Gift health, not stuff | 25% off first orders 🎁 Gift cards now available

Vitamin Supplements

Health Testing

Memberships

About Stride

Blog

Reviews

StrideDaily - Supplements

Stride MS-01 - Methyl-B Complex

StrideDNA Genetic Testing

StrideDNA Methylation Testing

StrideDNA Link for 23andMe

StrideBiome Microbiome Testing

StrideCare - GLP-1s + Weight Loss

Stride Gift Cards

Our company

Our science

Our blog

Our reviews

Account

Privacy Policy

Published on: 02/12/2024 (Version 3)

1. BACKGROUND

1.1. This Privacy Policy (Privacy Policy) tells you how we look after your personal data when:

  1. you use our website, (Website), whether as a visitor or a registered user;
  2. you complete any enrolment or onboarding forms to receive Products and/or Services (as defined below);
  3. when you attend a virtual consultation with one of our clinicians;
  4. when you partner with us;
  5. when you interact with us via our customer success platform or our social media channels;
  6. when you provide feedback to us or reviews;
  7. when you enquire about our Products and/or our Services (as defined below);
  8. when you are a supplier or service provider to our business; or
  9. where you have asked to receive information about our products (Products) - including prescription-only products (Prescription Products) - and services (Services).

1.2. This Privacy Policy sets out what personal data we collect about you or which we may have obtained about you (see clause 1.1 above) or from a third party (via publicly available sources, professional networking sites such as LinkedIn, etc.), what we use it for and whom we share it with. It also explains your rights under data protection laws and what to do if you have any concerns about your personal data.

1.3. We may sometimes need to update this Privacy Policy, to reflect any changes to the way our Products and/or Services are provided or to comply with new business practices or legal requirements. You should check this Privacy Policy every time you wish to use the Website to see whether any changes have occurred. This Privacy Policy was last modified on the date shown at the top of the document.

1.4. Our Website, Products and Services are intended for individuals who are 18 years of age or over. We do not knowingly process personal data about individuals who are under the age of 18, i.e. children.

2. WHO WE ARE AND OTHER IMPORTANT INFORMATION

2.1. We are STRIDE HEALTH GROUP LIMITED, a company incorporated and registered in England and Wales under company registration number 05158025. Our registered office is at 33 Scottow Enterprise Park, Lamas Road, Badersfield, Norwich, England, NR10 5FB (we, us or our). Our VAT registration number is 449152483.

2.2. We are the data controller (which means we decide what information we collect and how it is used) and are responsible for your personal data.

2.3. We are registered with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters, under number ZB624281.

3. CONTACT DETAILS

3.1. If you have any questions about this Privacy Policy or the way that we use your personal data, then please get in touch with our Compliance Team using the following details:

3.1.1. email address: privacy@getstride.com; or

3.1.2. postal address: 33 Scottow Enterprise Park, Lamas Road, Badersfield, Norwich, England, NR10 5FB.

4. THE INFORMATION WE COLLECT ABOUT YOU

4.1. Personal data (or personal information) means any information which does (or could be used to) identify a living person, whether directly or indirectly. It does not include any data where the identity has been removed (anonymous data).

4.2. We have grouped together the different types of personal data that we collect about you and where we receive it from below.

Identity Data: your first and last name, title, date of birth, image.

Contact Data: your email address, telephone number, delivery address, professional and/or social media contact details.

Usage Data: information about how you use and/or interact with our Website (such as the pages you have visited, the length or your visit and the actions you have taken whilst on our Website) or social media channels.

Financial Data: timing and amount of your payment. We do not collect any payment card data or similar data relating to your method of payment. You provide this data directly to Shopify or Stripe who process payments on our behalf in accordance with their privacy policies:

Location Data: your device location or your internet protocol (IP) address if you log into our systems remotely.

Feedback Data: information and responses you provide when completing surveys and questionnaires, which may include Health Data.

Profile Data: email address, password, username, chat logs, audit trail of systems used and documents accessed and downloaded.

Marketing and Communication Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Biological Samples: based on the type of Service you purchase, a cheek saliva swab, a blood sample, or a stool sample may be obtained and analysed with informed consent.

Technical Data: browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our systems. This information is tracked using analytics with random identifiers.

Physical Appearance Data: height, weight, body measurements.

