Privacy Policy (External Privacy Notice)

DRIPFY UK LTD (“Dripfy”) is committed to protecting the privacy and security of the personal data of our website visitors, clients, and business partners. This Privacy Policy explains who we are, how we collect, use, store, and share personal data, and how you can exercise your data protection rights under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

1. Company Details

DRIPFY UK LTD

71–75 Shelton Street, Covent Garden

London, WC2H 9JQ

United Kingdom

Email: info@dripfy.co.uk

DRIPFY UK LTD acts as the Data Controller for the purposes of data protection legislation.

2. What We Do

Dripfy provides non-clinical wellness, lifestyle, research-support, data analysis, administrative, and informational services.

Our services may include educational health information, data organisation and analysis, lifestyle insights, research assistance, and decision-support tools.

Dripfy does not provide medical advice, diagnoses, or treatment and does not establish a doctor–patient relationship.

3. Categories of Data Subjects and Processing Purposes

We may process personal data relating to the following categories of individuals:

Website visitors

Clients and prospective clients

Business partners and service providers

Healthcare professionals interacting with our services

Researchers and collaborators

Personal data is processed for purposes including service delivery, communication, research support, website functionality, legal compliance, and business operations, based on applicable legal grounds such as consent, contractual necessity, legitimate interest, or legal obligation.

4. Types of Personal Data Collected

Depending on the nature of your interaction with us, we may collect the following categories of personal data:

Identification data such as name and date of birth

Contact information including email address, phone number, and postal address

Health-related and lifestyle data, including diagnostic or genetic information, where explicit consent has been provided

Image or video data, where voluntarily submitted

Technical data such as IP address, browser type, device information, and usage data

Communication records and correspondence

We do not intentionally collect data from minors without appropriate consent.

5. Sources of Data

Personal data is collected directly from you through website forms, communications, service interactions, or consent-based submissions.

We may also receive data from authorised third parties, professional partners, or publicly available sources where legally permitted.

6. Data Recipients

Personal data may be shared, where necessary, with:

Authorised employees and contractors of DRIPFY UK LTD

Professional advisors, including legal, accounting, or compliance providers

IT service providers and hosting partners

Research and analytics partners, where data is anonymised or consent has been obtained

Regulatory authorities or public bodies where legally required

We do not sell personal data to third parties.

7. Storage and Processing Locations

Personal data may be stored and processed within the United Kingdom and, where necessary, within the European Economic Area (EEA).

Where third-country processing is required, appropriate safeguards are applied.

8. Retention Periods

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including legal, contractual, and regulatory obligations.

Health-related or research data may be retained for longer periods in anonymised form where legally permissible.

9. International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:

UK adequacy regulations

Standard Contractual Clauses approved by the UK Information Commissioner

Other lawful transfer mechanisms recognised under UK GDPR

10. Data Security

We implement appropriate technical and organisational security measures to protect personal data, including access controls, encryption, secure storage, and regular system reviews.

Access to personal data is restricted to authorised personnel only.

11. Your Rights

Under UK GDPR, you have the right to:

Request access to your personal data

Request correction of inaccurate or incomplete data

Request deletion of your data under certain conditions

Restrict or object to certain processing activities

Request data portability

Withdraw consent at any time, where processing is based on consent

To exercise these rights, please contact: info@dripfy.co.uk

12. Automated Decision-Making

You will not be subject to decisions based solely on automated processing that produce legal or significant effects, unless such processing is necessary for a contract or you have provided explicit consent.

13. Legal Disclosure

We may disclose personal data where required by law, regulation, court order, or to law enforcement authorities acting within their lawful powers.

14. Data Breach Notification

We maintain procedures to identify, manage, and respond to personal data breaches.

Where legally required, affected individuals and relevant authorities will be notified without undue delay.

15. Handling Requests

We aim to respond to data protection requests within one (1) month.

This period may be extended to up to three (3) months for complex requests, in accordance with UK GDPR.

Identity verification may be required before processing requests.

16. Updates to This Policy

This Privacy Policy may be updated from time to time to reflect legal or operational changes.

The most current version will always be available on our website.