This notice (Privacy Notice) tells you how we look after your personal data when you visit our website at https://www.getstride.com (Website) or when you partner with us, interact with our customer platform, where you are a prospective customer of our business, or where you are another type of business contact, such as a supplier or service provider to our business. We offer a liquid supplement that delivers nutrient absorption and is precision-personalised to your unique lifestyle, goals and biological needs. We also offer home testing kits for DNA testing and analysis for an understanding of your nutrition needs, with the provision of results made available through our online digital platform.
This notice sets out what information we collect about you, what we use it for and whom we share it with. It also explains your rights under data protection laws and what to do if you have any concerns about your personal data.
We may sometimes need to update this Privacy Notice, to reflect any changes to the way services are provided or to comply with new business practices or legal requirements. You should check this Privacy Notice regularly to see whether any changes have occurred.
We are Stride Health Group Ltd, registered in England and Wales with company number 05158025 with our registered address at 33 Scottow Enterprise Park, Lamas Road, Badersfield, Norwich, England, NR10 5FB (we, us or our).
For all visitors to our Website we are the controller of your information (which means we decide what information we collect and how it is used).
We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection matters, under number ZB624281.
If you have any questions about this Privacy Notice or the way that we use information, please get in touch with our Compliance Team using the following details:
Email address: email@example.com
Postal address: 33 Scottow Enterprise Park, Lamas Road, Badersfield, Norwich, England, NR10 5FB
Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect and where we receive it from below.
Please note that we do not collect any payment card data or similar data relating to your method of payment. You provide this data directly to Shopify who processes payments on our behalf. We only receive and process information about the timing and amount of your payment.
We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:
Below is set out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed below, we will update our privacy notice.
Where we need to collect your personal data (for example, in order to fulfill a contract we have with you), failure to provide us with your personal data may mean that we are not able to provide you with the services. Where we do not have the information required about you to fulfill an order, we may have to cancel the service ordered.
Where we use personal data about you that is very sensitive (Special Category Data), we require a second lawful basis to use your personal data. This is most likely to occur where:
We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.
We share (or may share) your personal data with:
If we were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.
We store your personal data on our servers in the UK. Your data is securely stored by our cloud hosting provider on secure servers. We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage.
We may transfer your data outside of the UK or EEA to the US where we and some of our service providers have operations.
We will only transfer information outside of the UK or EEA where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g. by using contracts approved by the ICO or the UK Secretary of State)
We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:
If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor for the affected personal data, we notify the controller and support them with investigating and responding to the incident.
If you notice any unusual activity on the Website or the customer portal, please contact us at: firstname.lastname@example.org.
Where we act as the controller, we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for. We will retain account information and your results for as long as the account remains open to ensure that you can continue to engage with us on additional purchases, new products and services as well as access your reports.
To decide how long to keep personal data (also known as its retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records for HM Revenue & Customs).
We may keep Identity Data, Contact Data and certain other data (specifically, any exchanges between us by email or any other means) for up to seven years after the end of our contractual relationship with you.
For DNA testing, our laboratory will process your sample using barcode identification. They will not hold any personal information about you. Once processed your sample is destroyed by incineration after 1 month and the extracted DNA is destroyed by incineration after 6 months as per laboratory regulatory standards.
Your pseudonymised DNA sample sequencing data is maintained for the length of your contract with us. It will be destroyed within 60 days after the contract.
If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you.
You have specific legal rights in relation to your personal data.
We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. Usually there is no cost for exercising your data protection rights, but we may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens we will always inform you in writing.
We will respond to your legal rights request without undue delay, but within one month of us receiving your request or confirming your identity (whichever is later). We may extend this deadline by two months if your request is complex or we have received multiple requests at once. If we need to extend the deadline, we will let you know and explain why we need the extension.
We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.
If you wish to make any of the right requests listed below, you can reach us at email@example.com:
If you have consented to receiving marketing messages from us, you can opt out of these at any time.
Opting out of marketing will not affect our processing of your personal data in relation to any order you have with us and where we are required to use your personal data to fulfill that order or provide you with certain information.
Personal data will not be used for profiling or other automated decision-making.