PRIVACY AND COOKIES POLICY
At FUTURE WOMAN, we understand how important your personal information is to you. FUTURE WOMAN respects your privacy and is committed to protecting your personal data.
This privacy policy tells you how we look after your personal information when you contact us or use one of our services and what you can expect us to do when handling your personal information.
Personal information (or personal data) is any information that can be used to identify a living person. It does not include data where the identity has been removed (anonymous data).
This notice is split into sections:
- OURDETAILS
- WhatDoWeUseYourPersonalInformation For?
- HowDoWeGetYourPersonalInformation?
- WhatDoWeUseYourPersonalInformation For?
- WhoDoWeShareYourPersonalInformationWith?
- WhereIsMyDataStored?
- HowLongDoWeKeepYourPersonalInformation For?
- WhatRightsDoYouHaveOverYourPersonalInformation?
- Complaints UpdatingThisPolicy
We have used links to help you get to the information you are interested in.
In some places we have provided links to other websites, for example the Information Commissioner’s Office website. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the accuracy of any other website or their privacy statements, and we encourage you to read the privacy policy of those websites that you visit.
Our services are not intended for children and we do not knowingly collect data relating to children. Our services are available to patients who are aged 18 years old or above.
OURDETAILS
FUTURE WOMAN is responsible for keeping the personal information we use safe and making decisions about how it can be used. We are the controller for your personal information. Our formal name is Vesta Partners Limited and our headquarters are at: 9 Hormead Road, London, England, W9 3NG. This is the company we are referring to when we mention “Vesta Partners Limited”, “FUTURE WOMAN” “we”, “us” or “our” in this privacy policy.
You can contact us at support@future-woman.com or by writing to us at the address above for any queries about your personal information, including any requests to exercise your legal rights.
WHATDOWEUSEYOURPERSONALINFORMATION FOR?
We only use your personal information when the law allows us to.
Generally, we do not rely on consent as a legal basis for processing your personal information although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Most commonly, we may use your personal information to perform our contract with you (or in talks about entering into a contract), or because we have a legitimate interest that permits us to use your personal information. The main examples of this are to:
- provideyouwithourservices
For example, we may use your personal information to:
- Recommend you a test
- Process/deliver your order
- Prepare for a consultation with you
- Provide you with a test report showing your results
- Provide diet and lifestyle recommendations (which does not constitute medical advice)
- Provide you with supplement recommendations
- Contact you (only with your consent given) with information about our products which either you request, or which we feel will be of interest to you
- notify you about changes to this privacy policy or our services
- improve and maintain our website, including preparing reports or compiling statistics in order to improve our services
• manage our relationship with you, including notifying you about changes to our terms or privacy policy or asking you to leave a review or take a survey respond to any queries you raise with us and to provide customer support
- create anonymous information that we can use to help develop our services or provide to other organisations with an interest in our services, like regulators
- we may also use your personal information to let you know more about our offers and services, and to understand the effectiveness of our advertising
This processing may include using your medical information, so we can offer services that are relevant to you. For example, we may ask you some questions relating to your general health, or you may choose to share your data from wearable devices, monitors or other apps with us. If you are paying for our services yourself or receiving our services as a benefit through a third party and we hold your medical data, you may also choose to allow us to use this to personalise recommendations from us.
We may sometimes need to use your personal information to:
- co-operate with our regulators
- comply with a legal obligation, like a court order requiring us to release information
- deal with disputes and legal claims, for example if you make a legal claim against us
- deal appropriately with any risk to public health
Under data protection laws, each purpose for which we use your personal information must comply with one of the conditions for processing. Each of these is known as a lawful basis.
The Information Commissioner’s Office (ICO) is responsible for ensuring that organisations comply with data protection rules. You can find out more about what the conditions for processing are on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection- regulation-gdpr/lawful-basis-for-processing/.
When we are using personal information we must meet one of the conditions set out in Article 6 of the UK General Data Protection Regulation (UK GDPR).
Specialcategorydata
Under the UK GDPR there is some personal information that is so sensitive that it gets extra protection. This special category data is any personal information about someone’s:
- health (including mental health);
- sex life;
- sexual orientation;
• racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs
- trade union membership.
It also includes genetic data and biometric data if that information is used to identify an individual.
When we are using special category data we must also meet one of the conditions set out in Article 9 of UK GDPR.
