Privacy Policy

1. Introduction

GSK Private Coach ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: GSK Private Coach

Contact:

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contract with you (e.g., order processing, service delivery)
• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications)
• Legal Obligation: Processing required to comply with legal obligations (e.g., tax records, consumer protection laws)
• Legitimate Interest: Processing necessary for our legitimate business interests (e.g., fraud prevention, website security)

3. Personal Data We Collect

3.1 Email Address (Login Only - No Registration Required)

No Registration Required: You do not need to create an account or set a password to use our service.

We only collect your email address for:

• Login via Verification Code: We send a one-time code to your email for secure login
• Order Tracking: Access your order history using your email
• Order Updates: Receive order confirmations and shipping notifications

No Password Storage: Since we use email verification codes for login, we do not store any passwords.

3.2 Delivery Information (Only When You Purchase Physical Products)

When you place an order for physical products that require shipping, we collect:

• Recipient Name: For delivery purposes
• Phone Number: For delivery coordination and courier contact
• Delivery Address: Street address, city, postcode, country

Important:

• This information is collected only at checkout when you purchase physical products
• For digital services or in-person appointments, no delivery information is collected
• You can use different delivery addresses for different orders
• We do not create a permanent "address book" - addresses are linked only to specific orders

3.3 Payment Information

Important: We do NOT collect, store, or process any payment card information. All payment transactions are handled directly by certified payment processors:

• Stripe: PCI-DSS Level 1 certified payment processor
• PayPal: Secure payment platform

We only receive and store:

• Transaction ID: Reference number from the payment processor
• Payment Status: Whether payment was successful
• Payment Amount: Total amount paid
• Payer Email: Email address provided to the payment processor

Your credit card numbers, CVV codes, and other sensitive payment details are never transmitted to or stored on our servers.

3.4 Order Information

For order management purposes, we store:

• Order Details: Products/services purchased, quantities, prices
• Order Status: Current status of your order (pending, paid, shipped, completed)
• Customer Notes: Any special instructions you provide

3.5 Verification Codes (Temporary)

When you request a login code:

• Verification Code: 6-digit code sent to your email
• Expiration: Valid for 10 minutes only
• Automatic Deletion: Codes are automatically deleted after expiration or successful use

Security: Each code can only be used once and expires quickly to prevent unauthorized access.

3.6 Technical Data (Minimal)

We automatically collect limited technical data:

• IP Address: For security and fraud prevention (stored for 90 days)
• Last Login Time: To help you track account activity
• Session Data: To maintain your logged-in state (expires after 30 days of inactivity)

We do NOT collect: Browser fingerprints, device IDs, detailed browsing history, or tracking data.

3.7 Cookies

We use minimal cookies:

• Essential Cookies Only: Session management, shopping cart, login state
• No Tracking Cookies: We do not use analytics, advertising, or third-party tracking cookies
• No Cross-Site Tracking: We do not track your activity across other websites

4. How We Use Your Data

We use your personal data only for the following purposes:

4.1 Login and Authentication

• Email Verification Login: Send one-time verification codes to your email for secure login
• Session Management: Maintain your logged-in state during your visit
• Order History Access: Allow you to view your past orders using your email

No Account Creation: We do not create traditional user accounts with passwords. You simply use your email to log in each time.

4.2 Order Processing

• Process your orders and service bookings
• Coordinate delivery (for physical products only)
• Track order status
• Handle returns and refunds when applicable

4.3 Essential Communication

• Send order confirmations
• Send shipping updates (for physical products)
• Send booking confirmations (for services)
• Respond to your inquiries and support requests

Note: We do NOT send marketing emails or promotional communications unless you explicitly opt-in.

4.4 Security

• Detect and prevent fraudulent transactions
• Monitor for suspicious login attempts
• Protect against unauthorized access

4.5 Legal Compliance

• Comply with tax and accounting requirements (order records retained for 7 years)
• Respond to legal requests and court orders
• Enforce our Terms of Service

5. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal data to third parties.

We only share your data in the following limited circumstances:

5.1 Payment Processors (No Data Stored by Us)

When you make a payment, you are redirected to certified payment processors:

• Stripe: PCI-DSS Level 1 certified - handles all payment card information
• PayPal: Secure payment platform - handles all payment information

Important: Your payment card details (card number, CVV, expiry date) are entered directly on the payment processor's secure platform. We never see or store this information.

