At RUHE, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you use our website www.ruhe.uk ("Website"), engage with our services, or purchase our products.

This Privacy Policy explains:

• What personal data we collect about you.
• How we obtain your personal data.
• How we use your personal data.
• The legal bases for processing your personal data.
• How we disclose your personal data.
• International data transfers.
• How we ensure your privacy is maintained.
• Your legal rights relating to your personal data.
• How to contact us with any queries or concerns.

By using our Website or providing your information, you agree to the terms of this Privacy Policy.

We are a UK-based company specialising in food supplements sold directly through our Shopify store at www.ruhe.uk. We tailor our products to customers using quizzes to better understand your needs. For the purposes of data protection laws, Ruhe health ltd ("RUHE", "we", "us", or "our") is the "data controller" of your personal information.

Contact Details:

• Email: support@ruhe.uk
• Postal Address: Ruhe, Unit 133228, PO Box 7169, Poole, BH15 9EL, United Kingdom

We collect personal data in several ways:

3.1 Information You Provide Directly

• Account Registration: When you create an account, we collect your name, email address, postal address, telephone number, and password.
• Quizzes and Surveys: Information you provide when completing quizzes, surveys, or feedback forms, which may include health-related information to tailor our products to your needs.
• Purchases: Transaction details when you purchase our products, including payment information.
• Communications: Records of your correspondence with us via email, phone, or chat.
• Newsletter Sign-Up: Your email address when you subscribe to our newsletter.
• Promotions: Details you provide when participating in our promotions.
• Customer Support: Information you provide when seeking customer support.

3.2 Information Collected Automatically

• Technical Data: IP address, browser type, time zone setting, operating system, and platform.
• Usage Data: Information about how you use our Website, products, and services.
• Cookies and Similar Technologies: We use cookies to collect data about your browsing activities. (See Section 7 on Cookies for more details.)

3.3 Information from Third Parties

• Social Media Platforms: If you interact with us through social media (e.g., Facebook, Instagram), we may receive information based on your privacy settings on those platforms.
• Third-Party Services: Information from service providers that assist us with analytics, advertising, or payment processing.

• Identity Data: First name, last name, username or similar identifier, title, date of birth, and gender.
• Contact Data: Billing address, delivery address, email address, and telephone numbers.
• Financial Data: Payment card details and transaction histories.
• Profile Data: Purchases or orders made by you, your interests, preferences, feedback, and survey responses.
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
• Usage Data: Information about how you use our Website, products, and services.
• Marketing and Communications Data: Your preferences in receiving marketing from us and third parties and your communication preferences.
• Health Data: Information relating to your health provided in quizzes and surveys, used to tailor our products and services to your needs.

We will only use your personal data when the law allows us to. Common uses include:

• To Fulfil Contracts: Processing and delivering your orders, managing payments, and providing customer support.
• Legitimate Interests: Improving our Website, products, services, marketing, and customer relationships.
• Legal Compliance: Complying with legal obligations, such as tax and accounting requirements.
• With Your Consent: Sending marketing communications if you have opted in.

Specific Purposes:

• Account Management: To create and manage your account.
• Personalisation: Tailoring our products and services to your preferences, including using quiz responses.
• Marketing Communications: To send you updates, promotions, and news if you have consented.
• Analytics: To study how customers use our Website and improve user experience.
• Security: To protect our business and Website, including fraud prevention and troubleshooting.

Under the UK GDPR, we rely on the following legal grounds:

• Consent: When you have given clear consent for us to process your personal data for a specific purpose, such as for marketing communications or processing special category data (e.g., health data).
• Processing of Special Category Data (Health Data): When we collect and process health-related information through quizzes, we rely on your explicit consent, in accordance with Article 9(2)(a) of the UK GDPR. By completing the quiz, you provide your explicit consent for us to process this information to tailor our product recommendations. You can withdraw your consent at any time by contacting us at support@ruhe.uk, though this may affect our ability to provide personalised recommendations.
• Contractual Necessity: Processing is necessary for the performance of a contract with you, such as for order fulfilment, account creation, or customer support.
• Legal Obligation: Processing is necessary to comply with legal obligations, such as tax, accounting, or regulatory requirements.
• Legitimate Interests: Processing is necessary for our legitimate interests to improve our Website, products, services, marketing, and customer relationships. This includes personalising your experience, fraud prevention, and maintaining the security of our services.

Category of Personal Data: Identity Data (e.g., name, date of birth)
Purpose: Account creation, order processing, customer support
Legal Basis: Contractual necessity

Category of Personal Data: Contact Data (e.g., email, address)
Purpose: Communicating with you about your orders and services
Legal Basis: Contractual necessity

Category of Personal Data: Financial Data (e.g., payment details)
Purpose: Processing payments for your orders
Legal Basis: Contractual necessity

Category of Personal Data: Profile Data (e.g., purchase history)
Purpose: Personalisation, feedback, and survey responses
Legal Basis: Legitimate interest

Category of Personal Data: Technical Data (e.g., IP address)
Purpose: Website functionality and security
Legal Basis: Legitimate interest

Category of Personal Data: Usage Data (e.g., browsing behaviour)
Purpose: Analytics, improving services
Legal Basis: Legitimate interest

Category of Personal Data: Health Data (e.g., some quiz responses)
Purpose: Personalising product recommendations
Legal Basis: Explicit consent (special category data)

Category of Personal Data: Marketing Data (e.g., email preferences)
Purpose: Sending marketing communications
Legal Basis: Consent

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our Website. They help us provide a better user experience by remembering your preferences and visits.

7.2 Types of Cookies We Use

• Essential Cookies: Necessary for the operation of our Website (e.g., shopping cart functionality).
• Performance Cookies: Collect anonymous data on how visitors use our Website to improve its performance.
• Functionality Cookies: Remember your preferences to personalise your experience.
• Targeting Cookies: Track your browsing habits to deliver relevant advertising.

