Privacy Policy

Privacy Policy

Last updated: 29 April 2025

This Privacy Policy explains how Bio-Lec Health Ltd. (“Bio-Lec Health”, “we”, “us” or “our”) collects, uses, shares and protects personal data when you visit biolechealth.com (the “Site”), submit an enquiry through any form on the Site, or otherwise interact with us.

We are a company registered in England and Wales under company number 12203541, and we are the data controller of the personal data described in this Policy.

1. Summary

In short:

  • We collect only the personal data we need to run our website, respond to your enquiries and consider partnership opportunities.
  • We do not sell your personal data.
  • We use a small number of trusted service providers (for hosting, email, analytics and similar) to help us operate.
  • You have rights under UK and EU data protection law — including the right to access, correct, delete and object to the use of your data.
  • You can contact us at any time using the details in section 13.

2. Personal Data We Collect

We collect personal data in three main ways:

2.1 Information you give us directly

When you complete a contact or partnership form, email us, or otherwise communicate with us, we collect the information you choose to provide. This typically includes:

  • your name;
  • your email address;
  • your company name and job title or designation;
  • the content of your message and any attachments; and
  • any other information you decide to share with us.

2.2 Information we collect automatically

When you visit the Site, we and our service providers may automatically collect certain technical information, including:

  • your IP address (which may be partially anonymised);
  • your device type, operating system, browser type and version;
  • the pages you visit on the Site, the pages you came from and the pages you click through to;
  • the date, time and duration of your visit;
  • general location information derived from your IP address (typically at city or country level); and
  • information collected through cookies and similar technologies — see our Cookie Policy for details.

2.3 Information from third parties

We may receive information about you from third parties, for example:

  • analytics and advertising platforms (such as Google);
  • social media platforms, where you interact with our content or pages;
  • partner brands and authorised distributors, if you have engaged with them in connection with our products; and
  • public sources such as Companies House or LinkedIn, where relevant for due-diligence on partnership enquiries.

We do not knowingly collect special category data (such as health data, racial or ethnic origin, or political opinions) through the Site. Please do not include special category data in any Submission unless it is strictly necessary for your enquiry.

3. How We Use Your Personal Data and Our Lawful Bases

Under UK and EU data protection law, we must have a lawful basis to use your personal data. The main bases we rely on are: legitimate interests, consent, performance of a contract, and compliance with a legal obligation.

PurposeCategories of dataLawful basis
Responding to enquiries you send us via forms or emailContact and message dataLegitimate interests (responding to people who contact us); steps prior to entering into a contract
Evaluating partnership proposals and conducting due diligenceContact, company and message data; information from public sourcesLegitimate interests (assessing potential business partners)
Operating, maintaining and securing the SiteTechnical and usage dataLegitimate interests (keeping our website safe and working)
Understanding how visitors use the Site so we can improve itAnalytics dataConsent (where required by cookie law); otherwise legitimate interests
Marketing our products and services to business contactsContact and company dataConsent, or legitimate interests where permitted by law
Complying with legal, regulatory and tax obligationsAny relevant dataLegal obligation
Establishing, exercising or defending legal claimsAny relevant dataLegitimate interests; legal obligation

Where we rely on legitimate interests, we have considered your rights and interests, and we believe our use of your data is proportionate. You can object to processing based on legitimate interests at any time — see section 8.

Where we rely on consent (for example, for certain cookies or marketing emails), you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Marketing

If you are an existing business contact, or you have asked us to send you information, we may occasionally contact you with updates about our products, partner brands and partnership opportunities.

Every marketing email we send will include an unsubscribe link. You can also ask us to stop sending marketing communications at any time by emailing us at the address in section 13. Note that even if you opt out of marketing, we may still send you operational messages — for example, replies to your enquiries or notices about changes to our terms.

5. Sharing Your Personal Data

We do not sell your personal data. We share it only with the following categories of recipients, and only to the extent necessary:

  • Group companies. Other members of the Bio-Lec group, where it helps us run our business and serve you.
  • Partner brands. Where your enquiry concerns a specific partner brand or product, we may share relevant details with that brand so they can respond.
  • Service providers. Trusted third parties that help us operate the Site and our business, including:
    • website hosting and infrastructure providers;
    • email and customer-support tools;
    • analytics providers (such as Google Analytics);
    • form, anti-spam and security providers;
    • CRM, marketing and communications platforms; and
    • professional advisers (lawyers, accountants, auditors and insurers).
  • Authorities. Regulators, courts, law-enforcement agencies and other public authorities where we are legally required, or where we reasonably believe disclosure is necessary to protect our rights, property or safety, or those of others.
  • Successors in interest. A buyer or successor in connection with a merger, acquisition, reorganisation or sale of all or part of our business.

