Privacy policy

PRIVACY POLICY

Effective Date: 16.01.2026
Last Updated: 16.01.2026

1. Introduction

Nan Tai Centre (“we”, “us”, “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website nantaicentre.co.uk or purchase products from us.

We are the data controller responsible for your personal data. This means we determine how and why your personal data is processed.

Our Contact Details:

Nan Tai Centre
The Red Barn, Easton Lane, Easton, Winchester SO21 1DQ
Email: info@nantaicentre.co.uk
Phone: 07514 136605 / 01962 850 791

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

We may collect and process the following personal data about you:

Information You Provide to Us:

Contact Information: Name, email address, phone number, billing address, delivery address
Order Information: Products purchased, order history, payment information (processed securely by our payment provider)
Account Information: If you create an account, username and password
Correspondence: Any communications you send to us via email, phone, or contact forms
Clinic Appointments: If you book consultations, we may collect health-related information (see Section 3 for special category data)
Marketing Preferences: Your consent to receive marketing communications

Information We Collect Automatically:

Technical Data: IP address, browser type, operating system, device information
Website Usage: Pages visited, time spent on pages, referring website, clickstream data
Cookies: See our Cookie Policy for detailed information

Information from Third Parties:

Payment confirmation from payment processors (we do not store full card details)
Delivery status updates from courier services

3. Special Category Data (Health Information)

If you book consultations or discuss health conditions with our practitioners, we may process special category personal data including:

Medical history and current health conditions
Symptoms and treatment information
Information about medications and allergies
Other health-related information relevant to Traditional Chinese Medicine treatment

Legal Basis for Processing Health Data:

We process health data only:

With your explicit consent
For the purposes of preventive or occupational medicine, medical diagnosis, healthcare treatment provided by qualified health professionals
When necessary for the establishment, exercise or defence of legal claims

Your health information is kept strictly confidential and stored separately from general customer data with enhanced security measures.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

Order Processing and Delivery:

Process and fulfil your orders
Arrange delivery of products
Send order confirmations and dispatch notifications
Process payments and prevent fraud
Handle returns and refunds

Legal Basis: Performance of a contract

Customer Service:

Respond to your enquiries and requests
Provide customer support
Resolve complaints or issues

Legal Basis: Performance of a contract / Legitimate interests

Healthcare Services:

Provide Traditional Chinese Medicine consultations
Maintain treatment records
Provide follow-up care and advice

Legal Basis: Explicit consent / Healthcare purposes

Marketing Communications:

Send you information about our products, services, and offers
Send newsletters (only with your consent)

Legal Basis: Consent (you can withdraw at any time)

Legal and Regulatory Compliance:

Comply with legal obligations (e.g., tax, accounting)
Protect our legal rights
Prevent fraud and maintain security

Legal Basis: Legal obligation / Legitimate interests

Website Improvement:

Analyse website usage to improve user experience
Identify technical issues
Understand customer preferences

Legal Basis: Legitimate interests

5. Who We Share Your Data With

We may share your personal data with the following third parties:

Service Providers:

Payment Processors: To process your payments securely (e.g., Stripe, PayPal). They have their own privacy policies.
Courier Services: To deliver your orders (e.g., Royal Mail, DPD). We share only necessary delivery information.
Website Hosting: Our website hosting provider stores data on secure servers.
Email Service Providers: For sending order confirmations and communications.

Legal Requirements:

Law Enforcement or Regulatory Bodies: If required by law or to protect our legal rights
Professional Advisors: Lawyers, accountants, insurers where necessary

Business Transfers:

In the event of a sale, merger, or acquisition of our business, your data may be transferred to the new owner.

We do not:

Sell your personal data to third parties
Share your data for third-party marketing purposes without your explicit consent
Transfer your data outside the UK/EEA without appropriate safeguards

6. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures including:

Encryption: Secure SSL/TLS encryption for data transmission
Access Controls: Limited access to personal data on a need-to-know basis
Secure Storage: Data stored on secure servers with regular backups
Staff Training: Our team is trained on data protection principles
Password Protection: Strong password requirements for accounts
Regular Reviews: We regularly review and update our security measures

Payment Security: We do not store complete credit or debit card details. Payments are processed by PCI-DSS compliant payment providers who handle card data securely.

