Privacy Policy.

All personal data obtained and held by us must be processed in accordance with a set of core principles set out in legislation, as follows:

• processing must be fair, lawful and transparent;
• data must be collected for specific, explicit, and legitimate purposes;
• data collected must be adequate, relevant and limited to what is necessary for the purposes of processing;
• data must be kept accurate and up-to-date. Data which is found to be inaccurate will be rectified or erased without delay;
• data must not be kept for longer than is necessary for its given purpose; and
• data must be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures.

In providing you with our services, we may process your personal data. Personal data is information about you from which you can be identified, such as your name, date of birth and contact details. We also may process 'special category data' such as health data.

We take the security of your data very seriously. We will only use information collected lawfully in accordance with the General Data Protection Regulation (GDPR) 2018, Data Protection Act 2018 and Common Law Duty of Confidentiality. Our internal policies and controls are designed by default to ensure that your personal data is not accidentally destroyed, misused, disclosed or lost and is not accessed except by our employees or contractors in the performance of their duties.

Where we engage third parties to process personal data on our behalf, they do so under written instructions, a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We only keep your data for as long as is necessary and in accordance with legislation and medical and industry guidelines, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

All personal data obtained and held by us must be processed in accordance with a set of core principles set out in legislation, as follows:

• obtain confirmation as to whether your personal data is being processed and where that is the case, gain access to the personal data;
• require Jeevn to rectify incorrect or incomplete data;
• require Jeevn to erase or stop processing your data, for example where the data is no longer necessary for the purposes of processing; however please note that we are required by law to retain certain medical data
• object to the processing of your data where Jeevn is relying on its legitimate interests as the legal ground for processing.
• move, copy or transfer your personal data from one IT environment to another, securely and without affecting its usability.

If you would like to exercise any of these rights, please contact us at the address at the bottom of this document. We will ask you to provide documentation to confirm your identity or, if you are acting on behalf of another individual, we will ask you for proof of their consent or your legal right to receive their personal information.

If you believe that Jeevn has not complied with your rights and freedoms you can make a complaint. Please see the contact details in this document.

Should we need to change the way we collect, store or process your data we will contact you to let you know.

We have provided the rest of the information in a layered format to ensure it remains clear and concise.

Please see the sub-headings below and select the heading that best describes you:

When you use our website we may collect the following personal data:

• your name, email address and telephone number;
• the internet protocol (IP) address of the device you are using, the browser software you use, your operating system, the date and time of access and information on how you use our website;
• information you give to Jeevn when responding to online surveys for research purposes or via our contact form.

We may also collect technical data via Google Analytics, however these reports do not contain any personal data.

We may collect this information in a variety of ways. For example, we might collect data when:

• you email us or complete our contact us form;
• you fill in your details to register as a customer or book an appointment;
• you subscribe to email notifications and/or newsletters;
• you complete an online survey.

We may process your personal data for any of the following reasons:

• to enable us to contact you in response to a query or request for information;
• to register you for email notifications and/or newsletters that you have subscribed to;
• to book you onto an appointment/meeting;
• to collect your opinions as part of any research we may carry out;
• to send you further information regarding Jeevn services that may be relevant to you and your profile;
• to onboard you as a member of Jeevn.

We may process your data on the grounds of contractual or legitimate interests - if we need to respond to your enquiry or enter into a ‘contract’ of services with you. If you have subscribed to our email notifications or newsletter we are relying on your consent to process your personal data. You can withdraw this consent at any time.

Your data may be shared internally within Jeevn and our employees and contractors may view your data as part of their job role.

We share your data with laboratories and third party partners engaged by Jeevn to carry out aspects of our programme including testing. This is done in order to facilitate the delivery of our services.

We do not share your personal information with any third-party organisations to use for their own purposes, except:

• when we have your permission;
• to comply with a legal obligation or to perform a public task;
• if we are under a duty to disclose or share personal data in order to enforce or apply our terms of use (of our website or any part of it) or terms and conditions of supply of any relevant products or services and other agreements;
• to protect the rights, property, or safety of ourselves, our customers, or others;
• in order to detect, prevent and help with the prosecution of financial crime;
• if there are other exceptional circumstances, and we are unable, or it is not appropriate to seek your permission;
• to archive for statistical or research purposes or in the public interest;
• in the reason of public interest.

Here is a list of the third parties that we might store or share personal data about you.

Our website may from time to time include hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.

We cannot ensure the security of your data when it is being transmitted to our website or other digital sites from other pages. All transmission of personal information and other data is done at your own risk.