7.3 Managing Cookies

We will only use non-essential cookies (such as performance, functionality, and targeting cookies) with your consent, which will be requested when you first visit our Website. You can manage your cookie preferences through our cookie banner, where you can choose to accept or reject these cookies.

You can manage or disable cookies through your browser settings. However, disabling cookies may affect the functionality of our Website.

For more information on how to manage cookies, visit www.allaboutcookies.org.

We may share your personal data with:

8.1 Service Providers

Third-party companies that provide services on our behalf, such as:

• Payment Processing: Shopify Payments.
• Delivery Services: Royal Mail, DPD.
• Marketing Platforms: Email service providers for newsletters and promotions.
• Analytics Providers: Google Analytics for website performance monitoring.

8.2 Legal Requirements

• Compliance: When required by law to disclose your personal data.
• Protective Measures: To enforce our terms and conditions or protect the rights, property, or safety of RUHE, our customers, or others.

8.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your personal data may be transferred to a third party.

We primarily store and process your data within the UK and the European Economic Area (EEA). However, some of our service providers, such as Shopify, may process your data outside the UK and EEA. We rely on our service providers' compliance with the UK GDPR for these transfers. Importantly, we rely on safeguards such as Standard Contractual Clauses (SCCs) to ensure that your personal data is protected when transferred outside the UK or EEA. When we transfer your data outside the UK or EEA, we will ensure it is protected by:

• Adequacy Decisions: Transferring to countries recognised by the UK as providing adequate data protection.
• Standard Contractual Clauses: Using approved contractual clauses that offer sufficient data protection safeguards.
• Binding Corporate Rules: Where applicable, our service providers may have in place binding corporate rules approved by a data protection authority.

You have the right to request further information on, or obtain a copy of, the specific safeguards in place for the international transfer of your personal data. To make such a request, please contact us at support@ruhe.uk.

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These measures include:

• Encryption: Securing data transfers with SSL technology.
• Access Controls: Limiting access to personal data to authorised personnel only.
• Regular Monitoring: Implementing procedures to deal with any suspected data breaches.

While we strive to protect your personal data, we cannot guarantee its absolute security. Any transmission is at your own risk. In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by the UK GDPR.

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting requirements.

• Order Information: Kept for at least six years to comply with tax and legal obligations.
• Marketing Data: Retained until you unsubscribe or request deletion.
• Account Information (including quiz responses): Retained as long as your account remains active or as needed to provide you services.

We may anonymise your personal data (so it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Under the UK GDPR, you have the following rights regarding your personal data:

• Right to be Informed: You have the right to be informed about the collection and use of your personal data.
• Right of Access: Request access to your personal data and receive a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data where there is no lawful reason for us to keep it.
• Right to Restrict Processing: Request us to suspend processing your personal data under certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format, and have the right to transmit those data to another controller.
• Right to Object: You have the right to object to our processing of your personal data where we rely on legitimate interest as the legal basis. This includes objecting to any profiling we perform based on these legitimate interests, such as for marketing purposes. If you object, we will stop processing your personal data for these purposes unless we can demonstrate compelling legitimate grounds that override your rights. You also have the right to object to direct marketing, and we will stop sending you marketing communications immediately upon your objection. You also have the right to object to our processing of your personal data for research or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.
• Rights in Relation to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
• Right to Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your personal data.

To exercise your rights, including submitting a Data Subject Access Request (DSAR) to access a copy of your personal data, please contact us at support@ruhe.uk. We may request specific information from you to verify your identity and ensure your right to access the data. We will respond to all legitimate requests within one month, in accordance with the UK GDPR. If your request is complex or you have made multiple requests, we may extend this period by up to two months, but we will notify you of this extension. We may charge a reasonable fee based on the administrative cost of providing the information or service if your request is manifestly unfounded, excessive, or repetitive. Alternatively, we may refuse to comply with your request if we can demonstrate that the request is manifestly unfounded or excessive.

We may use automated decision-making and profiling to tailor our products and services to your needs, particularly through the quizzes and surveys you complete on our Website.

• Automated Decision-Making: Automated processing of your personal data to evaluate certain aspects, such as quiz responses, to recommend suitable products.
• Profiling: Using your personal data to analyse or predict aspects concerning your personal preferences, interests, behaviour, or location.

This automated decision-making is based on the information you provide, and the consequences are that you receive product suggestions that we believe align with your reported wants and needs. You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or significantly affect you in a similar way. If you wish to object to such processing, please contact us at support@ruhe.uk.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract (for example, to deliver products to you). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

We may use your personal data to send you marketing communications if you have:

• Requested information from us.
• Purchased goods from us.
• Provided consent by opting in.

Opting Out

You can ask us to stop sending you marketing messages at any time by:

• Clicking the "unsubscribe" link in any email.
• Contacting us at support@ruhe.uk.

Please note that even if you opt out of receiving marketing messages, we may still send you non-promotional communications, such as emails about your account or orders.

Our Website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies when you visit them.

Our Website is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us to have it removed.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Please check back frequently to see any updates or changes. Your continued use of our Website after any modifications indicates your acceptance of the revised Privacy Policy.

We are not required to appoint a Data Protection Officer (DPO) under UK GDPR as we do not engage in large-scale processing of special category data or large-scale monitoring of individuals. If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: support@ruhe.uk
• Postal Address: Ruhe, Unit 133228, PO Box 7169, Poole, BH15 9EL, United Kingdom

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (www.ico.org.uk) at any time regarding our handling of your personal data. We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance. While we encourage you to contact us first to resolve any concerns, this right is available to you at all times.