Clients of the Internet-based Service/ Web Site may be transmitted to the following recipients or categories of recipients:
        1. Carriers/ forwarders/ courier brokers - in case of a Client who uses, in the Internet-based Service/ on the Web Site, the mode of shipment being the delivery of a parcel by a courier, the Administrator makes the collected personal data of the Client available to the selected carrier, forwarder or intermediary who executes the delivery services at the request of the Administrator within the scope being indispensable for the realisation of the delivery of the Service to the Client.
        2. Providers of dietetic services - in case of the Client who has indicated data related to health (i.e. Information on health troubles, including alimentary allergies and other diseases, which require the elimination or limitation of the consumption of specific products), the Administrator may use the dietetic services within the scope being indispensable for the realisation/ execution of the Service.
        3. The providers of marketing services - marketing agencies, which assure support for the Administrator in the field of marketing actions.
        4. Providers of services who provide the Administrator with technical solutions, with IT solutions and with organisational solutions, which make it possible for the Administrator to conduct business activities, including the Internet-based Service/ Web Site and the Electronic Services provided through it (in particular providers of computer software for the operation of the Internet-based Service/ Web Site/IT companies and providers of e-mail and of hosting as well as providers of software for the management of the company, of the marketing actions, of the sending of the Newsletter and for the provision of technical assistance to the Administrator) - the Administrator makes the collected personal data of the Client or of the Recipient of the services available to the provider who acts at his request only in case and within the scope being indispensable for the realisation of a given purpose of the processing of data being compliant with the present privacy policy.
        5. The provider of accounting services, of legal services, of advisory/ consulting services and of translation services who assures the accounting support, the legal support, the consulting support or the linguistic support for the Administrator (in particular the accounting firm, the law office, the inspector responsible for the protection of data, the debt collection company or the translation agency) - the Administrator makes the collected personal data of the Client available to the provider who acts at his request only in case and within the scope being indispensable for the realisation of the given purpose of the processing of data being compliant with the present privacy policy.

 

 

 

5) PROFILING IN THE INTERNET-BASED SERVICE/ WEB SITE

      1. The General Data Protection Regulation imposes the obligation on the Administrator to inform about the automated decision making, including the profiling, which is mentioned in article 22 paragraphs 1 and 4 of the General Data Protection Regulation as well as - at least in these cases - (to provide) relevant/ important information about the principles of their making and also about the meaning/ importance and forecast consequences of such processing for the person to whom the data is related. While bearing it in mind, the Administrator indicates in this point of the privacy policy the pieces of information being related to possible profiling.
      2. The Administrator may use in the Internet-based Service/ on the Web Site profiling for the purposes of direct marketing and after the expression of the prior consents - for the purpose of the marketing of the services and products of the Administrator as well as for the purpose of the marketing of the service and of the products of the partners of the Administrator, but the decisions, which are made on the basis of profiling by the Administrator, are not related to the conclusion or to the refusal to conclude a contract for the provision of the Service, to the possibility of using Electronic Services in the Internet-based Service/ on the Web Site or to the conclusion or to the refusal to conclude any other contract. The effect of the use of profiling in the Internet-based Service/ Web Site may be for example the granting of a discount to a given person, the sending of a discount code to this person, the reminding of unfinished purchases, the sending of a proposal of a Service, which may correspond to the interests or to the preferences of a given person, the proposal of better conditions in comparison with the standard offer, the giving of a present in connection with the celebrated occasion (for example birthday or Public Holidays) or of a prize for loyal purchases. Despite the profiling the given person makes his/ her decisions freely on whether he/ she will want to benefit from the discount offered in this way, from the present, from the prize, or from better conditions and on whether to make the purchase in the Internet-based Service/ on the Web Site or use the services or products of the partner of the Administrator.
      3. The profiling in the Internet-based Service/ on the Web Site consists in an automatic analysis or forecast of the behaviour of the given person on the Web Site of the Internet-based Service, for example by adding a specific Service into the basket, in viewing a specific page of the Web Site or also by means of the analysis of the history of the purchases made so far on the Web Site. The purpose of profiling is the provision of the most satisfying service to the Client, which corresponds in a precise way to his/ her individual needs and expectations. The condition of such profiling is the possession of personal data of the given person by the Administrator in order to be able to send a discount code to this person subsequently.
      4. The person to whom the data is related, has the right to not to be subjected to a decision which is based exclusively on the automated processing, including the profiling, and which results in legal consequences towards such a person or which has an important impact in a similar way on such a person.

