Privacy policy
Please read this privacy policy along with any other privacy notices we may provide, so you fully understand how and why we use your personal data.
1. Introduction
Welcome to FutureYou Cambridge. We value your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use and safeguard your information when you visit our website, futureyouhealth.com and purchase our products.
This website is operated by Cambridge Nutraceuticals Ltd, a company incorporated in England with company number 07322398 and whose registered office is Suite 4, 23 King Street, Cambridge, CB1 1AH, England.
For the purpose of the Data Protection Act 2018, the data controller is Cambridge Nutraceuticals Ltd. We have appointed a Data Protection Officer (DPO) to handle any questions or concerns regarding this privacy policy. If you have any questions or wish to exercise your legal rights, please refer to the 'Contact Information for Data Protection Officer (DPO)’ section below.
2. Data We Collect
We collect various types of information to provide and improve our service to you:
- Personal Identification Information: Name, date of birth, email address, phone number and postal address.
- Payment Information: Payment card or bank details and billing address for processing transactions.
- Technical Data: Website user information including IP address, browser type, version and usage data.
- Marketing and Communications Data: Preferences for receiving marketing from us and your communication preferences.
3. How We Collect Your Data
We collect data in the following ways:
- Direct Interactions: When you register on our website, place an order, subscribe to our newsletter or participate in surveys.
- Automated Technologies: As you interact with our website, we collect technical data about your equipment, browsing actions and patterns.
- Third Parties: We may receive personal data about you from third parties including analytics providers and advertising networks.
4. How We Use Your Data
We use your data for various purposes:
- Order Processing: To manage and deliver your orders.
- Customer Service: To provide customer support and respond to inquiries.
- Product Development: To help improve our product formulations and efficacy.
- Marketing: To provide you with information about goods and services we offer that are similar to those you have already purchased or inquired about.
- Website Improvement: To analyse how users interact with our website to improve functionality and user experience.
5. Legal Bases for Processing Your Data
We rely on the following legal bases for processing your personal data:
- Consent: When you have given clear consent for us to process your personal data for a specific purpose.
- Contract: When the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract.
- Explicit Consent: When you have given clear and specific consent for us to process your sensitive personal data for a designated purpose.
- Legal Obligation: When the processing is necessary for us to comply with the law.
- Legitimate Interests: We may use your information when it is in our legitimate interests (or those of a third party) to do so, provided this use does not unfairly impact your interests or fundamental rights.
6. Sharing Your Data
We may share your personal data with the following parties:
-
Service Providers: Third-party vendors that perform services on our behalf such as payment processing and delivery including but are not limited to:
- Cookie Data Processors, including Google, Microsoft, Facebook. Marketing Data Processors, including Shopify, Amazon Web Services, Trustpilot and Ometria.
- Order Processing Data Processors, including Shopify, Stripe, Mention Me, Trustpilot and Zendesk.
- Management Information Data Processors, including Netsuite, Google and Amazon Web Services.
- Professional Advisers: Lawyers, bankers, auditors, insurers and consultants.
- Regulatory Authorities: When required by law or to enforce our legal rights.
- Other: Publicly on our website, social media platforms, or other marketing and informational media (when appropriate).
7. International Data Transfers
Where necessary, personal information may be transferred outside of the UK or European Economic Area (EEA). Both we and our data processors comply with the UK GDPR, ensuring appropriate safeguards are in place, including:
- Adequacy Decision: We transfer your data to countries deemed to provide an adequate level of data protection by the European Commission.
- Standard Contractual Clauses: We use contracts approved by the European Commission to ensure your data has the same protection it receives in the EEA.
- Further Details: We ensure a similar level of protection for your data and comply with the General Data Protection Regulation (GDPR) whenever it is transferred out of the EEA.
8. Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. These measures include Malware Scanning, encryption and access controls.
We restrict access to your personal data to employees, agents, contractors and other third parties who need it for business purposes. They will only process your data according to our instructions and are bound by confidentiality obligations.
We have procedures in place to deal with any suspected data breach. We will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
The types of data we collect are: address, communication notes, communication preferences, consent records, cookie data, date of birth, email, encrypted passwords, enquiry notes, health data (only in the context of targeted surveys with explicit consent), name, order history, order notes, payment details, phone number, product subscriptions, purchased products, username and website activity. "All data" refers to the entire list of data types we collect.
