Privacy Policy

Your privacy matters

The Placebo Clinic is a trading name of Yes Health Ltd. Yes Health Ltd takes its customers’ privacy and confidentiality seriously. This privacy policy explains how Yes Health Ltd uses your “personal data” when you use our services. We’ve tried to make our privacy policy simple, clear and easy to read.

We may make changes from time to time, and you should check back here regularly to keep up-to-date. We provide a link to this policy in our emails to customers when they register with us or make purchases, so you can access this information easily.

We may, from time-to-time, highlight major changes to you by email or other routes, depending on your communication preferences.

Who we are, how to contact us and our Data Protection Officer

We are Yes Health Ltd., a privately-owned company with our principal office at 10 Bolton Road West, Ramsbottom, Bury, BL0 9ND and our registered company number is 11674872.

You can find out more about us by clicking ‘about us’. You can also contact us via social media.

What personal data do we hold?

Yes Health Ltd will only ever ask for personal data if it is required for a specific purpose; with that in mind we have created a full list of all the kinds of personal data that we may ask you to provide in order to achieve those purposes. The kinds of personal data we may collect are:

Data subject type:

Data categories:

Job applicant

Name, address, telephone, email, work and education history.

Customer

Name, address, telephone, email, date of birth, gender, ethnicity, occupation, health data, medical history, blood test results, customer interactions.

Subscriber / Prospect

Name, address, telephone, email, health data, customer interactions, ethnicity, occupation, gender.

Medical contact

Name, address, telephone, email

Supplier

Name, address, telephone, email

Sub-Contractor – Medical Contacts

Name, address, telephone number, email address, work experience, education history, national insurance number, passport details, driver’s license information which may include details of driving offenses, vehicle registration details, bank details, VAT information.

What we do with your personal data

We will use personal data firstly to fulfil any contractual obligations that exist between us and you; where we request personal data be provided to meet the terms of any such contract you will be required to provide the relevant personal data or we will not be able to deliver the goods and/or services you want. In such cases the lawful basis of us processing the personal data is that it is necessary for the performance of a contract.

We may also process your personal data in accordance with our legitimate business interests; this is on the considered measure that we need the personal data to achieve the various purposes and that it could be reasonable for an individual to expect their data to be used for those purposes.

Our data processing activities conducted on the lawful basis of ‘ legitimate interests’ are:

  • To provide you with goods and services you are looking for
  • To inform you of other goods and services we provide, or offers that may interest you (direct marketing).
  • To send notifications on subjects you have subscribed to, or otherwise asked us to keep you informed of.
  • To improve the quality of the services we offer, and to better understand our customers’ needs by requesting feedback, or requesting you review the services we have provided, or we may send survey forms that we ask you to complete.
  • To notify you of any changes to the goods and/or services we provide, or have provided, that may affect you.
  • To allow us to understand the scale and range of our customer base; for statistical analysis and market research.
  • To recognise when customers re-engage with our services.
  • To allow us to support and maintain our products in active service.
  • To provide reference information to third party organisations where you request us to do so.
  • To enable us to improve our website so content is delivered more efficiently.
  • To enhance the security measures in place that protect data we are responsible for.
  • To investigate any insurance claims.
  • To protect the company’s assets.

We may also process your personal data in order for Yes Helath Ltd to comply with our various legal obligations; this might include:

  • Providing for financial commitments between us and you, or to relevant financial authorities.
  • Complying with industry regulatory requirements and any self-regulatory schemes.
  • Carrying out required business operations and due diligence; e.g. administration, security, reorganisations, investment or corporate/asset sales.
  • Cooperating with relevant authorities for reporting criminal activity, or to detect and prevent fraud.

We process personal data for the following reasons where it is necessary to protect your own, or another person’s, vital interests, or where it is necessary for the performance of tasks which are carried out in the public interest:

  • Ensuring that data subject can be identified and contacted if there are changes to medical knowledge.

Where we process special categories of personal data, other than where we have your consent to do so we shall be processing this data on one or more of the following lawful basis:

  • It relates to personal data which are manifestly made public by the data subject.
  • It is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or pursuant to contract with a health professional.

Where did we obtain your personal data?

Other than collecting data directly from you; We may gather personal data from sources including:

  • Technical sources that gather data over time when you visit our online platforms.
  • Some platforms may make use of your various device settings that allow us to identify your geographical location, these systems use technology such as IP Address mapping, WiFi, GPS signals and cell tower positioning.

What information does our online platform collect?

Below you can see the types of customer and technical data that our online platform collects, with examples.

  • Cookie Identifiers include Exponea_cookie; GoogleAnalytics_ID; GlobalE_cookie; hotjar_cookie.
  • Identity Data includes first name, last name and gender.
  • Contact Data includes delivery address, email address and telephone numbers.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. These do not include bank details.
  • Technical Data includes internet protocol (IP) address, browser type and version, location by country, operating system and device details.
  • Profile Data includes your orders and type of product purchased.
  • Usage Data includes information about how you use our website, such as what products you have viewed and whether you have updated your basket.
  • Preferences Data includes your consent preferences in receiving marketing from This helps us to manage our relationship with you and ensures you only receive communications from us that are relevant and timely.

What do we use your information for?

Activity

Purpose of Activity

The basis for lawful processing; including legitimate interest

Newsletter

To use Contact Data to periodically inform you about the latest health news and relevant products through E-Mail.

Our legitimate interests, to communicate with our core customers.

Latest Offers

To use Contact Data and Transactional Data to inform you of time-limited discount opportunities.

Our legitimate interests, to inform our customers of our discount merchandise.

Transactional

To use Identity Data, Contact Data and Transactional Data to keep you up to date with your order and results.

