Last updated:

Privacy Policy

This Privacy Policy explains how Vitspine collects, uses, stores, and protects your personal information when you visit our website or use our services.

1. Data Controller Information

The data controller responsible for your personal data is:

Vitspine Ltd
Registered in England and Wales
Company Registration Number: 592314876
VAT Number: GB5923148769
Registered Office: 29 Foubert's Place, London W1F 7QF, United Kingdom

You may contact us regarding data protection matters by email at assist@vitspine.world or by telephone at +44 20 7434 3209.

As the data controller, we determine the purposes and means of processing personal data collected through vitspine.world and associated services including consulting sessions, educational product purchases, and program enrolments.

2. Scope of This Policy

This Privacy Policy applies to all personal data processed by Vitspine in connection with our website, contact forms, cookie usage, consulting services, educational products, and kitchen skill programs. It does not apply to third-party websites linked from our pages, which maintain their own privacy practices.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection laws when processing data of individuals located outside the United Kingdom.

3. Categories of Personal Data We Collect

3.1 Information You Provide Directly

When you contact us through our contact form, book a consulting session, purchase educational products, or enrol in a program, we may collect the following information:

  • Full name
  • Email address
  • Telephone number (if provided)
  • Postal address (if provided for product delivery)
  • Message content and enquiry details
  • Payment information (processed by secure third-party payment providers; we do not store full card details)
  • GDPR consent records with timestamps

3.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information through cookies and similar technologies, subject to your consent preferences:

  • IP address (anonymised where possible)
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent on each page
  • Device type and screen resolution
  • Date and time of visit

3.3 Information from Third Parties

We may receive limited information from analytics providers and payment processors necessary to fulfil transactions and improve our services. Such providers act as data processors under our instructions.

4. Purposes and Legal Bases for Processing

We process your personal data only when we have a valid legal basis under UK GDPR. The following table summarises our processing activities:

  • Responding to enquiries: We process your name, email, and message to respond to your contact form submission. Legal basis: legitimate interest in communicating with prospective and existing clients, or consent where explicitly given.
  • Providing consulting services: We process contact details and session notes to deliver booked consulting sessions. Legal basis: performance of a contract.
  • Delivering educational products: We process purchase and delivery information to provide downloadable or physical products. Legal basis: performance of a contract.
  • Program administration: We process enrolment data to manage participation in kitchen skill programs. Legal basis: performance of a contract.
  • Website analytics: We process anonymised usage data to understand how visitors interact with our content. Legal basis: consent (via cookie preferences).
  • Marketing communications: We send promotional content only where you have opted in. Legal basis: consent.
  • Legal compliance: We may retain certain records to comply with tax, accounting, and regulatory obligations. Legal basis: legal obligation.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.

  • Contact form submissions: retained for 24 months from the date of last communication, then securely deleted.
  • Consulting session records: retained for 36 months after the final session, then anonymised or deleted.
  • Purchase and transaction records: retained for 7 years in accordance with UK tax and accounting requirements.
  • Cookie consent records: retained for 12 months, then refreshed upon your next visit.
  • Analytics data: retained in aggregated, anonymised form for up to 26 months.
  • Marketing consent records: retained until you withdraw consent, plus 12 months for audit purposes.

6. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share data with the following categories of recipients where necessary:

  • Payment processors to complete transactions securely
  • Email service providers to send transactional and service-related communications
  • Analytics providers (only with your consent for non-essential cookies)
  • Cloud hosting providers who store data on our behalf under data processing agreements
  • Professional advisers including accountants and legal counsel when required
  • Law enforcement or regulatory authorities when legally compelled

All third-party processors are bound by contractual obligations to protect your data and process it only according to our instructions.

7. International Data Transfers

Your data is primarily stored and processed within the United Kingdom and the European Economic Area. Where data is transferred to countries without an adequacy decision, we implement appropriate safeguards including Standard Contractual Clauses approved by the UK Information Commissioner's Office.

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted through our website
  • Access controls limiting data access to authorised personnel only
  • Regular security assessments of our systems and processes
  • Secure password policies and multi-factor authentication for internal systems
  • Encrypted storage for sensitive data at rest
  • Staff training on data protection principles and incident response procedures
  • Incident response plan for detecting, reporting, and investigating data breaches

While we strive to protect your personal data, no method of transmission over the internet is completely secure. We encourage you to use strong passwords and protect your account credentials.

9. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data where there is no compelling reason for continued processing.
  • Right to restrict processing: Request limitation of processing in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Withdraw consent at any time where processing is consent-based.
  • Right not to be subject to automated decision-making: We do not use automated decision-making that produces legal effects.

To exercise any of these rights, contact us at assist@vitspine.world. We will respond within one month, extendable by two further months for complex requests. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a notice on our website.

12. Contact Information

For any questions about this Privacy Policy or our data processing practices, please contact:

Vitspine Ltd
Data Protection Officer
29 Foubert's Place, London W1F 7QF, United Kingdom
Company Registration: 592314876
Email: assist@vitspine.world
Phone: +44 20 7434 3209