20% off €45
What is Personal and Sensitive Data?
Personal data means any information that may be used to identify you on its own or, when combined with other information, will enable identification. Sensitive data may include data revealing racial or ethnic origin, or data concerning your health.
We may collect, use, store and transfer different kinds of personal and sensitive data about you including the following:
Security – Keeping your Data Safe
Data security is never taken for granted and H&B invest significantly in security to constantly update our systems and procedures. Our security team works with a dedicated independent Data Protection Officer to ensure your personal data remains a top priority.
If you want more details about what we do to keep your data secure, please contact the GDPR team on GDPR@hollandandbarrett.com
Sharing Data within the Group
The H&B group comprises a number of separate legal entities. We will responsibly share data between the group where the reason for doing so is defined and aligned to the original purpose for which we collected your data, and for their digital services and for analysis purposes.
Data retention – How Long do you Keep my Data?
Your personal information will only be retained for as long as necessary to fulfil the purposes for which it was collected, including for purposes of satisfying any legal, accounting, or reporting requirements. Sometimes we might have a Legitimate Interest to hold your data for longer than normal, such as in the case of a dispute or where it is necessary to retain account and order information for any periods required by law (including local tax requirements).
To determine the appropriate retention period for personal data, we follow the guidelines where they are available, including from the supervisory authorities in the relevant country. We take into consideration additional factors such as legal requirements, exceptions, and the potential risk of retaining your personal data.
Anonymous data is not personal data. Our anonymisation process follows guidance and best practice methods to ensure that the data is truly anonymous.
We are Holland & Barrett International Limited (company registration number 04515115). Our address is Samuel Ryder House, Barling Way, Eliot Park, Nuneaton, Warwickshire, CV10 7RH
Our Group Companies include:
We have websites that trade under a brand but are ‘Powered by Holland & Barrett’. If you are uncertain if a website is a genuine Holland & Barrett brand, contact gdpr@hollandandbarrett.com with the name of the website in question and we will confirm its authenticity.
We are registered with the Information Commissioner’s Office in the United Kingdom (the UK supervisory authority for data protection issues. Our registration number is Z5145046.
We have appointed a GDPR team. Please contact the GDPR team using the details set out below. Our GDPR team will be happy to help with any questions that you may have.
GDPR@hollandandbarrett.com | |
Post | GDPR Team, Samuel Ryder House Barling Way Eliot Park Nuneaton Warwickshire CV10 7RH United Kingdom |
You have several rights in relation to your personal and sensitive data as provided by the UKGDPR, the Data Protection Act 2018 and the General Data Protection Regulation 2016 (GDPR).
United Kingdom | Ireland |
Email: casework@ico.org.uk Phone: 0303 123 1113 Post: Information Commissioner’s Office, Wycliffe House Water Land, Wilmslow Cheshire, SK9 5AF Website: ico.org.uk | Email: dpo@dataprotection.ie Phone: +353 (0)761 104 800 or +353 (0)57 868 4800 Post: Data Protection Commission 21 Fitzwilliam Square South Dublin 2, D02 RD28 Ireland Website:dataprotection.ie |
Belgium | Holland |
Email: dpo@apd-gba.be Phone: +32(0)2 274 48 00 or +32(0)2 274 48 35 Post: Data Protection Authority Drukpersstraat 35 1000 Brussels Website: dataprotectionauthority.be/citizen | Phone: +31 (0)70 888 85 00 Post: Autoriteit Persoonsgegevens PO Box 93374 2509 AJ DEN HAAG Website: autoriteitpersoonsgegevens.nl/en |
We have several stores, online shopping websites and apps which you may use to buy products or services from us, or simply browse for information.
When you purchase from us, we need to collect information about you to process the order. We may also use that information to learn more about your browsing and buying habits so that we create tailored products and services we think you’ll be interested in.
We want to make this as clear as possible, so we’ve made a brief list below that summarises the personal data we collect. We also set out the "legal basis for processing", i.e., to tell you on what grounds we are allowed to use your information. The legal basis for each purpose is that (a) we have your consent for the use of your personal information, or (b) that we need to use your personal information to perform a contract with you, or (c) that the use of your personal information is necessary for our legitimate interests (in which case we will explain what those interests are).