We require our service providers to handle personal data in line with applicable law and to use appropriate security measures.

6. International Transfers

We are based in the United Kingdom, but some of our service providers may process personal data outside the UK and the European Economic Area (EEA), including in the United States.

Whenever we transfer personal data outside the UK or EEA, we put appropriate safeguards in place, such as:

  • transferring to a country recognised by the UK government and/or European Commission as providing an adequate level of data protection;
  • using the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses; or
  • relying on another lawful transfer mechanism permitted under UK and EU data protection law.

You can request more information about the safeguards we use by contacting us at the address in section 13.

7. How Long We Keep Your Personal Data

We keep personal data only for as long as we need it for the purposes described in this Policy, and then in line with our retention schedule.

In general:

  • Enquiry and contact-form data: kept for up to 24 months from our last meaningful contact with you, unless a longer period is needed to manage a partnership or business relationship.
  • Partnership and business-relationship data: kept for the duration of the relationship and for up to 7 years after it ends, to comply with tax, accounting and legal obligations.
  • Marketing data: kept until you unsubscribe or until we determine the data is no longer accurate or useful.
  • Website logs and analytics data: kept for shorter periods, typically up to 26 months, depending on the tool.

Where we no longer need personal data, we either delete it securely or anonymise it so it can no longer be linked to you.

8. Your Rights

Subject to certain conditions and exceptions under UK and EU data protection law, you have the following rights in relation to your personal data:

  • Access. Ask for a copy of the personal data we hold about you.
  • Rectification. Ask us to correct inaccurate or incomplete data.
  • Erasure. Ask us to delete personal data in certain circumstances (“the right to be forgotten”).
  • Restriction. Ask us to restrict our use of your data in certain circumstances.
  • Objection. Object to our processing of your data where we rely on legitimate interests, and to direct marketing at any time.
  • Portability. Receive certain data in a structured, commonly used and machine-readable format, or ask us to transfer it to another controller.
  • Withdraw consent. Where we rely on consent, withdraw it at any time.
  • Complain. Lodge a complaint with a data protection authority — see section 12.

To exercise any of these rights, please contact us using the details in section 13. We may need to verify your identity before responding. We will reply within the timeframes required by law (typically one calendar month), and we will not charge a fee unless your request is manifestly unfounded or excessive.

9. Cookies and Similar Technologies

The Site uses cookies and similar technologies for purposes such as making the Site work, remembering your preferences, measuring how it is used and (where applicable) supporting marketing.

Detailed information about the cookies we use, their purposes and how to control them is set out in our Cookie Policy. Where required by law, we will ask for your consent before placing non-essential cookies on your device.

10. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, loss, alteration, disclosure or destruction. These measures include encryption in transit (HTTPS), access controls, secure hosting environments and staff training.

No method of transmission over the internet or electronic storage is completely secure, however. While we work hard to protect your data, we cannot guarantee absolute security, and any transmission is at your own risk.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) and, where required by law, the affected individuals.

11. Children’s Privacy

The Site is not directed at children, and we do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us using the details in section 13 and we will take steps to delete it.

12. Complaints and Supervisory Authority

If you have a concern about how we handle your personal data, please contact us first using the details in section 13 — we would like the chance to put things right.

You also have the right to complain to a data protection authority. In the UK, this is:

Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel: 0303 123 1113 Website: ico.org.uk

If you are based in the EEA, you may also contact your local supervisory authority.

13. Contact Us

If you have any questions about this Policy, or if you would like to exercise any of your rights, please fill out form on the Homepage.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, our services or applicable law. The “Last updated” date at the top shows when the Policy was last revised. Where the changes are material, we will take reasonable steps to bring them to your attention — for example, by posting a notice on the Site or, where appropriate, contacting you directly.

This Privacy Policy has been prepared as a starting template tailored to the Site as it currently appears. You should have it reviewed by a qualified solicitor or data protection specialist before publishing, and confirm the lawful bases, retention periods, third-party recipients and contact details actually reflect your operations.