4.3. We will also collect special category data or sensitive personal data about you if you have purchased our Products and/or our Services:

Health Data: Depending on the product or service you choose, we may collect information about your health, such as your medical history, health conditions, genetic history, and results from health screenings or tests. This can include details from consultations with our clinicians, such as diagnoses, care plans, medications, and referrals. We may also gather personal information like your date of birth, sex assigned at birth, ethnicity, height, and weight. To better understand your lifestyle, we might ask about your exercise habits, diet, sleep patterns, and stress levels, as well as any recent dietary changes or specific health concerns. This data helps us provide tailored insights and recommendations to support your health and wellness.

4.4. We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.

5. HOW WE USE YOUR INFORMATION

5.1. We will only use your personal data when the law allows us to.

5.2. We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data.

5.3. There are six legal justifications which organisations can rely on to process personal data. The most relevant of these to us are:

  1. to fulfil a contract that we are about to enter or have entered with you;
  2. where we have obtained your consent to the processing in question;
  3. to fulfil our legitimate interests where your interests and fundamental rights do not override those interests; and
  4. to comply with a legal obligation that we are subject to.

5.4. If we intend to use your personal data for a new reason that is not listed below, we will update our Privacy Policy.

Contract

  • To create, administer and manage user accounts;
  • To assess your suitability for our Products and/or our Services and to perform the contract for your purchase of our Products and/or our Services;
  • To process your payment securely in connection with any contract we have with you;
  • To create, negotiate and manage contracts and receive products and/or services from you as a supplier; and
  • To send you updates about the Products and/or Services you have bought (e.g. confirmation of order, arrival time).

Consent

  • To provide us with information or allow us to use or share your information.
  • To obtain feedback from you; and
  • To receive marketing material from us relating to our Products and/or Services.

Legitimate interest

  • To administer and manage our relationship with you;
  • To provide customer service and support (whether via our customer success platform or other medium);
  • To fix technical problems, to maintain the Website and to protect the Website;
  • To analyse and improve the Website and measure the effectiveness of the content we provide you via that Website;
  • To analyse engagement with our social media channels and to communicate with you via those channels; and
  • To assess and improve the Website and the product and service offerings.
  • In these instances, we do not consider that your fundamental rights override the above legitimate interests.

Legal obligation

  • To comply with legal or regulatory requirements.

5.5. Where we need to collect your personal data (for example, in order to fulfil a contract we have with you), failure to provide us with your personal data may mean that we are not able to provide you with the Products and/or Services that you requested. Where we do not have the information required about you to fulfil an order, we may have to cancel the Product and/or Service ordered.

5.6. Where we process personal data about you that is sensitive, we will need a second lawful basis to process it. This is most likely to occur where we are processing Health Data or taking Biological Samples, but it may also occur when we are collecting other types of personal data.

5.7. Where we process special category data we may, therefore, also rely on:

  • your explicit consent to do so; or
  • such processing being necessary for health care purposes (medical diagnosis, the provision of health care or treatment, and the management of health care systems or services) where the personal data is processed by a professional who is subject to an obligation of professional secrecy (such as one of our clinicians). Where this condition applies, you do not have the right to request erasure (clause 10.5).

5.8. We use cookies to automatically collect Technical Data, which is information about how you interact with our Website and where we do so, we do so on the basis of your consent. We will only use cookies in accordance with our cookie policy. For further information on what cookies we use and what we use each cookie for, please access our Cookie Policy, .

6. WHO WE SHARE YOUR INFORMATION WITH

6.1. We share (or may share) your personal data with:

Our personnel: our employees (or other types of workers) and clinicians, who are all registered in the United Kingdom with the General Pharmaceutical Council, hold independent pharmacist prescriber qualifications and are trained in providing online consultations and issuing Prescription Products online. Our employees (or other types of workers) and clinicians have contracts containing confidentiality and data protection obligations.

Our supply chain: other organisations that help us provide our Products and/or Services such as cloud-based software providers, online storage providers, email service providers, etc. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations.

Regulatory authorities: such as HM Revenue & Customs, the ICO.

Our professional advisers: such as our accountants or legal advisors where we require specialist advice to help us conduct our business.

Any actual or potential buyer of our business.

Any other person or entity that you have given your consent to us sharing your personal data with such as your NHS GP Practice.

6.2. If we were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.

6.3. Where we share your personal data with a third party for them to process as a data processor on our behalf, we require those data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. WHERE YOUR INFORMATION IS LOCATED OR TRANSFERRED TO

7.1. We store your personal data on our servers in the UK. Your data is securely stored by our cloud hosting provider on secure servers. We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage.