Personal data collected | Legal Basis for processing |
When you shop with us, communicate with our contact centre, browse our websites or other organisations' websites where our adverts are shown, or use our digital services, we will collect:
If you have given your consent for this, then we may share your data with third party networks such as Facebook and Google to place appropriate advertising. If you are not a registered user with us, then we don’t share your data with any third parties. If you register an account with us, we may be able to link the information collected from you before registration and apply it to either your registered account or to future information that we collect after you have registered. |
|
When you register an account with us, we will capture your personal contact information, including name, telephone number, email address and postal address. We will also collect your order history and may contact you with information related to your order via email, SMS text, post, or telephone. If you are placing an order, we will also ask for your payment card number, expiry date and CVV number. If your order is for delivery or a Click & Collect from store, we will share the required information, to fulfil this request, with our third-party delivery partners. This will include Name, email, mobile number, and postal address (if a direct delivery) |
|
When calling our customer services team, you may talk to one of our agents based in South Africa. The agent has access to your registered account to assist with your enquiry. Personal data transferred in this case, is carried out lawfully based on the measures taken to allow transfer of data to international third countries. |
|
Contact Details for keeping in touch with you to market related products and services, including exclusive offers, vouchers, free gifts, deals, and information about events. |
|
CCTV when you visit our stores – your personal image, but not audio. This is to ensure the safety and security of customers, employees and third parties at our premises We will delete this after 30 days unless an event requires us to hold it longer. |
|
When you sign up for a loyalty card – your name, email, postal address, and email address. |
|
A record of your correspondence and/or conversations with our customer contact centre. |
|
Address any claims made against us. |
|
When a request for a return of a product is made in store we will capture your name, email address, telephone number and RFL number. |
|
When a report of an adverse reaction is made in store, we will capture your name, email address, telephone number and RFL number. We may also ask for information of any allergies or details of the reaction i.e rash, headaches this may include life threatening side effects such as seizures. You will be asked if you if you would like a response from the customer services team. |
|
Contact you about leaving a review on a product or service or providing feedback once your order has been completed or the service has been provided |
|
Contact Details for completing a market research related questionnaire to give feed back to us about your experience using the App, the website or visiting our stores and what we can do better. |
|
Notify you about changes to our services and to otherwise communicate with you. For example, we will use your contact details to respond to any queries that you submit to us. |
|
Review your past purchases and viewing history on our Digital Services to provide you with special offers or to tailor your experience online. |
|
Help us review, develop and improve the products and services we offer. For example, calls to our contact centres are monitored and recorded for quality control and training purposes. We may also send you market research requests via email (which you can opt out of via that email). If you raise a query (for example about a product or about our service) while we still hold a recording of your telephone call, and we can investigate or answer your query by referring to this call, we may do so. This may mean that your call recording will be held until your query has been resolved. |
|
Improve and measure the effectiveness of our marketing communications, including online advertising. We sometimes compare limited information that we hold about you (for example, your email address or mobile phone number) with third parties that also hold your information or have an existing online relationship with you to identify you as our customer and to enable us (or third parties on our behalf) to provide you with relevant marketing online. For example, we may compare your information with the information that social networking sites such as Twitter, Instagram, LinkedIn, Pinterest, Reddit and Facebook hold on you, so that they can identify you as a H&B customer and hence tailor the H&B marketing you receive via their sites and products. We also share cookie and other data (including online and offline purchase data) with entities such as Google, YouTube, Twitter, Instagram, LinkedIn, Pinterest, Reddit and Facebook in order to make our advertising more relevant to you. We require any such third parties to treat your personal information as fully confidential and to fully comply with all applicable data protection legislation. |
|
Carry out security checks to protect against fraudulent transactions and to prevent and detect criminal activity. |
|
Provide, enhance, and personalise your experience on our Digital Services. This may include a mini questionnaire of likes and dislikes that customers, who accept the tracking cookie banner. |
|
When you accept the tracking cookie, which is within the cookie banner on the website, you will be asked to complete a short questionnaire to determine some of your likes and dislikes this will help us provide, enhance, and personalise your experience on our Digital Services. |
|
We would store your contact details to keep you up to date on product launches this will include any seasonal launches. |
|
If you agree to be a H&B research survey participant via our website, we will collect and store your name, contact email address, age range & gender. If you are selected to take part in one of our surveys this will be carried out via a live video chat. Your data will be held for 12 months from the date of the completed survey. You can withdraw your consent at any time. |
|
If you sign up to our wait list for our Beauty Advent Calendar, we will ask you to provide your email address, first name & surname. The data collected will only be used for the notification of the product launch. |
|
If you sign up for our RFL Food Giveaway we will ask you to provide your full name, email address and postal address. The data collected will only be used for the purpose of the giveaway. |
|
When you visit our stores, you may notice some staff wearing body worn cameras – these devices record footage & audio from interactions, and only record when manually activated by the user to ensure staff safety, prevention & detection of a crime. |
|
Holland & Barrett are working with a supply chain mapping tool which tracks our products right down to farm level to ensure we have visibility and traceability within our supply chains.
