GDPR

GDPR Compliance Statement 

Last Updated: March 2025

At imani, we are committed to protecting your privacy and ensuring the security of your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This statement outlines our practices for handling your data responsibly and transparently.  

1. Our Commitment  

We value your trust and take our legal obligations seriously. We ensure that:  

  • Your personal data is processed lawfully, fairly, and transparently.  

  • Data is collected only for specified, legitimate purposes.  

  • We retain data no longer than necessary.  

  • Technical and organisational measures safeguard your information against unauthorised access, loss, or misuse.  

2. Data We Collect  

We collect and process minimal data necessary to provide our products and services, including:  

  • Contact Information: Name, email, phone number, and postal address (for product delivery).  

  • Health Information: Medical conditions or allergies (voluntarily shared during consultations to ensure safe, tailored services).  

  • Payment Details: Transaction records (e.g., bank transfers, PayPal payments).  

  • Communications: Records of emails, phone calls, or website inquiries.  

3. Legal Basis for Processing  

We process your data under the following lawful bases:  

  • Contractual Necessity: To fulfil orders, deliver products, or provide booked services.  

  • Legitimate Interests: To improve user experience, prevent fraud, and operate our business efficiently.  

  • Explicit Consent: For sensitive health data disclosed during consultations.  

  • Legal Obligations: To comply with tax, accounting, or regulatory requirements.  

4. Your Rights Under UK GDPR  

You have the right to:  

  • Access your personal data.  

  • Rectify inaccurate or incomplete data.  

  • Erasure of your data (where legally permissible).  

  • Restrict or object to processing.  

  • Data Portability (receive your data in a transferable format).  

  • Withdraw Consent at any time (where processing is consent-based).  

  • To exercise these rights, contact us here. We will respond within 30 days and may request verification of your identity.  

5. Data Security  

We implement robust measures to protect your data, including:  

  • Encryption for sensitive information during transmission.  

  • Access Controls to limit data handling to authorised personnel only.  

  • Regular Training for staff on GDPR compliance and data protection best practices.  

  • In the unlikely event of a data breach, we will notify you and theInformation Commissioner’s Office (ICO) within 72 hours if required by law.  

6. Data Sharing  

We do not sell your data. We may share it only with:  

  • Trusted Third Parties: Payment processors (e.g., PayPal) or delivery partners, all bound by GDPR-compliant agreements.  

  • Legal Authorities: To comply with court orders, government requests, or fraud investigations.  

7. Data Retention  

  • Transactional Data: Retained for7 years to comply with UK tax laws.  

  • Health Information: Stored for the duration of your engagement with us and 2 years post-termination.  

  • Marketing Data: Kept until you withdraw consent or opt out.  

8. Cookies  

  • Our website uses essential cookies only (e.g., to enable contact forms). We do not use tracking, analytics, or advertising cookies.  

9. Children’s Privacy  

  • Our products and services are intended for users aged 18+. We do not knowingly collect data from minors without parental consent.  

10. Updates to This Statement  

  • We may update this statement to reflect changes in law or business practices. Revised versions will be posted on our website with a new “Last Updated” date.  

11. Contact Us  

For questions, data requests, or concerns about your privacy:  

  • Contact Form

  • ICO: You may lodge a complaint with the UK’s data protection authority: [ico.org.uk](https://ico.org.uk).  

Your Trust Matters  

By choosing imani, you entrust us with your personal data, and we pledge to honour that trust through unwavering compliance with data protection laws.