Privacy Policy
This Privacy Policy explains how Biodrearth ("we", "us", "our") collects, uses, stores, and protects your personal data when you visit biodrearth.world (the "Website") or contact us. We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR), where applicable.
Data Controller
Biodrearth
129 Newmarket Rd, Norwich NR4 6SZ, United Kingdom
Email: reply@biodrearth.world
Phone: +44 1603 451932
Personal Data We Collect
We may collect the following categories of personal data:
- Identity data: your name
- Contact data: your email address, telephone number
- Communication data: messages you send through our contact form, by email, or by telephone
- Technical data: IP address, browser type and version, operating system, device information, referral source, pages visited, and time spent on pages
- Cookie and consent data: your cookie preferences and related consent records stored via our cookie consent mechanism
- Usage data: information about how you use the Website when analytics cookies are enabled with your consent
We do not intentionally collect special category data (such as health information). Please do not include sensitive personal data in your messages unless it is necessary for your enquiry.
How We Collect Your Data
We collect personal data when you:
- Submit our contact form
- Send us an email or call us by telephone
- Browse the Website (through cookies, local storage, and similar technologies)
- Interact with our cookie consent banner or cookie settings
We do not purchase personal data from third parties. Technical data may be collected automatically through your browser and device when you access the Website.
Purposes and Legal Bases for Processing
Under UK GDPR, we process personal data only where we have a lawful basis. The table below sets out our main processing activities:
- Responding to enquiries and providing information about our walking coaching services — legal basis: legitimate interests (to respond to requests and manage communications) and, where required, consent (when you tick the contact form consent box)
- Operating, securing, and maintaining the Website — legal basis: legitimate interests (to run a secure and functional website) and, where applicable, legal obligation
- Storing cookie consent choices — legal basis: legitimate interests (to record and honour your preferences) and legal obligation under PECR
- Website analytics — legal basis: consent (analytics cookies are placed only if you opt in)
- Marketing and advertising measurement — legal basis: consent (marketing cookies, including those used to measure advertising campaigns, are placed only if you opt in)
- Complying with legal and regulatory obligations — legal basis: legal obligation
- Establishing, exercising, or defending legal claims — legal basis: legitimate interests
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may object to processing based on legitimate interests as described in the "Your Rights" section below.
Whether You Must Provide Personal Data
You are not legally required to provide personal data to us. However, if you choose not to provide information requested through our contact form, we may be unable to respond to your enquiry. Use of non-essential cookies is optional and controlled through our cookie consent mechanism.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Contact form submissions: up to 24 months from the date of receipt
- Cookie consent records: up to 12 months
- Technical and analytics data: up to 26 months
- Data required for legal compliance: as required by applicable law
Data Sharing and Recipients
We do not sell your personal data. We may share personal data with the following categories of recipients, only where necessary and subject to appropriate safeguards:
- Website hosting and infrastructure providers
- IT support and security service providers
- Analytics providers (only if you consent to analytics cookies)
- Advertising and campaign measurement providers, including platforms such as Google Ads (only if you consent to marketing cookies)
- Professional advisers (for example, legal or accounting advisers) where required
- Regulators, courts, or law enforcement authorities where required by law
Where service providers process personal data on our behalf, we use written contracts (data processing agreements) that require them to protect your data and process it only on our instructions.
International Transfers
We aim to keep personal data within the United Kingdom. If personal data is transferred outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement, UK Addendum to EU Standard Contractual Clauses, or an adequacy regulation recognised by the UK government.
Automated Decision-Making and Profiling
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
Marketing Communications
We do not send unsolicited marketing emails. If you contact us, we may respond to your enquiry with information relevant to your request. Where we ever send promotional communications, we will do so only where permitted by law and you will be able to opt out at any time.
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access to your personal data
- Right to rectification of inaccurate or incomplete data
- Right to erasure ("right to be forgotten") in certain circumstances
- Right to restrict processing in certain circumstances
- Right to data portability, where processing is based on consent or contract and carried out by automated means
- Right to object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
- Right to lodge a complaint with the UK supervisory authority
To exercise any of these rights, contact us at reply@biodrearth.world. We will respond within one month of receiving your request. This period may be extended by a further two months where requests are complex or numerous; we will inform you if an extension is needed.
You may lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection supervisory authority:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Website: ico.org.uk — Helpline: 0303 123 1113
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include HTTPS encryption, access controls, and regular review of our data handling practices.
Children's Privacy
The Website is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
Contact
For any questions about this Privacy Policy or our data practices, contact us at:
Biodrearth
129 Newmarket Rd, Norwich NR4 6SZ, United Kingdom
Email: reply@biodrearth.world
Phone: +44 1603 451932