GDPR Compliance Statement

Effective Date: January 1, 2026

Our Commitment to Data Protection

Heath-fable.com is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR principles.

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent: You have given clear consent for processing your personal data
• Contract: Processing is necessary for a contract with you
• Legal Obligation: Processing is necessary to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate business interests

Data We Collect

We collect and process the following categories of personal data:

• Identity data including name and title
• Contact data including email address and business address
• Technical data including IP address and browser information
• Usage data showing how you use our website and services
• Marketing and communications preferences

Your GDPR Rights

Under GDPR, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Request transfer of your data to another organization
• Right to Object: Object to processing of your personal data
• Rights Related to Automated Decision Making: Rights regarding automated decisions

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular security assessments
• Access controls and authentication
• Staff training on data protection

International Data Transfers

When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place to protect your information.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children.

Contact Our Data Protection Officer

For questions about how we handle your personal data or to exercise your rights, contact us at [email protected].

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.