Our legitimate interests, to inform our customers of the progress of their order and their results.

Targeting

To use product details of your Usage, Transactional and Technical data to target you with specific offers; for example, a sale of product related to your previous purchases.

Our legitimate interests, to ensure that we are communicating the most relevant message to you based on our interactions.

Re-targeting

To use Contact Data to re-target audiences with announcements and marketing offers on platforms including “Facebook”.

Our legitimate interests, to communicate with you on Social Media and retargeting platforms.

Email Personalisation

To use your Identity, Technical, Usage, Transactional Data to personalise our communication with you via Email.

Our legitimate interests, to ensure we communicate with you as a brand that remembers our interactions and makes available the most relevant content, products and offers.

On-Site Personalisation

To use your Identity, Technical, Usage, Transactional Data to personalise our communication with you on-site.

Our legitimate interests, to ensure we communicate with you as a brand that remembers our interactions and makes available the most relevant content, products and offers.

Website Analytics

To use data analytics to improve our website, products/services, marketing and communications with you.

Our legitimate interests, to keep our records updated and to study how customers use our products/services.

Who we share your personal data with (“recipients of your personal data”)

In order to achieve the above stated purposes for which we process your personal data, we may need to share your personal data with various third-party service providers who act as data processors.

As part of the transaction process, we automatically verify some data you provide us with to complete your transaction with external organisations – for instance, if you buy using a credit or debit card, our systems automatically check the details you have provided are correct with your credit or debit card supplier. They don’t get to see what specific items you have purchased.

We work with a number of trusted third-parties to ensure that the experience we give on-site is relevant, optimised and useful to you. These third-party products include Google Analytics, Google Ads, Facebook, Exponea, Hotjar among others.

We never sell customers’ details to other organisations.

In the event that we sell or reorganise our business, or if otherwise required by law or by an authorised regulator, we may transfer your personal data as a part of the general business data to the relevant parties.

Your rights – how you can control how we use your personal data, your rights and how to find our information we hold about you

We want you to be happy and confident with how your information is being handled. There are several rights granted to you immediately upon providing us with your personal information; these are mentioned below. We’d like you to know that at Yes Health Ltd we take your rights as a Natural Person seriously and will always conduct ourselves in a way that is considerate of our responsibility to serve your legal rights.

You have the Right of Access:

This grants you the right to confirm whether or not your personal data is being processed, and to be provided with relevant details of what those processing operations are and what personal data of yours is being processed.

If you would like access to the personal data we have about you, we ask that you contact us by using any of the details below.

The Right to Rectification:

If you notice that the data we have about you is inaccurate or incomplete, you may request we rectify the mistake. We will make every effort to respond to requests of this type immediately.

The Right to Objection:

The right to object is a basic freedom all democracies enjoy. If you wish to object to the way we use, or have used, your personal data you may do so freely.

The Right to Portability:

This is a legal right afforded to you that states we must pass on all of the details you have provided to us in a machine-readable format, either to your or to another provider of your choosing.

The Right to Complain:

We will always try to maintain the highest standards and encourage the confidence our customers have in us as an organisation. In order that we can achieve this we do request that any complaints be first brought to our attention so we can properly investigate matters; if however you would like to complain about Yes Health Ltd to a supervisory authority you may do so by contacting the Information Commissioners Office on 0303 123 1113, or any of the other reporting methods listed on their website:

Our Contact Details:

If you wish to get in touch with Yes Health Ltd, please do so with any of the following contact details:

Address: Yes Health Ltd

10 Bolton Road West

Ramsbottom

Bury

BL0 9ND

Telephone: 0161 706 0222

Email: info@theplacebo.clinic

Transfers of personal data to foreign countries

From time to time we may make use of service providers to support our business delivery, for instance, website hosting and analytics. These may be based outside the European Economic area. We have contracts in place with our data processors to ensure that the recipient organisation has a suitable standard of data protection in place. Our service providers cannot do anything with your personal data unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Yes Health Ltd will not transfer your personal data to any country outside the European Union (EU) other than those that have been granted an adequacy decision under the General Data Protection Regulation (GDPR).

How long we store your personal data

Your account stores details of your purchases. You can control the visibility of purchases you have made in the past, but we may keep information about purchases you have made for longer, for instance in case you have a complaint or query about a test you have bought from us.

We will keep your personal data only:

  • For as long as required in order to achieve the purposes for which it was gathered, in line with this privacy notice.
  • Until the organisation is no longer required to do so in order to comply with any regulatory requirements or financial obligations it is subject to.
  • Until all purposes for which the data was originally gathered have become irrelevant or obsolete with a minimum of 8 years.

For determining when personal data should be erased, we shall take the following into consideration:

  • The amount of and sensitivity of the personal data that we have.
  • The amount of harm that could be caused by a data breach.
  • The benefits of the purposes the data is being used for any legal requirements that we are bound to.

You may request that we erase your personal data an anytime, though in cases where there is a remaining relevant or legal reason why we are required to keep the data, we may opt to restrict the amount of processing being conducted to what is absolutely necessary, in line with your legal rights in order to minimise the impact the processing will have.

Automated decision-making

As an online provider, we make use of automated computer systems and processes to complete your transactions with us.

We may use some of the information you provide us, such as your age or sex, to provide you with offers which we believe are more likely to be relevant to you in the future. For instance, if you have bought a Product, we may use the fact of that purchase to suggest other Products that you may like to buy.

Children and young people

Our site is not intended for and shall not be used by anyone under the age of 18.

 

We use cookies to ensure you get the best experience on our website.

search previous next tag category expand menu location phone mail time cart zoom edit close