 

 

 

6) THE LEGAL PERSON TO WHOM THE DATA IS RELATED

      1. The right to access, to rectify, to limit, to remove or to transfer - the person to whom the data is related, has the right to demand the administrator gives access to his/ her personal data, to rectify it, to remove it (“the right to be forgotten”) or to limit the processing and he/ she has the right to submit an objection to the processing and also, he/ she has the right to transfer his/ her data. The detailed conditions of the exercising of the rights mentioned above, are indicated in articles from 15 to 21 of the General Data Protection Regulation.
      2. The right to withdraw consent at any time – the person whose data is being processed by the Administrator on the basis of the expressed consent (on the basis of article 6 paragraph 1 letter a) or of article 9 paragraph 2 letter a) of the General Data Protection Regulation has the right to withdraw the consent at any time without impact on the compliance of the processing with law which was made on the basis of such a consent before its withdrawal.
      3. The right to submit a complaint to the supervisory body – the person whose data is being processed by the Administrator, has the right to submit a complaint to the supervisory body in the manner and according to the procedure defined in the provisions of the General Data Protection Regulation and of the Data Protection Act 2018. The Supervisory Body in the UK is the Information Commissioner's Office.
      4. The right to object - the person to whom the data is related, has the right at any time to make an objection - due to reasons connected with his/ her specific situation - against the processing of the personal data related to him / her based on article 6 paragraph 1 letter e) (public interest or tasks) or f) (legally justified interest of the administrator), including the profiling on the basis of these provisions. In such a case the Administrator has not to process these personal data unless the Administrator demonstrates the existence of important legally justified bases for processing, which are superior to the interests, rights and freedoms of the person to whom the data is related or of bases of the establishment, enforcement or defence of claims.
      5. Right to object against direct marketing - if the personal data is processed for the needs of direct marketing, the person to whom the data is related, has the right at any time to make an objection against the processing of the personal data related to him/ her for the needs of such marketing, including profiling, within the scope, in which such processing in connected with such direct marketing.
      6. In order to realise the rights, which are mentioned in the present point of the privacy policy, one may contact the Administrator by means of sending an appropriate message in writing or by e-mail to the address of the Administrator or of the inspector (dataofficer@bcdiets.uk) responsible for the protection of data of the Administrator, which is indicated at the beginning of the privacy policy or by using the contact form, which is available on the page of the Internet-based Service/ Web Site. In case of the withdrawal of the voluntary consent the person who gave the consent, may withdraw this consent at any time also by means of the authorisation of the withdrawal of the consent by using the link intended for the removal, which has been sent to the e-mail address allocated to the Account of the Recipient of the Services or of the Order placed in the capacity of “Guest”. The withdrawal of a compulsory consent (connected with the processing of data related to health) is connected with the necessity to cease to use the services of the Service provider on the principles indicated in the Regulations.

 

