Privacy Policy

 2. What this policy applies to This privacy policy relates to your use of the Website only. The Website may link to or rely on other apps, websites, APIs or Website owned and operated by us or by certain trusted third parties to enable us to provide you with Website. These other apps, websites, APIs or Website may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other apps, websites or Website, please consult their privacy policies as appropriate.

3. Personal data we collect about you The personal data we collect about you depends on the particular activities carried out through the Website. We will collect and use the following personal data about you:

3.1. The categories of data we collect include Identity data you input into the Website when you place an order, which is your name and email address, your postal address, and your telephone number. We also collect Data collected when you use specific functions in the Website, which is data you store online with us using the Website including your usage history or preferences. Other data the Website collects automatically when you use it includes your activities on, and use of, the Website which reveal your preferences, interests or manner of use of the Website and the times of use, as well as your device type, IMEA numbers, MAC address of networks, other unique device identification, device operating system, mobile network information, app version number, storage usage, data usage, and time zone settings. Lastly, we collect your name and email address as Personal data when you submit an enquiry.

3.2. Where do we get your personal data? We collect Personal Data from you directly, when you enter or send us information, such as when you contact us (including via email), send us feedback, or purchase products or services via our Website. We also collect it indirectly, such as your browsing activity while using the Website. Some information about you may be automatically collected by the tools we use (Systeme.io, Stripe, Meta, TikTok) and cookies.

3.3. Scope of Processed Data: The data includes, among others: Name and surname, email address, telephone number; IP address, device data (collected via cookies and analytics); Invoice data; Bank account number; Data collected in the mailing system (activity, segmentation); Information visible on social media profiles.

3.4. If you do not provide personal data we ask for where it is required, it may prevent us from providing Website and/or the Website to you. We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.

4. How and why, we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason, e.g., where you have given consent, to comply with our legal and regulatory obligations, for the performance of a contract with you or to take steps at your request before entering into a contract, or for our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. This assessment (Legitimate Interest Assessment - LIA) is internally documented. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below). The following explains what we use your personal data for and why. We use your personal data for Communications with you not related to marketing, including about changes to our terms or policies or changes to the Website or service or other important notices. Our reasons for this, depending on the circumstances, are to comply with our legal and regulatory obligations, or in other cases, for our legitimate interests or those of a third party, i.e., to provide the best service to you. We also use your personal data to Protect the security of systems and data. The reasons for this are to comply with our legal and regulatory obligations. We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us. Your data is used for Operational reasons, such as improving efficiency, training, and quality control or to provide support to you. The reason for this is for our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service to you. We perform Statistical analysis to help us manage our business, e.g., in relation to our performance, customer base, website functionalities and offerings or other efficiency measures. The reason for this is for our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you and improve and develop our website. We use your data for Marketing our products and services to existing and customers. Our reason is for our legitimate interests, i.e. to promote our products to existing and former customers. See ‘Marketing’ below for further information. Your data is used for Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business The reason is to comply with our legal and regulatory obligations. We use your data for The audit of our accounts and business. The reason is for our legitimate interests, i.e. to maintain any accreditations so we can demonstrate we operate at the highest standards. We also process your data to comply with our legal and regulatory obligations. Our reasons for this depend on the circumstances: to perform our contract with you or to take steps at your request before entering into a contract ; to comply with our legal and regulatory obligations ; or where neither of the above apply, for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about their accounts and new products or functionalities related to our goods and services and our Website. Lastly, we use your data to Share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary. The reasons, depending on the circumstances, are to comply with our legal and regulatory obligations, or in other cases, for our legitimate interests or those of a third party, i.e., to protect, realise or grow the value in our business and assets. See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.

We intend to email marketing to send you updates by email, text message, or telephone about our website, including exclusive offers, promotions or new Website. We will always ask you for your consent before sending you marketing communications, except where you have explicitly opted-in to receiving email marketing from us in the past or except where you were given the option to opt-out of email marketing when you initially signed up for your account with us and you did not do so. You will have the right to opt out of receiving marketing communications at any time by contacting us at admin@aggiekosneurofamily.com, or by using the ‘unsubscribe’ link included in all marketing emails you may receive from us. We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes. For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.

6.1. The following external service providers (processors) participate in the processing of your personal data:

• All-in-one Platform Providers: Systeme.io (hosting, mailing system, landing page management).

• Payment Providers: Stripe, PayPal (transaction handling).

