Privacy Policy

Last updated: 28th February 2026.

This Privacy Policy describes how Innocent Health Ltd t/a Novomins Nutrition (the  "we", "us", or "our") collects, uses, and discloses your personal data when you use our services, visit or make a purchase from novomins.com (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). This includes data you provide when you register with us, sign up to our newsletter, purchase a product or take part in a competition or promotion.

For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site and update the "Last updated" date.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

How We Collect and Use Your Personal Data

To provide the Services, we collect personal data about you from a variety of sources, as set out below.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

What Personal Data We Collect

The types of personal data we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal data ", we are referring to information that identifies, relates to, describes or can be associated with you. The following sections describe the categories and specific types of personal data we collect.

Information We Collect Directly from You

We use different methods to collect data from and about you, including through your interactions with us, such as through you filling in online forms, taking part in competitions or promotions or by corresponding with us. This includes personal data you provide when you:

  • Purchase our products;
  • Create an account on the Site;
  • Request marketing to be sent to you;
  • Enter a competition, promotion or survey; or
  • Give us feedback or contact us.

Information that you directly submit to us through our Services may include:

  • Identity Data including your name, marital status, date of birth and gender.
  • Contact details including your name, address, phone number, and email.
  • Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number.
  • Account information including your username, password, security questions and other information used for account security purposes.
    • Shopping information including the items you view, put in your cart, saved into your account like loyalty points, reviews, referrals or gift cards, or purchases. It also includes loyalty points/product reviews/referrals/gift cards saved.
  • Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.
  • Profile data including your interests, preferences, feedback and survey responses.
  • Marketing and Communications data including your preferences in receiving marketing from us and your communications preferences.


Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect about Your Usage

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, location and time zone setting, browser information, information about your network connection, your IP address and other information regarding technology on the devices you use to access the Site and your interaction with the Services.

Information We Obtain from Third Parties

Finally, we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

  • Companies who support our Site and Services, such as Shopify.
  • Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfil your orders and provide you with products or services you have requested, in order to perform our contract with you.
  • When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information (including about your equipment, browsing actions and patters) using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. Also see the section below, Third Party Websites and Links.

How We Use Your Personal Data

Legal Basis


The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:


Performance of a contract with you: Where we need to perform the contract, we are about to enter into or have entered into with you.


Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).


Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.


Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.


Purposes for which we will use your personal data

  • Providing Products and Services and customer management. We use your personal data to provide you with the Services in order to perform our contract with you, including to register you as a customer, process your payments, process and fulfil your orders, to send notifications to you related to your account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account and our relationship with you, to arrange for shipping, facilitate any returns and exchanges and other features and functionalities related to your account. We may also enhance your shopping experience by enabling Shopify to match your account with other Shopify services that you may choose to use. In this case, Shopify will process your information as set forth in its Privacy Policy and Consumer Privacy Policy.
  • To enable you to partake in a prize draw, competition or promotion or to complete a survey. Depending on the circumstances, we do this to perform a contract with you, or it is necessary for our legitimate interests to study how our customers use our products/services, to develop them and grow our business).
  • Maintaining, enhancing and optimising our products and services. It is in our legitimate interest to ensure that we run our business in the best possible way for us and our customers and prospective customers and ensuring that we offer the best products and services to our customers and prospective customers.
  • Account management to ensure that your account with us is properly administrated. We do this either in order to fulfil a contract with you or (where you have an account but are not an active customer) it is in our legitimate interest to ensure that we are able to provide you with products should you make a purchase.
  • Marketing and Advertising. We may use your personal data for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may include using your personal data to better tailor the Services and advertising on our Site and other websites. The legal basis for these data processing activities is our legitimate interest to develop our products/services and grow our business in selling our products or in some cases having obtained your prior consent to receiving direct marketing communications.
  • Accounting and auditing. We process data for this purpose to comply with our legal obligations to ensure that we file our accounts and provide information our auditors require.
  • Security and Fraud Prevention. We use your personal data to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately. The legal basis for these data processing activities is our legitimate interest in keeping our website secure for you and other customers and protecting our business.
  • Communicating with You and Service Improvement. We use your personal data to provide you with customer support and improve our Services. This is in our legitimate interests in order to be responsive to you, to provide effective services to you, and to maintain our business relationship with you.
  • Data analytics. We use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our marketing. This is necessary for our legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and inform our marketing strategy).

We do not use your personal data for automated decision making or profiling.