7) COOKIES IN THE INTERNET BASED SERVICE/ WEB SITE, OPERATING DATA AND ANALYTICS

      1. The Cookie files (cookies) are small textual pieces of information in the form of text files, sent by the server and recorded at the device of the person who visits the page of the Internet-based Service/ Web Site (for example on the hard disk of a computer, of a laptop or on the memory card of a smart phone - depending on what device is used by the person who visits our Internet-based Service/ Web Site). The detailed information related to Cookies and also the history of their creation may be found among others here: https://en.wikipedia.org/wiki/Cookie
      2. The Administrator may process the data contained in the Cookie files during the use of the page of the Internet-based Service/ Web Site by the visitors for the following purposes:
        1. Realisation of the basic functionalities of the Internet-based Service/ Web Site such as the identification of Recipients of services as logged in users and the keeping of the login session, the storage of dynamic data, for example statistics, summaries;
        2. Adjustment of the content of the Internet-based Service/ Web Site to the individual preferences of the Recipient of services (for example related to the language);
        3. Memorization of IP locations, of the time zone;
        4. Keeping of anonymous statistics, which present the manner of using the Internet-based Service/ Web Site;
        5. Memorization of ordered Services in the basket, recommendation of Services being connected with the ordered Services and also the correct operation of the Shop;
        6. Personalization and publication of advertising contents placed in the Internet-based Service/ Web Site which are compliant with the interests of the Recipients of services.
        7. Re-marketing, i.e. advertising action, in which after the creation of appropriate re-marketing lists on the basis of selected features of behaviours (by means of Google Analytics) banner advertisements are sent, which appear to the users during their visits to various Web Sites in the advertising network of Google.
      3. On a standard basis the majority of Web Browsers being available on the market accept by default the recording of Cookie files. Everybody has the possibility of defining the conditions of the use of the Cookie files by means of the settings of his/ her own Web Browser. This means that one may for example limit partially (for example temporarily) or completely switch off the possibility of recording the Cookie files - in the latter case, this may have, however, an impact on some functionalities of the Internet-based Service/ Web Site (accidentally it might turn out to be impossible to go along the path of the order via the order form due to the lack of memorization of the Services in the basket during the successive steps of the placement of the Order).
      4. The settings of the Web Browser, which are related to the Cookie files, are important from the point of view of the consent to the use of the Cookie files by our Internet-based Service/ Web Site - in accordance with the provisions such a consent may be also expressed by means of the settings of the Web Browser. In case of lack of the expression of such a consent one has to change the settings of the Web Browser in an appropriate way with respect to the Cookie files.
      5. The detailed information on the change of the settings related to the Cookie files and on their elimination by oneself in the most popular Web Browsers are available in the Technical Support Department of the given Web Browser and on the following Web Sites (one has just to click on the appropriate link):

In the Chrome Browser

 

In the Firefox Browser

 

In the Internet Explorer Browser

 

In the Opera Browser

 

In the Safari Browser

 

In the Microsoft Edge Browser

 

      1. In the Internet-based Service/ on the Web Site the Administrator may use the services of Google Analytics, of Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator to analyse the traffic in the Internet-based Service/ on the Web Site. The gathered data is processed in the framework of the above-mentioned services in an anonymous way (these are the so-called operating data, which make the identification of the person impossible) in order to generate statistics, which help in the administration of the Internet-based Service/ Web Site. Such data has a collective and anonymous nature, i.e. it does not contain identification features (personal data) of the person, who visits the page of the Internet-based Service/ the Web Site. While using the above-mentioned services in the Internet-based Service/ on the Web Site, the Administrator gathers such data as the sources and the medium of the acquisition of the visitors of the Internet-based Service/ Web Site and the manner in which they behave in the Internet-based Service/ on the Web Site, the information on the devices and browsers from which they visit the site, the IP and the domain, the geographic data as well as the demographic data (age, sex) and interests.
      2. It is possible for a given person to block easily the information about his/ her activities on a page of the Internet-based Service/ Web Site for Google Analytics - for this purpose one may install a supplement to the browser, which is being made available by Google Inc. by clicking here: https://tools.google.com/dlpage/gaoptout?hl=en.
      3. In the Internet-based Service/ on the Web Site the Administrator may use the Pixel service of Facebook, which is provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator to measure the efficiency of advertisements and to learn which actions are taken by the visitors of the Internet-based Service/ Web Site and also to display advertisements, which are specially adjusted to these persons. The creation of re-marketing lists, of cookie files gathered by Pixel takes place on the Facebook panel. The detailed information about the operation of Pixel of Facebook may be found under the following Internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
      4. The management of the operation of Pixel of Facebook is possible by means of the settings of advertisements in one's account on the portal Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen%20.

 

 

 

8) FINAL PROVISIONS

      1. The Internet-based Service/ Web Site may contain links to other Web Sites. The Administrator encourages that after the passage to other Web Sites, one should get acquainted with the privacy policy defined there. The present privacy policy is related only to the Internet-based Service/ Web Site of the Administrator.