Privacy and Cookie Notice

What is Personal and Sensitive Data?

Personal data means any information that may be used to identify you on its own or, when combined with other information, will enable identification. Sensitive data may include data revealing racial or ethnic origin, or data concerning your health.

We may collect, use, store and transfer different kinds of personal and sensitive data about you including the following:

• Identity Data including first name, last name, username or similar identifier, date of birth and gender.
• Contact Data including your address, phone number and email address.
• Health Data including any information about your physical or mental health from how you shop with us or use our services.
• Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, apps, and services.
• Profile Data including your username and password.
• Usage Data including information about how you use our website, apps, and services.

Security – Keeping your Data Safe

Data security is never taken for granted and H&B invest significantly in security to constantly update our systems and procedures. Our security team works with a dedicated independent Data Protection Officer to ensure your personal data remains a top priority.
If you want more details about what we do to keep your data secure, please contact the GDPR team on GDPR@hollandandbarrett.com

Sharing Data within the Group

The H&B group comprises a number of separate legal entities. We will responsibly share data between the group where the reason for doing so is defined and aligned to the original purpose for which we collected your data, and for their digital services and for analysis purposes.

Data retention – How Long do you Keep my Data?

Your personal information will only be retained for as long as necessary to fulfil the purposes for which it was collected, including for purposes of satisfying any legal, accounting, or reporting requirements. Sometimes we might have a Legitimate Interest to hold your data for longer than normal, such as in the case of a dispute or where it is necessary to retain account and order information for any periods required by law (including local tax requirements).

To determine the appropriate retention period for personal data, we follow the guidelines where they are available, including from the supervisory authorities in the relevant country. We take into consideration additional factors such as legal requirements, exceptions, and the potential risk of retaining your personal data.

Anonymous data is not personal data. Our anonymisation process follows guidance and best practice methods to ensure that the data is truly anonymous.

We are Holland & Barrett International Limited (company registration number 04515115). Our address is Samuel Ryder House, Barling Way, Eliot Park, Nuneaton, Warwickshire, CV10 7RH

Our Group Companies include:

• Holland & Barrett Limited (Republic of Ireland)
• Holland & Barrett Retail Limited
• Holland & Barrett BV
• Holland & Barrett NV
• Blow Limited (trading as Blow)
• Adia Health Limited (trading as Parla)

We have websites that trade under a brand but are ‘Powered by Holland & Barrett’. If you are uncertain if a website is a genuine Holland & Barrett brand, contact gdpr@hollandandbarrett.com with the name of the website in question and we will confirm its authenticity.

We are registered with the Information Commissioner’s Office in the United Kingdom (the UK supervisory authority for data protection issues. Our registration number is Z5145046.

We have appointed a GDPR team. Please contact the GDPR team using the details set out below. Our GDPR team will be happy to help with any questions that you may have.

You have several rights in relation to your personal and sensitive data as provided by the UKGDPR, the Data Protection Act 2018 and the General Data Protection Regulation 2016 (GDPR).

• The right to be informed: This relates to what information we are required to provide you about data processing. This Privacy Notice provides this information.
• The right of access: You have the right to access personal and sensitive information that we hold about you.  This is known as a Subject Access Request. You can make your request with us on our website using this link. Subject Access Request
• The right to rectification: You have the right to obtain from us, without undue delay, the rectification of inaccurate or incomplete personal data that we hold concerning you.
• The right to erasure: You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. We have the right to refuse to comply with a request for erasure and if this applies, we will tell you the reason why. You can make this request on our website using this link. Erasure Request
• The right to restrict processing: Subject to exemptions, you shall have the right to restrict processing in various areas.
• The right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.
• The right to Object: You have the right to object to processing on grounds relating to your personal circumstances. In such cases we will stop processing unless we can demonstrate (a) compelling legitimate grounds which override your interests, rights, and freedoms and (b) the processing is for the establishment, exercise, or defence of legal claims. This right extends to processing for the purposes of direct marketing (including profiling) which must be stopped outright.
• The right to Withdraw your Consent for Data Processing
• The right to make a complaint: You can make a complaint at any time to the supervising authorities below. We would, however, appreciate the opportunity to deal with your concerns directly before you approach them, so please contact us in the first instance.

We have several stores, online shopping websites and apps which you may use to buy products or services from us, or simply browse for information.

When you purchase from us, we need to collect information about you to process the order. We may also use that information to learn more about your browsing and buying habits so that we create tailored products and services we think you’ll be interested in.

We want to make this as clear as possible, so we’ve made a brief list below that summarises the personal data we collect. We also set out the "legal basis for processing", i.e., to tell you on what grounds we are allowed to use your information. The legal basis for each purpose is that (a) we have your consent for the use of your personal information, or (b) that we need to use your personal information to perform a contract with you, or (c) that the use of your personal information is necessary for our legitimate interests (in which case we will explain what those interests are).

Holland & Barrett are working with a supply chain mapping tool which tracks our products right down to farm level to ensure we have visibility and traceability within our supply chains.

When you visit our website or apps, we’ll ask you what data we can collect about you. We use five principal types of cookies:

Strictly Necessary

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.

Functional

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all these services may not function properly.

Targeting

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside the EEA.Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
For further details, see European Commission: Adequacy of the protection of personal information in non-EU countries.

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe.
For further details, see European Commission: Model contracts for the transfer of personal information to third countries.

Where we use processors in countries outside of the UK and EEA, we first see if they have a adequacy decision from the EC, which means data subjects whose data are processed in those countries enjoy the same level of protection as in the EU. If no adequacy decision exists, we ensure those same levels of protection are in place through legal transfer mechanisms such as Standard Contractual Clauses or the UK’s International Data Transfer Agreement (IDTA).