A cookie, also known as a browser cookie, is a text file containing small amounts of information which a server may download to your computer hard drive, tablet or mobile device when you visit a website or use an app.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Cookies may be either 'persistent' cookies or 'session' cookies. A persistent cookie will be stored on the web browser and will remain valid until its set expiry date, unless detected by the user before the expiry date. A session cookie, on the other hand, will expire at the end of the user session when the web browser is closed.

Cookies can be set and controlled by the operator of the website which the user is browsing (known as a 'first-party cookie') or a third party such as Facebook, for example to display advertisements and social sharing features (known as a 'third-party cookie').

The only cookies in use on our website are for Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so that they can improve it.

Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our website. We then use the information to compile reports to help us improve our website.

Cookies contain information that is transferred to your computer's hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the website before and what site referred the visitor to the web page.

Google Analytics collects information anonymously. It reports website trends without identifying individual visitors.

You can opt out of Google Analytics without affecting how you visit our website - for more information on opting out of being tracked by Google Analytics across all websites you use, visit the google page provided (https://tools.google.com/dlpage/gaoptout).

We may disclose data collected from third party cookies, such as visitor trends, to third parties, in an anonymous form, for research and statistical purposes, and to help us optimise our websites.

Details about you include:

• details such as name, address, next of kin and contact details;
• billing address if different;
• payment card/bank details;
• details of contact we have had with you during the booking process for appointments;
• details of services you have received;
• written summaries of calls we receive or make;
• email communications we receive or make;
• information about complaints and incidents;
• appointments, consultations, email;
• notes/reports about your health;
• details of investigations, such as laboratory tests, real-time health data, supplements, genetic tests.

Under the Regulations certain information such as health data is known as special category data as it is of a more sensitive nature, and the processing of such data requires us to provide you with details of our lawful bases under both Article 6 and Article 9 of the GDPR 2018, as supplemented by Schedule 1 Part 1 of the DPA 2018. Our lawful basis for processing health data is explicit consent from yourself during the onboarding process, and before any disclosure of this data.

We collect and hold information for the sole purposes of delivering and improving our services. These records can be in written and/or digital form.

We primarily use your information to enable us to provide you with our services. However, we may also use information to:

• process payments for services you receive;
• investigate queries and complaints;
• review the service we provide through audit;
• train and educate members of staff.

Details about you include:

• When you access or use the Services, we may automatically collect the following information:
• Device information: Device model, information about the operating system and its version, unique device identifiers, enabled device accessibility features (e.g., display features, hearing features, and physical and motor features), mobile operator and network information, device storage information, or version of your device system
• Location information: IP address, time zone, or information about your mobile service provider
• Data about your use of the Services, including, among others: frequency of use; areas and features of the Services that you access, visit, or use; payment information; or engagement with particular features
• Data from external sources: We may receive personal data about you from third parties. For example, we may obtain information from third parties to enhance or supplement your existing information, including to customize your experience and for statistical purposes and analytics.

With your consent, you may also allow us to connect to third-party services, such as Apple HealthKit and Google Health Connect, to enable us to import information about your health and activities into the App. This imported data may include fitness activities, weight, height, BMI, calories burned, heart rate, number of steps/distance traveled, and other activity data. We will process this data in order to provide you with App functionality and features. Importing this data is subject to the Google Health Connect and Apple HealthKit privacy policies and terms.

We collect and hold information for the sole purposes of delivering and improving our services. We do this under legitimate interest or explicit consent These records can be in written and/or digital form.

We primarily use your information to enable us to provide you with our services. However, we may also use information to:

• process payments for services you receive;
• investigate queries and complaints;
• review the service we provide through audit;
• train and educate members of staff.

We retain financial and personal data for up to 7 years, or unless prompted by you to adjust that length. Other data will normally only be retained for as long as it is required in order to provide you with our services. With all data we reserve the right to retain data if there is a legitimate legal reason beyond this time.

You have a right under the Regulations to request access to view or to obtain copies of the information we hold about you. You will need to provide adequate information (full name, address, date of birth, and details of your request) so that we can verify your identity and locate your record. We will respond to your request within 30 days unless your request is highly complex or you provide repeated requests, in which case we may take longer. We will not charge for access to your information unless the request is highly complex or you provide repeated requests.

It is important that you inform us if any of your details such as your name, address or contact information have changed or if any of your details are incorrect in order for this to be amended. You have the responsibility to inform us of any changes so our records are accurate and up to date for you.

If you provide us with your email address, we may use it to contact you about your appointments, parts of the Jeevn programme and also about billing and administrative matters. We may also email you a newsletter and any changes to our services.

We will never use your email for marketing purposes or share your email with third parties. Please let us know if you do not wish to receive email correspondence from us.

If you have concerns or questions about any of our services, or to pass on compliments please contact info@jeevn.com or speak to us directly.