• Advertising and Analytics Platforms: Meta Platforms, TikTok, YouTube Analytics (collecting data from websites and mobile applications to create audiences and analysis).

• Affiliate Partners: e.g., Amazon (for tracking clicks and conversions generated by affiliate links to calculate commission). • Support services: Accountant (accounting services), law firm, technical support, hosting provider, cloud computing providers.

6.2. Your personal data may also be transferred to tax authorities (HMRC) and other bodies authorised to access data under the provisions of UK law.

We will keep your personal data for as long as you have an active account with us and for a period of up to 6 years thereafter to comply with any accounting or legal obligations including in the event of the pursuit or defence of legal claims. Once you have closed your account with us, we will move your personal data to a separate database so that only key stakeholders in our business on a ‘need to know basis’ have access to such data. Following the end of the aforementioned retention period, we will delete or anonymise your personal data.

8.1. Your personal data may be transferred outside the United Kingdom (UK) and the European Economic Area (EEA) to global providers (e.g., Systeme.io, Stripe, TikTok), where such transfers are classified as Restricted Transfers under UK GDPR.

8.2. We ensure that these transfers are secured by applying appropriate legal safeguards required by UK GDPR (Art. 46), which include: The International Data Transfer Agreement (IDTA) issued by the ICO, or The International Data Transfer Addendum to the European Commission's Standard Contractual Clauses (Addendum to SCCs). Relying on these mechanisms ensures that your data remains protected in accordance with UK GDPR standards.

9.1. UK GDPR grants you the following rights related to the processing of your personal data:

• Right of access to your data and to receive a copy thereof.

• Right to rectification (correction) of your data.

• Right to erasure (right to be forgotten). • Right to restriction of processing.

• Right to data portability.

• Right to withdraw consent to the processing of personal data.

9.2. Right to object to data processing (Art. 21 UK GDPR).

• Direct Marketing: You have the right to object at any time to the processing of personal data for direct marketing purposes (including related profiling). Upon receiving an objection, we will cease processing data for this purpose. In the case of direct marketing, our legitimate interest can never override your objection. • Other Legitimate Interests: You have the right to object to processing based on other legitimate interests (e.g., system security); we will cease processing your data for these purposes unless we demonstrate compelling legitimate grounds.

9.3. Right to lodge a complaint with a supervisory authority. If you find that we have violated personal data protection regulations, you have the option to lodge a complaint with the competent supervisory authority in the UK: Information Commissioner's Office (ICO).

10.1. Our Website uses cookies (first-party cookies) and third-party cookies (e.g., Meta, TikTok, Google pixels). Cookies are small text files stored on your end device (e.g., computer, tablet, smartphone).

10.2. Some of the cookies we use are deleted after the browser session ends (session cookies). Others are retained to enable recognition of your browser upon your next visit to the website (persistent cookies).

11.1. We use cookies that are not strictly necessary for the proper provision of the electronic service (e.g., marketing, analytical cookies) solely based on your explicit, active consent (Opt-in), in compliance with UK PECR.

11.2. These files remain blocked until you provide consent. During your first visit to the Website, we display a notice (Consent Banner) giving you the option to manage cookies.

12.1. Yes, you can manage cookie settings within your web browser. You can block all or selected cookies. However, disabling or restricting cookie support may prevent you from using some Website features.

13.1. First-party cookies are used to ensure the proper functioning of various Website mechanisms, such as remembering cart contents, correct form submission, and handling newsletter forms.

16.1. Below is a list of options for managing your privacy:

• Cookie settings within your web browser.

• Cookie management mechanism (Consent Banner) from our Website.

• Behavioural advertising settings (e.g., Google Ads Settings, Facebook Ads Settings).

• Right to object to data processing for direct marketing purposes.

17.1. Yes, we may modify this Privacy Policy, particularly due to technological changes and changes in UK law. If you are a registered user, you will receive an email notification about every change to the Privacy Policy.

18.1. This privacy policy applies only to the Aggie Kos Neurofamily Website and platform.

18.2. The Website may contain links to other websites (e.g., Amazon for affiliation). The Administrator encourages you to familiarise yourself with the privacy policy established there upon visiting other sites.

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. If you want detailed information from, Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Please contact us if you have any queries or concern about our use of your information (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have. You also have the right to lodge a complaint with the Information Commissioner. The Information Commissioner can be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

We may change this privacy policy from time to time When we make significant changes, we will take steps to inform you, for example via the Website or by other means, such as email

You can contact us by email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint. Our contact details are shown below: admin@aggiekosneurofamily.com