While we implement strong security measures, please note that no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes outlined in this Privacy Policy:

Customer Data:

Order and Transaction Records: 7 years (for tax and accounting purposes as required by UK law)
Contact Information: Until you request deletion or 3 years after your last interaction with us
Marketing Data: Until you unsubscribe or withdraw consent

Health Records (Clinic Patients):

Adult Patients: 8 years after last consultation (NHS guidelines)
Children (under 18): Until the patient’s 25th birthday or 8 years after last consultation, whichever is longer
Serious Incidents: Permanently or as required by law

Website Data:

Technical/Analytics Data: Up to 26 months
CCTV (if applicable): 30 days

After the retention period expires, we will securely delete or anonymise your personal data.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

1. Right of Access

Request a copy of the personal data we hold about you
Receive information about how we process your data

2. Right to Rectification

Correct inaccurate or incomplete personal data

3. Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data in certain circumstances
Note: We may need to retain some data for legal compliance

4. Right to Restrict Processing

Request that we limit how we use your data

5. Right to Data Portability

Receive your personal data in a structured, commonly used format
Transfer your data to another service provider

6. Right to Object

Object to processing based on legitimate interests
Object to direct marketing (we will stop immediately)

7. Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling

8. Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time
This does not affect the lawfulness of processing before withdrawal

How to Exercise Your Rights:

Email: info@nantaicentre.co.uk
Phone: 07514 136605 / 01962 850 791
Post: The Red Barn, Easton Lane, Easton, Winchester SO21 1DQ

We will respond to your request within one month. There is no charge unless your request is clearly unfounded or excessive.

9. Marketing Communications

Email Marketing:

With your consent, we may send you:

Information about our products and services
Special offers and promotions
Health tips and TCM information
Newsletters

How to Unsubscribe:

Click the “unsubscribe” link in any marketing email
Contact us at info@nantaicentre.co.uk
Update your preferences in your account settings

You will continue to receive essential service messages (order confirmations, delivery updates) even if you unsubscribe from marketing.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that help us:

Remember your preferences and settings
Analyse how you use our website
Improve website functionality
Provide personalised content

Types of Cookies We Use:

Essential Cookies:

Required for the website to function properly
Enable shopping basket and checkout functionality
Cannot be disabled

Analytics Cookies:

Help us understand how visitors use our website
Collect anonymous information about pages visited
Used to improve website performance

Marketing Cookies:

Track your browsing to show relevant advertisements
Only used with your consent

Managing Cookies:

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality.

For detailed information, please see our Cookie Policy [link].

11. Third-Party Links

Our website may contain links to third-party websites (e.g., social media, payment providers, health organisations).

Please note:

We are not responsible for the privacy practices of external websites
Third-party sites have their own privacy policies
We encourage you to read their policies before providing personal data

12. Children’s Privacy

Our products and services are intended for adults aged 18 and over.

We do not knowingly collect personal data from children under 18 without parental consent, except when:

A parent/guardian books an appointment for their child
The child is receiving treatment with parental consent

If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

13. International Data Transfers

We primarily store and process data within the United Kingdom.

If we need to transfer data outside the UK/EEA, we ensure:

The recipient country has adequate data protection laws, OR
Appropriate safeguards are in place (e.g., Standard Contractual Clauses)

You have the right to request information about international transfers and obtain copies of safeguards.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

Changes in laws or regulations
Changes to our business practices
Improvements to our services

When we make changes:

We will update the “Last Updated” date at the top
Significant changes will be highlighted on our website
We may notify you by email if the changes materially affect your rights

We encourage you to review this Privacy Policy periodically.

15. Complaints and Concerns

If you have concerns about how we handle your personal data, please contact us first:

Email: info@nantaicentre.co.uk
Phone: 07514 136605 / 01962 850 791

We will investigate and respond to your concerns promptly.

Right to Lodge a Complaint:

You have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

16. Contact Us

For any questions about this Privacy Policy or how we handle your personal data:

Nan Tai Centre
The Red Barn, Easton Lane, Easton, Winchester SO21 1DQ

Email: info@nantaicentre.co.uk
Phone: 07514 136605 / 01962 850 791

Opening Hours:

Tuesday-Friday: 9:30am – 5:00pm
Saturday: 9:30am – 3:00pm
Closed: Sunday & Monday

This Privacy Policy was last updated on 16.01.2026