The retention periods for different types of personal data required to support user journeys are as follows:
| Purpose of Collection | Data Type | Legal Basis for Processing | Retention Period | Additional Information |
|---|---|---|---|---|
| Marketing | Cookie Data | Consent Legitimate interests |
18 months or until withdrawal of consent | |
| Marketing - Newsletter signup | Consent | Until withdrawal of consent | We keep the email but make a record not to communicate. | |
| Automated marketing (sms and email) | Email, order history, phone number, website activity | Consent | Until withdrawal of consent | We keep the email but make a record not to communicate. |
| Phone and email inquiries | Address, email, enquiry notes, name, phone number | Consent Legitimate interests |
Until withdrawal of consent | Request removal of data via phone or email. |
| Order over the phone or email, Service communications | Address, email, name, order notes, payment details, phone number, products purchased | Contract Legal obligation |
At least seven years to comply with the Limitation Act of 1980 | |
| Website account creation | Address, communication preferences, email, name, phone number | Consent | Until withdrawal of consent | Request removal of data via phone or email. |
| Order on the website, Service communications | Address, email, name, order notes, payment details, phone number, products purchased | Contract Legal obligation |
At least seven years to comply with the Limitation Act of 1980 | |
| Consent management | Communication preferences, consent records | Legal obligation | Indefinitely | |
| Customer identification | Encrypted password, name, previous order data, username | Legitimate interests | Until account termination | Request removal of data via phone or email. |
| Website account management | Address, communication preferences, date of birth, email, encrypted password, name, payment details, phone number, product subscriptions, username | Consent Contract |
Until withdrawal of consent or account termination | Request removal of data via phone or email. |
| Complaint management | Address, communication notes, communication preferences, date of birth, email, name, payment details, phone number | Contract Legal obligation Legitimate interests |
Indefinitely | |
| Service and product reviews | Email, purchased product | Consent | Until withdrawal of consent (with Trustpilot who is the data controller) | Managed on the Trustpilot website. |
| Customer surveys | Email, personal information (on a survey by survey basis) | Explicit Consent | Until withdrawal of consent | Request removal of data via phone or email. |
| Website personalisation | All data | Consent | Until withdrawal of consent | Request removal of data via phone or email. |
The retention periods for different types of personal data required to support management processes are as follows:
| Purpose of Collection | Data Type | Legal Basis for Processing | Retention Period | Additional Information |
|---|---|---|---|---|
| Management information | All data | Legitimate interests | Indefinitely | |
| Defence against legal claims | All data | Legitimate interests | Indefinitely | |
| Compliance, internal audit, legal and regulatory purposes | All data | Legal obligation Legitimate interests |
Indefinitely |
At the end of the retention periods, your data will be either fully deleted or anonymised. This anonymisation process involves aggregating your data with other data, ensuring it is used in a non-identifiable manner for purposes such as statistical analysis and business planning.
10. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of your legal rights, please see our Data Protection Officers details below.
Accessing your personal data (or exercising any other rights) is free of charge. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. In such cases, we may also refuse to comply with your request.
To confirm your identity and ensure your right to access your data, we may request specific information. This security measure prevents unauthorised access to your data. We may also ask for additional information to expedite our response.
We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made multiple requests, it may take longer and we will keep you informed.
11. Cookies
Our website uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website and allows us to improve our website.
What are cookies?
Cookies are small files transferred to your computer by websites to recognise your browser and remember certain information. By continuing to browse, you agree to our use of cookies.
Types of cookies we use:
We use session cookies that last only during your visit and are deleted when you log out of the website or when they expire. These cookies help us recognise visitors, administer the website, improve usability, analyse traffic and track platform performance. We also use persistent cookies, which remain on your device until deleted or expired, to keep items in your basket and allow seamless activity across devices.
We use a combination of first and third party cookies. For example, Google Analytics helps us gather website usage statistics, Ometria is used for personalised marketing if you have opted in, Mention Me tracks refer-a-friend activities. Other cookies from services like Facebook and Bing are also used, and you should check their websites for specific details.
How we use cookies:
We use cookies to remember items in your shopping basket, save user preferences, track advertising effectiveness and compile data to improve website experiences and tools. Additionally, cookies help us tailor offers and ads based on your preferences.
Cookie safety and control:
Cookies do not identify you or give access to your computer. To manage your cookie preferences, please click the cookie icon in the bottom left corner of your browser window. You can also adjust your preferences through your browser settings. Please note that disabling cookies may affect how the website functions.
12. Third-Party Links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to review the privacy policies of any website you visit.
13. Children's Data
Our website is not intended for children and we do not knowingly collect data relating to children. If we become aware that we have collected personal data from a child, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child, please contact us.
14. Contact Information for Data Protection Officer (DPO)
If you have any questions about this privacy policy or our privacy practices, please email us at [email protected] or write to us with your letter addressed to: Data Protection Officer, Suite 4, 23 King Street, Cambridge, CB1 1AH, UK.
If you have any concerns about our use of your personal data, you have the right to file a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
UK
Helpline: 0303 123 1113
Website: ico.org.uk/make-a-complaint
We would, however, appreciate the chance to address your concerns before you approach the ICO.
15. Our Contact Details
If you have any questions about this privacy policy, you can reach us using the contact details provided below.
FutureYou Cambridge
20 Station Road
Cambridge
CB1 2JD
UK
Email: [email protected]
Telephone UK: 0800 808 5740
Telephone outside the UK: +44 (0) 1223 750 874
16. Changes to this Privacy Policy
We regularly review and update our privacy policy and encourage users to revisit it periodically for the latest updates. This privacy policy was last updated on the 20th June 2025.