7.2. We may transfer your data outside of the UK or EEA, for example to the US as that is where we and some of our service providers (such as Shopify) have operations.

7.3. We will only transfer information outside of the UK or EEA to third parties who process that information on our behalf where we have a valid legal mechanism in place to make sure that your personal data is guaranteed a similar level of protection, regardless of where in the world it is located. We may rely on an adequacy decision in line with the UK adequacy regulations, sign up to an international data transfer agreement or put in place standard contractual clauses.

8. HOW WE KEEP YOUR INFORMATION SAFE

8.1. We have implemented appropriate security measures to prevent your personal data from being accidentally or illegally lost, used, accessed, or altered by those who do not have permission. These measures include:

  • access controls and user authentication (including multi-factor authentication);
  • staff policies and training;
  • incident and breach reporting processes; and
  • business continuity and disaster recovery processes.

8.2. If there is an incident which has affected your personal data, then we will notify the ICO and keep you informed (where required under data protection law).

8.3. If you notice any unusual activity on the Website or the customer portal, please contact us using the contact details in clause 3.

8.4. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulatory body of a breach where we are legally required to do so.

9. THIRD PARTY LINKS

9.1. Our Website may contain links to third-party websites, plug-ins and applications.

9.2. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Website, we encourage you to read the privacy policy of every website you visit.

10. HOW LONG WE KEEP YOUR INFORMATION

10.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements or any professional or advisory body’s requirements.

10.2. To decide how long to keep personal data (also known as its retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records for HM Revenue & Customs).

10.3. The following retention periods apply:

  • We will retain Profile Data and any results that we obtain from your use of our Products or Services (including blood test results, DNA test results and weight measurements) for as long as the account remains open to ensure that you can continue to engage with us on additional purchases, new products and services as well as access your reports.
  • We may keep Identity Data, Contact Data and certain other data (specifically, any exchanges between us by email or any other means) for up to seven years after the end of our contractual relationship with you.
  • For any DNA testing conducted via StrideDNA, our laboratory will process your sample using barcode identification which means that they will not hold any personal information about you. Once processed, your sample is destroyed by incineration after one month and the extracted DNA is destroyed by incineration after six months as per laboratory regulatory standards. Your pseudonymised DNA sample sequencing data is maintained for the length of your contract with us. It will be destroyed within 60 days after the end of the contract.

10.4. If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you in line with one of the methods set out at clause 3.

11. YOUR LEGAL RIGHTS

11.1. You have specific legal rights in relation to your personal data.

11.2. We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. Usually there is no cost for exercising your data protection rights, but we may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens we will always inform you in writing.

11.3. We will respond to your legal rights request without undue delay, but within one month of us receiving your request or confirming your identity (whichever is later). We may extend this deadline by two months if your request is complex or we have received multiple requests at once. If we need to extend the deadline, we will let you know and explain why we need the extension.

11.4. We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.

11.5. If you wish to make any of the rights requests listed below, you can reach us using the contact details in clause 3.

Access (via a data subject access request): You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are complying with applicable laws.

Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.

Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continue holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision. Please be aware that where we are processing your Health Data on the basis of necessity for health care purposes, you will not always have the right to erase that data. The integrity of health data is an important element of clinical governance and necessary to maintain a safe prescribing service with auditable records of care.

Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it.

Objection: You can object to us using your personal data if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

Portability: You can ask us to send you or another organisation an electronic copy of your personal data.

Complaints: If you have any concerns about our use of your personal information, please let us know by writing to us at privacy@getstride.com.

If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:

ICO Address: Information Commissioner's Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO Website: https://www.ico.org.uk

Withdrawal of consent. Where we have collected and processed your personal data with your consent, you may ask to withdraw that consent.

12. WHEN WE SEND YOU MARKETING MESSAGES

12.1. If you have consented to receiving marketing messages from us, you can opt out of these at any time. You can select the 'opt out' option within any marketing communication you receive or just let us know using the contact details in clause 3.

12.2. Opting out of marketing will not affect our processing of your personal data in relation to any order you have with us and where we are required to use your personal data to fulfil that order or provide you with other service-related information.

13. PROFILING AND AUTOMATED DECISION-MAKING

Personal data will not be used for profiling [solely automated decision-making that has a legal or similarly significant effect on you].