PRIVACY POLICY

Aleafia Limited
Privacy Policy & Terms of Service
Effective from: 7 May 2025

This Privacy Policy sets out how Aleafia Limited (“we”, “our”, or “us”) collects, processes, and protects personal data when you use our website (www.aleafia.co), access our services, or otherwise interact with us. This policy is issued in compliance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant legislation. Please read this policy carefully to understand our views and practices regarding your personal data.

1. DATA CONTROLLER INFORMATION

Aleafia Limited is a private company incorporated and registered in England and Wales under company number 11750292, with its registered office at Unit I, Gammon Walk, Barnstaple, Devon, EX31 1DJ. For the purposes of data protection legislation, Aleafia Limited is the data controller of your personal data.

For all matters relating to this policy or the processing of your personal data, you can contact us at:
Email: hello@aleafia.co

2. LEGAL BASIS FOR PROCESSING

We only collect and process your personal data where we have a legal basis for doing so under Article 6 of the UK GDPR. This may include:

  • Consent: Where you have given clear permission for us to process your data for a specific purpose.

  • Contractual necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into such a contract.

  • Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

  • Legitimate interests: Where processing is necessary for our legitimate interests (or those of a third party), provided that such interests are not overridden by your data protection rights.

3. PERSONAL DATA WE COLLECT

We may collect and process the following categories of personal data:

  • Identity data: including your name, date of birth, and gender.

  • Contact data: including your email address, phone number, and postal address.

  • Financial data: such as payment information (processed securely via third-party providers).

  • Technical data: including your IP address, browser type, operating system, and usage data collected via cookies.

  • Marketing and communications data: including your preferences in receiving marketing from us and your communication preferences.

4. HOW WE COLLECT YOUR DATA

We collect data from and about you through the following methods:

  • Direct interactions: You may give us your identity, contact and financial data by filling in forms or by corresponding with us by phone, email or otherwise.

  • Automated technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns through cookies and similar technologies.

5. PURPOSES FOR WHICH WE USE YOUR DATA

We use personal data to:

  • Provide our services and fulfil contractual obligations.

  • Manage our relationship with you.

  • Deliver relevant website content and marketing communications.

  • Ensure compliance with our legal obligations.

  • Maintain security and protect against fraud.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

6. DISCLOSURE OF YOUR PERSONAL DATA

We may disclose your data to:

  • Our professional advisers, service providers and subcontractors.

  • HM Revenue & Customs, regulators and other authorities.

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.

All third parties are contractually obligated to keep your personal data secure and process it only in accordance with our instructions and applicable data protection laws.

7. INTERNATIONAL DATA TRANSFERS

If we transfer your data outside of the UK, we will ensure appropriate safeguards are in place to ensure that your personal data is treated securely and in accordance with this policy. This may include the use of Standard Contractual Clauses approved by the UK Information Commissioner.

8. DATA SECURITY

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These measures include:

  • Secure servers and encrypted communications via SSL.

  • Access controls and password protection.

  • Regular review of security protocols and employee training.

In the event of a suspected personal data breach, we will notify you and the Information Commissioner’s Office (ICO) within 72 hours as required by law.

9. DATA RETENTION

We retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements. Retention periods will vary depending on the type of data and the legal basis for processing.

10. YOUR RIGHTS UNDER DATA PROTECTION LAW

You have rights under the UK GDPR, including:

  • The right to access the personal data we hold about you.

  • The right to rectification of inaccurate or incomplete data.

  • The right to erasure ("right to be forgotten").

  • The right to restrict processing.

  • The right to data portability.

  • The right to object to processing based on legitimate interests.

  • The right to withdraw consent at any time (where processing is based on consent).

You also have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk if you believe your data protection rights have been breached.

11. MARKETING COMMUNICATIONS

We may send you marketing communications if:

  • You have requested information from us;

  • You have purchased services from us;

  • You have consented to receiving marketing material.

You can unsubscribe at any time via the unsubscribe link in emails or by contacting us at hello@aleafia.co.

12. USE OF COOKIES

Our website uses cookies to:

  • Improve user experience.

  • Analyse site usage.

  • Support service delivery.

You may set your browser to refuse cookies or alert you when websites set or access cookies. Disabling cookies may affect website functionality.

For more information, see our Cookie Policy available on our website.

13. LINKS TO OTHER SITES

Our website may contain links to third-party websites. We do not control these sites and are not responsible for their privacy practices. You should review the privacy policies of any third-party site before submitting your personal data.

14. CHANGES TO THIS POLICY

We reserve the right to update this privacy policy at any time. Changes will be posted on this page with an updated effective date. Your continued use of the website after any change constitutes acceptance of the revised policy.

15. CONTACT

To exercise your data protection rights, make a complaint, or ask a question about this policy, please contact:

Lauren Lepley
Email: hello@aleafia.co
Address: Aleafia Limited, Unit I, Gammon Walk, Barnstaple, Devon, EX31 1DJ

This policy was last updated on 7 May 2025.

Copyright © 2025 Aleafia Limited. All rights reserved.