Privacy Policy

This Privacy Policy describes how tomorrowellness.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

 When you visit the Site, we collect certain information about your device, your interaction with the Site. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why. Device information Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site. Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site. Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels. The Site is not intended for individuals under the age of 18 years old. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion. 

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example: We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

Behavioural Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here.

You can also opt-out of Google Analytics here.

Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers. 

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
Your consent;
The performance of the contract between you and the Site;
Compliance with our legal obligations;
To protect your vital interests;
To perform a task carried out in the public interest;
For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
Services that include elements of automated decision-making include:
Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States.

Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor. We use the following cookies to optimize your experience on our Site and to provide our services.

– Google Analytics
– Facebook Pixel
– LinkedIn Insight Tag
– Cookies

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu.

For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Tomorrow Cardiovascular Ltd views the correct and lawful handling of personal data as integral to its success and dealings with third parties and its employees.
This Policy outlines the procedure for the making and handling of Subject Access Requests (SARs) and includes the required form in Appendix A for the submission of a Subject Access Request to TOMORROW CARDIOVASCULAR.

What do we do when we receive a subject access request?

Checking of identity
2.1 We will first check that we have enough information to be sure of your identity. Often we will have no reason to doubt a person’s identity, for example, if we have regularly corresponded with them. However, if we have good cause to doubt your identity we can ask you to provide any evidence we reasonably need to confirm your identity. For example, we may ask you for a piece of information held in your records that we would expect you to know: a witnessed copy of your signature or proof of your address.

2.2 If the person requesting the information is a relative/representative of the individual concerned, then the relative/representative is entitled to personal data about themselves but must supply the individual’s consent for the release of their personal data. If you have been appointed to act for someone under the Mental Capacity Act 2005, you must confirm your capacity to act their behalf and explain how you are entitled to access their information. If you are the parent/guardian of a child under 16, we will need to consider whether the child can provide their consent to you acting on their behalf.

2.3 Should you make a data subject access request but you are not the data subject, you must stipulate the basis under the General Data Protection Regulation Act that you consider makes you entitled to the information.

Collation of information

2.4 We will check that we have enough information to find the records you requested. If we feel we need more information, then we will promptly ask you for this. We will gather any manual or electronically held information (including emails) and identify any information provided by a third party or which identifies a third party. This is limited to emails held for the last 2 years only.

2.5 If we have identified information that relates to third parties, we will write to them asking whether there is any reason why this information should not be disclosed. We do not have to supply the information to you unless the other party has provided their consent or it is reasonable to do so without their consent. If the third party objects to the information being disclosed we may seek legal advice on what action we should take.

2.6 Before sharing any information that relates to third parties, we will where possible anonymise information that identifies third parties not already known to the individual (e.g. the Authority employees), and edit information that might affect another party’s privacy. We may also summarise information rather than provide a copy of the whole document. The GDPR legislation requires us to provide information not documents.

Issuing our response

2.7 Once any queries around the information requested have been resolved, copies of the information in a permanent form will be sent to you except where you agree, where it is impossible, or where it would involve undue effort. In these cases, an alternative would be to allow you to view the information on screen at the Authority.

2.8 We will explain any complex terms or abbreviations contained within the information when it is shared with you. Unless specified otherwise, we will also provide a copy of any information that you have seen before.

What is the timeframe for responding to subject access requests?

We have 40 calendar days starting from when we have received all the information necessary to identify you, to identify the information requested, and any fee required, to provide you with the information or to provide an explanation about why we are unable to provide the information. In many cases, it will be possible to respond in advance of the 40 calendar day target and we will aim to do so where possible.

5. Are there any grounds we can rely on for not complying with a subject access request?

Previous Request

5.1 If you have made a previous subject access request we must respond if a reasonable interval has elapsed since the previous request. A reasonable interval will be determined upon the nature of the information, the time that has elapsed, and the number of changes that have occurred to the information since the last request. 

Exemptions

5.2 The Act contains a number of exemptions to our duty to disclose personal data and we may seek legal advice if we consider that they might apply. Possible exemptions would be: information covered by legal professional privilege, information used for research, historical and statistical purposes, and confidential references given or received by the Authority. 

What do we do with your data?

We will only use your personal data when the law allows us to.

We may share your data with other health bodies or organisations, but only where it is necessary to fulfil our duty to provide our services, and within all relevant laws and regulations governing the use of patient or personal data.

The Company only holds patient or personal data which is directly relevant to the provision of its services and in line with national guidelines and legal requirements for obtaining and storage or data. That data will be held and processed in accordance with the general data protection regulations and TOMORROW CARDIOVASCULAR’ privacy policy.

All data is kept on encrypted systems at Tomorrow Cardiovascular Ltd.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@tomorrowwellness.com or by mail using the details provided below: Tomorrow Cardiovascular Wellness, 7a Regents Street, Knutsford, B94 5EA, United Kingdom