We have set out in the table below which conditions we are relying on when we use your personal information. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below:
PURPOSE | ARTICLE6CONDITION | ARTICLE9CONDITION |
co-operate with regulators | Article 6(1)(c) – compliance with a legal obligation | Article 9(2)(f) – establishment, exercise or defence of legal claims |
comply with a legal obligation, like a court order requiring us to release information | Article 6(1)(c) – compliance with a legal obligation | Article 9(2)(f) – establishment, exercise or defence of legal claims |
deal with disputes and legal claims, for example if you make a legal claim against one of us | Article 6(1)(f) – legitimate interests (we have a legitimate interest in being able to deal with disputes and legal claims) | Article 9(2)(f) – establishment, exercise or defence of legal claims |
provide you with our services. | Article 6(1)(b) – performance of a contract | Article 9(2)(a) – consent |
help maintain the quality of and improve our services | Article 6(1)(f) – legitimate interests (we have a legitimate interest in maintaining and improving the quality of our services) | Article 9(2)(a) – consent |
PURPOSE | ARTICLE6CONDITION | ARTICLE9CONDITION |
obtain payment from you for our services | Article 6(1)(b) – performance of a contract Article 6(1)(f) – legitimate interests (we have a legitimate interest in ensuring payments are made to us) | No special category data used |
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey | Article 6(1)(b) – performance of a contract Article 6(1)(c) – compliance with a legal obligation Article 6(1)(f) – legitimate interests (we have a legitimate interest to keep our records updated and to study how customers use our products/services) | No special category data used |
let you know more about our services and offers | Article 6(1)(a) – consent | Article 9(2)(a) – consent |
let you know more about the products and services of third parties that may be relevant to you | Article 6(1)(a) – consent | Article 9(2)(a) – consent |
Marketing and opting out. We may use your personal information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You may receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes, and we will not contact you for marketing purposes in relation to special category information without your consent.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us. Where you opt out of receiving these marketing messages, this will not apply to personal data we process on a different legal basis.
Processing for other purposes. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that
reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
We may sometimes need to use your personal information for other purposes. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
HOWDOWEGETYOURPERSONALINFORMATION?
Most of the personal information we use is provided to us directly by you so that you can access our services. For example, you provide us with your contact details. Please let us know if there are any changes to your personal details while you are registered with us.
This includes personal data you provide when you:
- search for information on our website
- create an account with us on-line;
- subscribe to our service or publications;
- purchase products or services through our website;
- log in to and use our services;
- report a problem on our website;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us some feedback or contact us.
If you agree, information from third party programmes like Microsoft HealthVault or Google Health or from other smart devices and health apps, that you use to collect, store and analyse information about your health. Health tracking programmes allow you to combine data from multiple apps or devices. By doing so, you can track your health and fitness activities against your goals to provide you with a comprehensive view of your health and fitness.
We may also gather technical information about your visit to our website/services, like what device you are using to access our services, or your browsing patterns. More detail about what we collect is set out in the section below (What personal information about you do we use?). We automatically collect this personal data by using cookies, server logs, application data caches, browser web storage and other similar technologies. We may also receive data about you if you visit other websites that use our cookies. Please see our cookie policy below for further details.
WHATPERSONALINFORMATIONABOUTYOUDOWEUSE?
We may use the following personal information:
InitialQuestionnaire– this is to determine which test we recommend to you
- Name
- Age
- Email Address
- Information about your
- Diet
- Stress
- Sleep
- Exercise
- Symptoms of hormone imbalances
- Life stage
- Menstrual cycle (if applicable)
- Details of any medication
Onboarding Questionnaire– after completing one of our tests, ifyou purchase a consultation, we will send you a second more detailed questionnaire ahead of your first appointment
- More detailed questions on the topics listed above
- Are you pregnant/trying to conceive
- Occupation
- Medical conditions
- Medical history
- Family medical history
- Current medication or supplementation
Othertypesofdatawecollect:
Contact Data includes billing address, delivery address, email address, telephone numbers and emergency contact telephone numbers.
FinancialDataincludes bank account and payment card details.
TransactionDataincludes details about payments to and from you and other details of products and services you have purchased from us.
TechnicalDataincludes internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
ProfileDataincludes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
UsageDataincludes information about how you use our website, products and services.
MarketingandCommunicationsDataincludes your preferences in receiving marketing from us and our third parties and your communication preferences
Informationaboutyourhealthandsocialcircumstances.This includes:
- Information you provide as part of using our services
- Information provided during your online appointments
- Notes and reports relevant to your health, including any information you have told us about your health.
- Details of your test results, consultations and recommendations.
- Results of your tests from our partner laboratories.
- Information about your genetic data where this is relevant to your lifestyle or is information that you have provided to us as part of your lifestyle.