Please contact gdpr@hollandandbarrett.com if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.

Blow Limited is a group company of H&B. Blow is a business delivering beauty service in store and at home. We need to collect information about you in order to provide the service, and with your consent, to provide marketing to you about other H&B services, and let you know about other Blow services which you might be interested in.

When you visit the Blow website or Blow App, we’ll ask you what we data we can collect about you. We collect use five principal types of cookies.

Strictly Necessary
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.

Functional

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all these services may not function properly.

Targeting

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

When You Use the Blow Service

We collect data about you so that we can provide the service. The data processing in the tables below relates to the use of the Blow website or the mobile app “Blow”

Data We May Process When You Use this Service

How Long we Hold Your Data

Our services online and through mobile apps empower you to better understand your health and wellness. Using technology, subject matter experts and helpful tips and recommendations, the app works to help you manage selected health related issues.

To work effectively, the service needs to collect a wide range of health data about you. We use this data to create remediation plans and potentially, in the future, predict outcomes so you can proactively manage your health.

The only purpose we have in collecting and processing your personal data is to provide this service to you. Your data is never sold or shared with third parties that are not participating in the delivery of the service.

If you book a blood test through us we will share personal information, limited to only that which is strictly necessary, with the third party qualified nurses who collect the blood samples on our behalf.

Where we partner with another company, such as a laboratory for testing samples, the partner may have legal or regulatory reasons to be an Independent Controller of some elements of your data and may necessarily have different retention periods for personal data.

To use The Service, you must have an account, which you can create inside the app. When you do this, we’ll ask you to give us consent so we can use your personal data for one or more specific purposes. Consent is always optional, but if you don’t want to give us consent for us to collect your personal health data, you shouldn’t use the service.

Withdrawing Consent

If you decide you want to withdraw your consent from the service, you can do this easily through the settings menu in the App. Withdrawing consent will result in the erasure of any data we hold about you, which we are not legally obliged to retain. If the option in our app exists to delete your data, this is also considered equivalent to withdrawing consent.

Where you receive emails about the service, they will have instructions on how to unsubscribe or withdraw consent.

Sharing Data to Deliver the Service

To deliver the service, we rely on partners that are experts in their field, such as phlebotomy (blood testing). When we enter into agreements with those partners, we put technical and organisational measures in place that ensure they only have the minimum data necessary to fulfil their purpose, and that the data is processed securely and in line their obligations under the agreement.
We share some data with partners that may operate under a legal requirement to process and retain personal data, and in those cases, they will be an Independent Controller, along with Holland & Barrett.

Data We May Process When You Use this Service

How Long we Hold Your Data

Health Data is a ‘Special Category’ under the GDPR, meaning that we must consider carefully how we capture and use this data. Here’s what we do in a nutshell.

1. We ask for your ‘Explicit Consent’. This means the requests collecting health data look different than other requests for consent. We want it to be clear when we are asking for any sensitive data and be sure to explain how we use it, and why we need it.
2. Any partners we use in processing health data must pass our internal comprehensive security and compliance tests. We only share your data with leading companies in their field, and only when we are satisfied that they meet our standards.
3. We commit to you that your data is never sold on, rented out, or shared with third parties for financial advantage. We respect that you’ve trusted us to do the right thing, so we’re committed to earning and retaining that trust.

A cookie is a small piece of data (text file) that a website, when visited by a user asks your browser to store on your device in order to remember information about you. This information is then sent back to us on each subsequent visit (“first party cookies”), or to another website that recognises that cookie (“third party cookies”). Cookies are useful because they allow a website to recognise a user's device.

Cookies are also essential to the functioning of certain parts of the site and we use them to collect information about how the site is used, such as how many people visit and return and what products are being viewed. We also use ‘Pixels’, or ‘Transparent GIF files’, to help manage our online advertising. This in turn helps us learn which advertisements are most effective at bringing users to our website.

There are two types of cookies that can be used:

Persistent cookies - these cookies remain on a user's device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.

Session cookies - these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

You can find more information about cookies at aboutcookies.org and ICO.org

A list of all the cookies used on the website by category is set out here:

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, accessing secure areas of the website, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work for example such as shopping baskets or e-billing. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Functional Cookies

These cookies enable the website to provide enhanced functionality and personalisation by remembering your choices to improve your experience. This can include remembering your user name, language, region you are in, text size, fonts and other parts of web pages that you can customise. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social Media Cookies

These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

Behavioural advertising enables retailers to display adverts to you on the web based on the products and retailers that you have previously visited. A guide to behavioural advertising and online privacy has been produced by the internet advertising industry which can be found at www.youronlinechoices.eu. The guide contains an explanation of the self-regulatory scheme to allow you greater control of the advertising you see.

You agree that we may also use technologies, such as our own cookies, to provide you with relevant online display advertising tailored to your interests.

Because we respect your right to privacy, you can choose not to allow some types of cookies. You can manage your cookie settings here: Cookie Settings.

However, cookies are essential to allow you to take advantage of some of the website's features, so we recommend that you leave them turned on. For example, if you block or otherwise reject cookies you will not be able to add items to your Shopping Basket or sign into your account.

You can find more information about this topic at ICO.org or PDPC.gov

As is true of most web sites, we and our third-party tracking-utility partner gather certain information automatically and store it in log files.  This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

You agree that we may use this information to analyse trends, to administer the website, to track users’ movements around the website and to gather demographic information about our user base as a whole.

If you have any queries, please contact us at customerservices@hollandandbarrett.com or writing to us at Holland & Barrett Limited and/or our affiliates in the U.K. and in other countries. Our company registered address is Samuel Ryder House, Barling Way, Eliot Park, Nuneaton, Warwickshire, CV10 7RH