Personal data collected | Legal Basis for processing |
We share limited amounts of personal data from supplier companies that work with H&B this will include supplier name, personal supplier contact name, contact email address and position |
|
So that you can make full use of the interactive features on our website, your computer, mobile phone or other device (all referred to here as device) will need to accept cookies.
Here you can see what cookies may be sent to your device by hollandandbarrett.com and what we use each cookie for. You can set your browser to reject cookies (see the 'Help' menu of your browser to find out how to do this), but please bear in mind that if you do this, certain personalised features of this website cannot be provided to you.
When you visit our website or apps, we’ll ask you what data we can collect about you. We use five principal types of cookies:
Strictly Necessary
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
Functional
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all these services may not function properly.
Targeting
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
Because we respect your right to privacy, you can choose not to allow some types of cookies. You can manage your cookie settings at the bottom of this page.
Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal information will involve a transfer of data outside the EEA.Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
For further details, see European Commission: Adequacy of the protection of personal information in non-EU countries.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe.
For further details, see European Commission: Model contracts for the transfer of personal information to third countries.
Where we use processors in countries outside of the UK and EEA, we first see if they have a adequacy decision from the EC, which means data subjects whose data are processed in those countries enjoy the same level of protection as in the EU. If no adequacy decision exists, we ensure those same levels of protection are in place through legal transfer mechanisms such as Standard Contractual Clauses or the UK’s International Data Transfer Agreement (IDTA).
Please contact gdpr@hollandandbarrett.com if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
Our services online and through mobile apps empower you to better understand your health and wellness. Using technology, subject matter experts and helpful tips and recommendations, the app works to help you achieve your wellness goals.
H&B &Me analyses your health and lifestyle data in order to support wellness goals, for example, it calculates your biological age, and monitors activities such as sleep and exercise to present insightful trends.
To deliver the service, we need to collect a wide range of health data about you. H&B only uses the health data collected to provide this service, and we never sell or share this information with third parties that are not participating in the delivery of the service.
If you book a blood test through us we will share personal information, limited to only that which is strictly necessary, with the third party qualified nurses who collect the blood samples on our behalf.
Where we partner with other companies, such as a laboratory for testing samples & technical for calculations of biological age and tracking, the partner may have a legal or regulatory obligation to be an Independent Controller for some information provided. and may, as a result, have their own retention obligations they need to comply with for personal data.
To use The Service, you must have an account, which you can create inside the app. When you do this, we’ll ask you to give us consent so we can use your personal data for one or more specific purposes. We acknowledge that consent must be freely given, but without consent for processing your health information, delivery of the intended service will not be possible.
Data We May Process | Lawful Basis |
Contact information such as email and phone number date of birth and gender |
|
Collecting information about your health, we will capture your personal information necessary for the service including detailed data about your health and wellness |
|
Qualified to advise will collect your contact details through a booking service, and information about your status and condition that you may supply to us to assist in your assessment, this can also lead to a live video chat with a Qualified to advise colleague. |
|
Data Category | Retention Time |
Contact information such as email and phone number date of birth and gender | 18 months after last activity or within 30 days of you closing your account |
Health data | 18 months after last activity or within 30 days of you closing your account |
Withdrawing Consent
If you decide you want to withdraw your consent from the service, you can do this easily through the settings menu in the App. Withdrawing consent will result in the erasure of any data we hold about you, which we are not legally obliged to retain. If the option in our app exists to delete your data, this is also considered equivalent to withdrawing consent.
Where you receive emails about the service, they will have instructions on how to unsubscribe or withdraw consent.
Sharing Data to Deliver the Service
To deliver the service, we rely on partners that are experts in their field, such as phlebotomy (blood testing). When we enter into agreements with those partners, we put technical and organisational measures in place that ensure they only have the minimum data necessary to fulfil their purpose, and that the data is processed securely and in line their obligations under the agreement.
We share some data with partners that may operate under a legal requirement to process and retain personal data, and in those cases, they will be an Independent Controller, along with Holland & Barrett.
Data We May Process When You Use this Service
Data We May Process | Lawful Basis |
Performing the Service in Store, collecting data about your health. Contact information such as email and phone number. |
|
Performing the service at your Home, collecting data about your health. Contact information such as email and phone number and address |
|
Customer Service – contact information |
|
How Long we Hold Your Data
Data Category | Retention Time |
Performing the Service in Store - Contact information such as email and phone number | 18 months after last activity or within 30 days of you closing your account |
Performing the service at your Home - Contact information such as email and phone number and address | 18 months after last activity or within 30 days of you closing your account |
Customer Service – contact information | 12 months after last activity, or longer on case-by-case basis if there is a complaint |
Health Data is a ‘Special Category’ under the GDPR, meaning that we must consider carefully how we capture and use this data. Here’s what we do in a nutshell.