Anonymised data. We also collect, use and share anonymised and/or aggregated data such as statistical or demographic data for any purpose. This data could be derived from your personal information but is not considered personal information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate information about your use of our website to calculate the percentage of users accessing a specific website feature. However, if we combine or connect any anonymised data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy policy.
If you fail to provide personal data. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
WHODOWESHAREYOURPERSONALINFORMATIONWITH?
Our partners. To provide you with our services we need to share your personal information with certain third parties, such as partner organisations that help administer our systems and services. For example:
- Blood Testing Labs – we share with them your name and date of birth and they also have access to your test results. They share your test results with us using an encrypted/password protected file.
• Genetics Testing Labs – they don’t receive any identifiable data at all – just a barcode that we then match back to you. They share your test results with us using an encrypted/password protected file. Regenerus Laboratories – Regenerus Laboratories are the exclusive distributor of Precision Analytical’s hormone tests in the UK. They see your name and have access to your report. Precision Analytical Inc carry out the test and so they have the same access as Regenerus Laboratories. Logistics company and our Kitting Partner – they see your name and address and which test you’ve ordered in order to send out the kits but they don’t see your test results. Our IT suppliers, including suppliers of data storage services.
- Contractors who provide our telephone services.
- Suppliers of web hosting services.
- Organisations that we use to obtain feedback from patients (if you have agreed to do this).
We have vetted these organisations to ensure that they will deal with your personal information responsibly. We do not allow these partner organisations to use your personal information for their own purposes. We only permit them to use your personal information in accordance with our instructions.
We may also share information with our partner organisations who provide data analysis services, to help improve our services. This does not include information about your health.
Regulators. Sometimes we may need to share information with regulatory bodies, such as the ICO.
Marketing organisations. If you have agreed to receive information about our services and offers, we may share your information with marketing organisations. For example we may share your contact information with companies that we use to send marketing emails. Although we will not share information about your health with these organisations, it may be possible for them to infer this information due to the content of the marketing email. For example, if we are sending you information about how we can help you manage your endometriosis or menopause, our partners will be able to infer that you have this condition. You can control whether or not your information is included in our marketing communications by opting out and selecting this settings option on our website.
Other necessary third parties. There are some other rare occasions where we may share your data with other organisations. For example:
- We may share information with our professional advisors, including lawyers and accountants, if this is necessary to take and receive professional advice (including legal advice), or to bring or defend a legal claim or threatened claim.
• We may share information with our insurers and the insurers of other organisations where this is necessary to investigate insurance cover and to handle a claim or threatened claim. We may share information with individuals or organisations if we are legally required to, for example if this is specified in a warrant or court order. Where we, or substantially all of our assets, are merged or acquired by a third party, in which case this information may form part of the transferred or merged assets.
Social media. Our website include some social media sharing features, such as the Facebook button. You can use these features to share information about your use of our services through social media. The relevant social media site(s) control how these features work. If you want to find out more about this you should read the privacy policy of the relevant social media site.
WHEREISMYDATASTORED?
Most of the time your personal information stays within the UK. Sometimes your personal information may be transferred to our partners outside of the UK with appropriate legal safeguards in place, such as to countries that have been deemed to provide an adequate level of protection for personal data, or using specific contracts approved for use in the UK which ensure personal data is processed using rules that give the same protection it has in the UK.
Please note that if you select the hormone testing service then your personal data may be transferred to our partner laboratory in the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
HOWLONGDOWEKEEPYOURPERSONALINFORMATION FOR?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can
achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We store personal information for as long as you use the services we provide and then as required to comply with applicable laws. In particular, we are required by law to hold medical records for 10 years.
In some circumstances you can ask us to delete your data. See the section below (What rights do you have over your personal information?) below for further information.
Anonymous data. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
HOWDOWEKEEPYOURINFORMATIONSECURE?
We take security and the secure storage of personal information seriously. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We have physical, electronic and managerial procedures in place to protect and secure the information we collect. We are committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access and destruction and we take all reasonable precautions to safeguard the confidentiality of personal information.
We make every effort to protect your personal information. However, there is always an inherent risk, beyond our control, in sending information over the internet. If we do ever encounter any online data breaches, we commit to taking prompt action to resolve the situation to protect your information.
We use Stripe for payment transactions and so do not hold payment or payment card data.
Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
For more information on how we keep your data secure, please contact us at support@future- woman.com.
WHATRIGHTSDOYOUHAVEOVERYOURPERSONALINFORMATION?
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. You are not required to pay any charge for exercising your rights.
Please contact us at support@future-woman.com if you wish to make a request.
