Nutritics Blog

< back

GDPR and You

We take your privacy very seriously. Understand your choices and control over your data with Nutritics.
1st May 2018

What is GDPR?

In an effort to expand the privacy rights of EU individuals, the EU General Data Protection Regulation (“GDPR”) places new obligations on any organisation, no matter where it is based, that markets to, tracks or handles EU personal data. 

GDPR is the biggest compliance-related regulation to come along in years, replacing the Data Protection Directive 95/46/EC (“Directive”) and substantially increasing data subject rights and privileges. The GDPR was finalised on April 14, 2016 and goes into enforcement on May 25, 2018. GDPR will have a global reach and as such we have decided to implement and maintain the high standards expected by GDPR across our entire service. 

How are Nutritics meeting the requirements of GDPR?

Nutritics is the ‘Processor’ of the data for which you (“the Client”) have control (“the Controller”). In practice the new rules mean that processors are likely to be asked by their Clients to prove they are GDPR compliant Nutritics is happy to support the development of an updated contract by working with the appointed data controller where necessary. 

Nutritics is ensuring that we meet the requirements of GDPR by  
  • Only acting on the documented instructions of the Controller 
  • Not using a sub-processor without consent from the Controller 
  • Co-operating with the regulator as required 
  • Notifying the Controller if a breach occurs

What does Nutritics' compliance with GDPR entail?

Consent based data processing  
We have reviewed our mechanisms for collecting consent to ensure that it is freely given, specific, informed and that it is a clear indication that an individual has chosen to agree to the processing of their data.

Access to personal data
Nutritics is fully equipped to respond to Subject Access Requests (SARs) within one month of request.

Data portability
Individuals will be provided, upon request, their personal data in a structured, commonly used and machine readable format. 

Deletion and rectification
There are controls and procedures in place to allow personal data to be deleted or rectified.  

Right to restriction of processing
There are controls and procedures in place to halt the processing of personal data where an individual has on valid grounds sought the restriction of processing. 

Right to object to processing
Nutritics users have the right to object to certain types of processing such as direct marketing. We will always ask you if its ok to send marketing material to you. 

Profiling and automated processing 
Where automation is used to communicate with you, for example, special discounts based on your chosen package, you will be informed of the possibility of automated messages being sent and you and consent will be required. At any time, you can contact us to remove consent and stop any automated emails going to you. 

Accuracy and retention policies 
  • Purpose limitation: Personal data will only be used for the purposes for which it was originally collected. 
  • Data minimisation: Personal data collected is limited to what is necessary for the purposes for which it is processed.  
  • Accuracy: Procedures are in place to ensure personal data is kept up to date and accurate and where a correction is required, the necessary changes are made without delay. 
  • Retention: Retention policies and procedures in place to ensure data is held for no longer than is necessary for the purposes for which it was collected. See terms & conditions for our retention of data term. You can request that data is retained for longer and we will oblige on request. Procedures are in place to ensure data is destroyed securely, in accordance with our retention policies.
  • Duplication of records: Procedures are in place to ensure that there is no unnecessary or unregulated duplication of records. 

Data security
Appropriate technical and organisational security measures are in place to offer Nutritics users the highest level of security. 

Data breaches
Nutritics has a documented privacy and security incident response plan. This plan is regularly reviewed and procedures are in place to notify the office of the Data Protection Commissioner of a data breach.

Should you have any questions in relation to the data you control and how Nutritics can support you with requirements under GDPR, please contact