Cookies

We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services. We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

Please note that the following third parties may use cookies, over which we have no control. These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third-party cookies are likely to be analytical cookies or performance cookies or targeting cookies, though some are strictly necessary:

  • Instagram
  • CloudFare
  • Shopify
  • TikTok
  • Klar Insights
  • Teads
  • Pinterest
  • Google
  • PayPal
  • RTB House
  • Criteo
  • Fingerprint JS

To deactivate the use of third-party advertising cookies, you may visit the relevant consumer page to manage the use of these types of cookies.

You can choose to set your browser to remove or reject cookies through your browser control. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available.  

How We Disclose Personal Data

In certain circumstances, we may disclose your personal data to third parties for contract fulfilment purposes, legitimate purposes and other reasons subject to this Privacy Policy. Such circumstances may include:

  • With vendors or other third parties who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfilment and shipping).
  • With companies which provide marketing services on our behalf.
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship your products or through your use of social media widgets or login integrations, with your consent.
  • With parties who recommend our products and services via their own websites and to whom we pay a commission (our “Affiliates”) or in our legitimate interests to run a successful business.
  • In connection with a business transaction such as a sale, merger or bankruptcy, to comply with any applicable legal obligations (including to respond to witness summons’, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.


We disclose the following categories of personal data and special category personal data (in the form of data about your gender) about users for the purposes set out above in "How we Collect and Use your Personal Data " and "How we Disclose Personal Data":

Category

Categories of Recipients
  • Identifiers such as basic contact details and certain order and account information
  • Personal data categories listed in the California Customer Records statute such as basic contact details and certain order and account information
  • Commercial information such as order information, shopping information and customer support information
  • Internet or other similar network activity, such as Usage Data
  • Geolocation data such as locations determined by an IP address or other technical measures
  • Vendors and third parties who perform services on our behalf (such as Internet Service Providers, payment processors, fulfilment partners, companies that provide marketing services on our behalf, inventory management/warehouse management providers, review management providers, customer support partners, Customer Relationship Management providers, and data analytics providers)
  • Affiliates


Additionally, we may provide certain personal data to our auditors, accountants, bookkeepers and other professional advisers (such as lawyers or consultants), and we may be obliged in some cases to provide personal data to law enforcement officials, the courts or taxation authorities as necessary to comply with our legal obligations, defend our rights and the rights of other Novomins customers, prospective customers or users of the Site.

We do not use or disclose special category personal data without your consent or for the purposes of inferring characteristics about you.

User Generated Content

The Services may enable you to post product reviews and other user-generated content. If you choose to submit user generated content to any public area of the Services, this content will be public and accessible by anyone.

We do not control who will have access to the information that you choose to make available to others and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you disclose or receive from third parties.

Third Party Websites and Links

Our Site may provide links to websites or other online platforms operated by third parties. Clicking those links or enabling those connections may allow third parties to collect and share data about you. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not control these third-party websites and do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal data about children. If you are the parent or guardian of a child who has provided us with their personal data, you may contact us using the contact details set out below to request that it be deleted.

As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we share personal data of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.

However, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we retain your personal data depends on different factors, such as whether we need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data: see below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. 

Your Rights

Depending on where you live, you may have some or all of the rights listed below in relation to your personal data. You will have the rights listed below if you are resident in the United Kingdom. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

  • Right to Access / Know: You may have a right to request access to personal data that we hold about you, including details relating to the ways in which we use and share your information to check that we are lawfully processing it.
  • Right to Delete: You may have a right to request that we delete personal data we hold about you in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You may also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right to Correct: You may have a right to request that we correct inaccurate or incomplete personal data we hold about you, though we may need to verify the accuracy of the new data you provide to us.
  • Right of Portability: You may have a right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  • Right to opt out of Sharing or Targeted Advertising: You may have a right to direct us not to share your personal data or to opt out of the processing of your personal data for purposes considered to be "targeted advertising", as defined in applicable privacy laws.
  • Right to object to processing where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  • Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal data. This allows you to ask us to suspend the processing of your personal data in one of the following scenarios:

If you want us to establish the data's accuracy;

Where our use of the data is unlawful, but you do not want us to erase it;

Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your personal data to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdrawal of Consent: Where we rely on consent to process your personal data, you may have the right to withdraw this consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.
  • Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.


You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

If you have complaints about how we process your personal data, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here. For the UK, you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). However, before raising a complaint with the ICO, please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand. The ICO will expect you to have done this before reviewing your complaint.

International Users

Please note that we may transfer, store and process your personal data outside the country you live in. Your personal data is also processed by staff and third-party service providers and partners in these countries.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at hello@novomins.com or contact us at Castlecroft Business Centre, Tom Johnston Road, Dundee, Dundee, SCT, DD4 8XD, GB.

For the purpose of applicable data protection laws and if not explicitly stated otherwise, we are the data controller of your personal data.