Holi Health Hack — Privacy Policy (Basic / Limited Data)

Effective date: 2 November 2025
Who we are: Holi Health Hack (“we”, “us”).
Registered office: London, United Kingdom
Privacy contact: holihealthhack@gmail.com (Attn: A A Lindsay)

If you’re in the UK/EU, we are the data controller of your personal data for this website and related services.

1) What data we collect

  • Contact details (name, email, message content) when you get in touch or fill forms.

  • Newsletter (email address) if you subscribe.

  • Orders/Bookings (name, email, billing details, order/booking info). Card data is handled by our payment processor; we do not store full card numbers.

  • Usage & cookies for analytics/marketing (IP address or partial IP, device/browser info, pages viewed, events) via cookies, pixels and similar tech.

2) How we collect it

  • Directly from you (forms, checkout/booking, email).

  • Automatically via cookies and similar technologies placed on your device when you use the site.

3) Why we use it (purposes) & legal bases

PurposeExamplesLegal basis (UK/EU GDPR)Respond to enquiriesReply to your message, support requestsLegitimate interests (to operate our business and answer you)Newsletters/updatesSend emails you signed up forConsent (you can withdraw anytime via “unsubscribe”)Orders/BookingsSet up, administer and confirm your order/booking; customer serviceContract (pre-contract steps & performance)Site security & functionalityLoad pages, prevent abuse/fraudLegitimate interests (keep the site safe/working)AnalyticsUnderstand visits and improve contentConsent (via cookie banner)Marketing measurementMeasure campaign performance, retargeting (if enabled)Consent (via cookie banner)

If we rely on legitimate interests, we only do so where our interests aren’t overridden by your rights and freedoms.

4) Cookies & tracking

We use:

  • Essential cookies (strictly necessary).

  • Analytics cookies (e.g., Google Analytics).

  • Marketing cookies (e.g., for ad measurement/retargeting if enabled).

Non-essential cookies (analytics/marketing) run only with your consent. You can change or withdraw consent anytime via Cookie Preferences (link/button on the site). For more on cookies and your rights, see the UK ICO’s guidance. ICO+1

We use cookies and similar technologies to run this site, understand how it’s used, and (if you allow) measure marketing. Non-essential cookies (analytics/marketing) only run after you consent via the Cookie banner.

Cookie table (summary)

EssentialCore site functions (security, load balancing, remembering cookie choices).e.g., cookie storing your consent choiceYour site platform / consent toolOnly as long as needed; cannot be turned off via banner.

Analytics (consent)Understand visits and improve content.GA4 cookies (e.g., _ga, _ga_<container>, _gid)Google AnalyticsGA user/event data retention is configurable (2 or 14 months on standard properties). Managed in GA Admin; runs only with consent. Google Support

Marketing (consent, if enabled)Ad measurement and retargeting.e.g., ad/retargeting pixels (provider-specific)Various (e.g., Google/Meta, if enabled)Runs only with consent; retention varies by provider.

International transfers (cookies & analytics)

Some providers may process data outside the UK/EEA (e.g., US). Transfers rely on approved safeguards such as the EU-U.S. Data Privacy Framework and the UK Extension and/or Standard Contractual Clauses (see Google’s disclosure).

5) Analytics

We use Google Analytics (GA4) to understand how our site is used. GA4 stores user/event data for 2 months by default (configurable up to 14 months on the free plan). We configure GA4 to the shortest period compatible with our analytics needs. usercentrics.com+1

6) Who we share data with (processors/recipients)

We use trusted service providers to run our site and services, for example:

  • Website hosting/CDN (to serve the site).

  • Email/newsletter service (to send newsletters).

  • Payment processor (to process transactions; we don’t store full card data).

  • Analytics: Google Analytics (Google Ireland Limited/Google LLC) for aggregated metrics.

We instruct them under contracts to process data only for our purposes and with appropriate safeguards.

7) International transfers

Some providers (e.g., Google) may process data in countries outside the UK/EEA (notably the US). Transfers are protected using approved safeguards such as the EU–US Data Privacy Framework (and the UK Extension) and/or Standard Contractual Clauses, as applicable. See Google’s data-transfer and framework disclosures. Google Policies+2Business Data Responsibility+2

8) Retention

We keep data only as long as needed:

  • Enquiries/support: typically up to 12 months after last contact.

  • Newsletter: until you unsubscribe (we also periodically suppress/clean inactive contacts).

  • Orders/Bookings: for the period required by tax/accounting laws (usually several years).

  • Analytics: per GA4 settings (generally 2–14 months). usercentrics.com

9) Your rights (UK/EU)

You have the right to access, rectify, erase, restrict, object, and port your data. Where we rely on consent, you may withdraw it at any time (this won’t affect prior processing). To exercise your rights, email holihealthhack@gmail.com. We’ll respond within one month where possible. See ICO guidance on the right to be informed and complaints. ICO+1

Complaints: If you’re unhappy with how we handle your data, please email us first. You also have the right to complain to the UK Information Commissioner’s Office (ICO) (see “Make a complaint” and contact details). ICO+2ICO+2

10) Children

Our site and services are not directed to children and we do not knowingly collect children’s data.

11) Security

We use reasonable technical and organisational measures (HTTPS/TLS, access controls, least-privilege, vendor due-diligence) to protect your data.

12) EU representative (if required)

If we are not established in the EEA but regularly target EEA residents, we may be required to appoint an EU representative under GDPR Art. 27. If/when appointed, we will update this section with contact details. gdpr-info.eu+1

13) Updates to this notice

We may update this policy to reflect changes to our services or the law. Material changes will be highlighted on this page; please check back periodically.