Politique de confidentialité

USER PERSONAL DATA PROTECTION CHARTER

1. Definition and nature of personal data

When you use the website unfa-ltd.com (hereinafter referred to as the “Site”), we may ask you to provide personal data about yourself in order to access the services offered on the Site.

2. Purpose of this Charter

This Charter aims to inform you about the methods we use to collect your personal data, in full compliance with your rights.
We hereby inform you that we comply, in the collection and management of your personal data, with the Data Protection Act 2018 (UK law), the retained UK General Data Protection Regulation ("UK GDPR"), and, where applicable, the EU General Data Protection Regulation ("EU GDPR").

3. Identity of the Data Controller

The entity responsible for the collection and processing of your personal data is Unfa LTD , a company incorporated under the laws of England and Wales, registered with Companies House under number 16379578 , whose registered office is located at International House, 100 Menzies Road, Hastings, TN38 9BB, United Kingdom (hereinafter referred to as "We" or "Us").

4. What personal data do we collect?

In connection with the purposes set out below, we may collect the following categories of personal data:

• Identification Data : including your name, surname, gender, age, postal address, email address, and country;

• Payment Data : including your bank card information;

• Login Data : your passwords;

• Lifestyle and dietary habits : related to the use of dietary supplements;

• Order Data : including your order history and products recommended based on the online questionnaire results.

5. For what purposes, on what legal bases, and for how long do we retain your personal data?

• Legal bases :

  • Performance of pre-contractual measures at your request;

  • Execution of a contract concluded with you;
    

• Retention periods :

• • Data is retained for three (3) years.

  • Accounts are automatically deleted after two (2) years of inactivity or suspension.

  • For prospects: data is kept for three (3) years from collection or the last active contact.

  • Data may be anonymized for statistical purposes.

To process your orders, manage customer relations including contracts, deliveries, invoicing, loyalty programs, and customer service :

• Legal basis : Execution of the contract you have entered into.

• Retention periods :

  • Data is retained for three (3) years.

  • Accounts are automatically deleted after two (2) years of inactivity or suspension.

  • Data may be archived for evidentiary purposes for up to five (5) years.

  • Payment data is retained by our payment service provider for the duration of the subscription.

  • The CVV2 (card security code) is never stored .

To manage customer reviews and feedback on products, services, or content:

• Legal basis : Our legitimate interest in promoting and improving our services.

• Retention period :

  • Data is kept for three (3) years.

  • Data may be anonymized for statistical purposes.

To build a database of clients and prospects :

• Legal basis : Our legitimate interest in developing and promoting our activities.

• Retention periods :

  • Customers: data retained for three (3) years.

  • Prospects: data retained for three (3) years following last active contact.

To send newsletters, marketing solicitations, and promotional messages :

• Legal bases :

  • Our legitimate interest if you are an existing customer;

  • Your consent if you are not yet a customer.

• Retention period : Three (3) years from the last active contact.

To manage the exercise of your data protection rights :

• Legal basis : Our legitimate interest in complying with legal obligations.

• Retention periods :

  • ID documents (where required) are kept only for the time needed to verify your identity, then securely deleted.

  • Information about objections to marketing communications is retained for three (3) years.

To respond to information requests :

• Legal basis : Our legitimate interest in providing quality customer service.

• Retention period : Data retained for the duration of processing the request, then deleted.

To provide customer support via the Help Centre :

• Legal basis : Our legitimate interest in offering quality customer support.

• Retention period : Data retained for the duration of support processing, then deleted.

To compile commercial statistics and analyze service usage :

• Legal basis : Our legitimate interest in improving our services.

• Retention period : Data retained for the duration of the subscription.

When collecting personal data, mandatory fields are indicated. Failure to provide this mandatory data may impact the provision of services.

---

6. Containers of the collected data

The following entities have access to your personal data:

• Our internal teams and authorized personnel (including auditors);

• Our subcontractors and service providers, such as hosting providers (AWS and Google BigQuery), CRM systems, payment service providers, customer support platforms, logistics and fulfillment partners, customer review collection platforms, and telecommunication providers.

Public authorities may also access your data to comply with legal obligations, as well as judicial officers and debt collection agencies.

---

7. Data security

We implement all necessary organizational and technical security measures to protect the confidentiality, integrity, and security of your personal data, including measures to prevent unauthorized access, alteration, damage, or disclosure.
We use state-of-the-art secure payment systems in compliance with applicable regulations.

---

8. Data hosting

Your personal data is hosted within the European Union during its retention period, primarily through Amazon Web Services (AWS) and Google BigQuery.

Some of our service providers may transfer data outside the European Economic Area (EEA). Such transfers are protected by:

• Adequacy decisions from the European Commission;

• Standard contractual clauses approved by the European Commission;

• Other appropriate safeguards under the UK GDPR and EU GDPR.

---

9. Your rights regarding your personal data

You have the following rights concerning your personal data:

• Right to information : as explained in this Charter;

• Right of access : you can access your personal data at any time;

• Right to rectification : you may request the correction of inaccurate or incomplete data;

• Right to restriction of processing : under the conditions set forth in Article 18 of the GDPR;

• Right to erase : you may request the deletion of your personal data;

• Right to lodge a complaint : with the UK Information Commissioner's Office (ICO) or the relevant supervisory authority in your country;

• Right to define post-mortem directives : regarding the retention, erasure, or communication of your personal data after your death;

• Right to withdraw consent : at any time, for processing based on consent;

• Right to data portability : under certain conditions, to receive your data in a machine-readable format;

• Right to object : to the processing of your personal data, unless we demonstrate compelling legitimate grounds for continuing such processing.

You may exercise these rights by contacting us (see Article 10). We may require proof of identity to verify your request.

---

10. Contact for data protection matters

• Email : customerservice@unfa-limited.com

• Postal Address : 100 Menzies Road, Hastings, TN38 9BB, United Kingdom

---

11. Changes to this Charter

We reserve the right to amend this Charter at any time.
Any updates will take effect upon publication.
Continued use of the Site after an update implies acceptance of the revised Charter. If you do not agree to the changes, you should cease using the Site.

---

12. Effective Date

This Charter is effective as of 04/28/2025.

---

ANNEX – COOKIE POLICY

1. What is a Cookie?

When browsing our Site, cookies, pixels, and other tracking technologies (collectively referred to as "Cookies") may be placed on your browser.

A Cookie is a small file, often encrypted, stored on your browser or device and identified by a name. It is deposited during your visit and retrieved each time you return to the Site.

Cookies allow us to access browsing data and, in some cases, personal data.

---

2. Identification of Cookies

has. Technical and functional Cookies
Essential for the Site's functioning and service provision, for example, saving form entries or language preferences.

b. Advertising Cookies
Used to personalize advertising content and measure the effectiveness of ad campaigns. These may be placed by third-party advertising networks.

c. Social network Cookies
Allow you to share content via social media and track navigation on the Site.
Please refer to each social network's privacy policy for further information.

d. Analytics Cookies
Measure site traffic and visitor activity, possibly collecting your IP address to estimate your geolocation.
Analytics help us improve the Site and resolve technical issues.

---

3. Your Cookie Preferences

has. Cookies exempt from consent
Technical, functional, and certain limited analytics cookies do not require your consent.

b. Cookies requiring your explicit consent
Advertising, social media, and most analytics cookies require your consent.
You may accept or refuse these cookies during your first visit, and modify your preferences at any time.

Your cookie preferences are stored for six (6) months.

c. Browser settings
You can configure your browser to accept or refuse cookies. Settings differ by browser.