We may ask you to provide us with identification so that we can be sure that we are dealing with the right person. This is a security measure to protect your information. We may also contact you to ask you to put your request into writing and/ or for further information in relation to your request to help speed up our response.
We try to respond to requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In these cases, we will notify you and keep you up to date about when we expect to be able to respond.
If you receive our services through the NHSand you want to exercise any of these rights regarding information held in your medical records, you should contact your doctor or GP practice. This is because it is your doctor/GP practice who holds those records and has control over them.
Your right of access. You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which mean you may not always receive all the information we have about you. You can read more about this right here: Right of access | ICO.
To access a copy of your electronic medical records or other information that we hold about you, please contact us at support@future-woman.com.
Your right to rectification. You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here: Right to rectification | ICO.
Please note we will not usually amend medical records. This is because it is important that we have a copy of the information available to doctors at the time they are treating you. Instead we usually add a note to your record to highlight the information you consider to be incorrect.
Your right to erasure. You have the right to ask us to erase your personal information in certain circumstances. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. You can read more about this right here: Right to erasure | ICO.
Again, we will not normally delete information from medical records. This is because it is important that we have a copy of the information available to doctors at the time they are treating you.
Your right to restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here: Right to restrict processing | ICO.
Your right to object to processing. You have the right to object to our processing of your personal information where we are processing your information because the process forms part of public tasks or the processing is in our legitimate interests. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You can read more about this right here: Right to object | ICO.
Your right to data portability. This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. This right only applies when our processing is automated and where you initially provided consent for us to process the information or where we processed the information to perform a contract with you (or in talks about entering into a contract). You can read more about this right here: Right to data portability | ICO.
Your right to withdraw consent. Where we are relying on consent to process your personal information (such as for marketing purposes), you have the right to withdraw your agreement to the use of your personal information for those purposes at any time. You can do this by emailing support@future-woman.com. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
CONTACTUS
If you have any questions, want to exercise your rights or need further information about what we do with personal information, please contact us at support@future-woman.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
You can find also out more about our legal obligations and your privacy rights from the Information Commissioner’s Office. The ICO oversees compliance with privacy laws in the UK.
The ICO can be contacted at:
Information Commissioner’s Office Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113
COMPLAINTS
You have the right to make a complaint at any time to the ICO if you are not happy with the way that we have dealt with your personal data or a request from you to exercise your privacy rights.
We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us at support@future-woman.com in the first instance.
UPDATINGTHISPOLICY
We may update this policy from time to time. If we plan to update the policy we will let you know by email. You should stop using our services if you do not agree to any changes.
This notice was most recently updated on 21/03/2022. To obtain an historic version of this notice please contact us at support@future-woman.com.
COOKIES
A cookie is a small text file that may be placed on your computer or device when you visit our website. When you next visit our website the cookie allows us to distinguish you from other users. There are two categories of cookies: (a) ‘persistent cookies’ that remain on your computer or device until deleted manually or automatically; and (b) ‘session cookies’ which remain on your computer or device until you close your browser, when they are automatically deleted.
The cookies we use are:
- Essentialcookiesare required for the operation of our website/app and without them the website/app can’t operate properly.
- Performancecookiesallow us to see and count the number of visitors to our website/app and what they do during their visit. We use the information from these cookies to improve our website/app’s performance. The data from these cookies doesn’t allow us to identify you.
- Experience cookies allow our website/app to remember your choices, which means we can personalise your experience of our services. Data collection by experience cookies is used by our analytics systems (including third party systems) to monitor and enhance our website/app’s user-friendliness.
- Marketing cookies or similar technologies that track and record your visits to our website/app, including but not limited to the actual pages you visit and the links you have clicked or followed. We use this data to make the content of our services more relevant to/for you based on what we know about you. We do share information about your activity on our website/app that is stored by these cookies with our agents, agencies and other third party ad networks and this information can be used to advertise products to you on other sites. Any data we share is anonymous and cannot be used to identify you.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
You can REFUSE cookies, by activating settings of your chosen browser(s). If you alter your browser settings to refuse cookies your access to our services may be restricted. You can also manage your preferences in the Cookie Settings section of our website.
In addition to the cookies we use on this website, we also use cookies and similar technologies in some emails. These help us to understand whether you have opened an email and how you have interacted with it. We use these to improve our future email communications.
Cookies may be set when you download, open or read an email from us If you have:
- configured weak security settings on your device
- added us to your safe senders list or address book
• enabled your device to automatically display images, or
- if you click on any link within the email.
If you would prefer for this not to happen, please disable automatic displaying of images, or remove us from your address book or strengthen your security settings. Alternatively, you can set your browser to restrict or reject cookies.