The payment processor shares with us only:

• Transaction ID (reference number)
• Payment status (success/failure)
• Payment amount
• Payer email address

5.2 Shipping Companies (Physical Products Only)

If you order physical products, we share delivery information with shipping companies:

• Recipient name
• Delivery address
• Phone number

This information is shared only for the purpose of delivering your order.

5.3 Email Service

We use email service providers to send transactional emails (order confirmations, shipping updates). They process your email address only for this purpose.

5.4 Legal Requirements

We may disclose your data when required by law, court order, or government regulation.

5.5 No Other Sharing

We do NOT share your data with:

• Advertising networks
• Analytics companies
• Social media platforms
• Data brokers
• Marketing companies

6. Data Retention

We retain your personal data only as long as necessary:

• Email Address: Retained as long as you have orders in our system; can be anonymized upon request (subject to legal requirements)
• Verification Codes: 10 minutes (automatically deleted after expiration or use)
• Order Records: 7 years (required by tax and accounting regulations)
• Delivery Information: 7 years (linked to order records for legal compliance)
• Payment Transaction IDs: 7 years (for financial record-keeping)
• Session Cookies: 30 days after last activity (then automatically deleted)
• IP Address Logs: 90 days (for security purposes, then automatically deleted)

Data Deletion Request: You can request to anonymize your email address. Your order records will be retained for legal compliance, but your email will be replaced with "deleted_user@anonymous.local".

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

7.1 Right to Access

You can request a copy of all personal data we hold about you (email address, order history, delivery addresses).

7.2 Right to Rectification

You can request correction of inaccurate data. Since we don't store permanent profiles, you can simply use a different email or provide corrected delivery information on your next order.

7.3 Right to Erasure ("Right to be Forgotten")

You can request anonymization of your email address. Note: Order records must be retained for 7 years for legal compliance, but your email will be replaced with "deleted_user@anonymous.local".

7.4 Right to Restrict Processing

You can request that we limit how we use your data.

7.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

7.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

7.7 Right to Withdraw Consent

You can withdraw consent at any time for processing based on consent.

7.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority.

To exercise your rights, contact us at:

8. Data Security

We implement strong security measures to protect your data:

• HTTPS Encryption: All data transmitted over secure SSL/TLS connection
• Email Verification Login: No passwords to steal - login via one-time codes sent to your email
• Code Expiration: Verification codes expire after 10 minutes and can only be used once
• No Payment Data Storage: We never store credit card information - all payment processing handled by PCI-DSS Level 1 certified processors (Stripe, PayPal)
• Access Control: Limited access to personal data on a need-to-know basis
• Regular Backups: To prevent data loss
• Security Monitoring: Monitoring for suspicious login attempts and fraudulent activity
• Session Security: Automatic logout after 30 days of inactivity

Payment Security: When you enter payment information, you are on the payment processor's secure platform (Stripe or PayPal), not our website. These processors are certified to the highest security standards (PCI-DSS Level 1).

Why Email Verification is Secure: This method eliminates password-related risks (weak passwords, password reuse, password theft). Each login requires access to your email account, providing strong two-factor authentication.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure adequate protection through:

• EU-approved Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Automated Decision-Making and Profiling

We do NOT use:

• Automated decision-making
• User profiling
• Behavioral tracking
• Predictive analytics
• Targeted advertising

All decisions regarding your orders and account are made by humans, not algorithms.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing any personal data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notification for material changes (if you have an account)

14. Cookie Management

We use only essential cookies - no tracking or advertising cookies.

Essential cookies are necessary for:

• Maintaining your login session
• Keeping items in your shopping cart
• Remembering your language preference

You can control cookies through your browser settings:

• Block All Cookies: Will prevent login and shopping cart functionality
• Delete Cookies: Will log you out and clear your cart

No Consent Required: Since we only use essential cookies (required for website functionality), no cookie consent banner is needed under GDPR.

15. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact:

• Email:

Data Protection Officer: If applicable, contact details will be provided here.

16. Related Documents

Please also review our Terms of Service to understand the rules and conditions for using our service.