PREORDER NOW IN THE U.K. ON
Healf.com
The Ultimate Human Wellness (“we”, “us”) is dedicated a providing robust set of data privacy and security controls, ensuring you have peace of mind knowing that your data is in safe hands.
From IT & Cyber security implementations to organisational best practices, and also adherence and alignment with several legislations and regulatory standards, we take our compliance and security obligations incredibly seriously.
This Frequently Asked Questions (FAQ)section aims to provide clarity regarding these activities and should answerany questions you may have on these topics. However, if there is anything you think we have missed, or any concerns you have, feel free to reach out to us at privacy@theultimatehumanwellness.com.
To safeguard our community, The Ultimate Human Wellness encourages users to inform us of any security-related problems with our website. If you think you’ve discovered a vulnerability or other issue, we ask that you send us a thorough explanation of the problem, along with instructions on how we can reproduce it and/or a proof-of-concept.
Please give our team a reasonable amount of time to reply to your concern and resolve the issue after you submit it to us.We sincerely appreciate all that you do to keep our community safe.
Q. Which data protection laws do you adhere to?
A. We adhere to all applicable UK data protection laws and regulations governing the collection, processing, storage, and transfer of personal data. Specifically, our data protection framework is aligned with the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and the Data (Use and Access) Act2025.
Q. Do you have a Data Protection Officer(“DPO”)?
A. Yes, we have contracted the services of RGDP LLP as our Data Protection Officer. You can contact them via info@RGDP.co.uk
Q. What controls do you have in place to protect my personal data?
A. We use a variety of security measures to help prevent personal data from being accidentally or unlawfully accessed, shared or lost, or otherwise processed. When you provide us with your personal data, we take steps to make sure that data is kept secure and safe. We utilise Amazon Web Services for our cloud-storage purposes, providing client and server-side encryption both at rest and in transit, various logging and monitoring functionality to detect incidents and access attempts, and a number of access-management controls to ensure we protect against unauthorised access, and adhere to the principle of least privilege.
We will, where possible, pseudonymise your personal identifiers, sharing only a pseudonymised ID with our trusted partners, to reduce the risk involved during the provision of our services. We ensure that any third parties we involve in our processing follow our safety-first approach to handling your personal data.
Q. Why do you use my personal data?
A. We use your personal data whenever you purchase our products and services, interact with us online, or otherwise engage with us. We need to use your personal data in order to communicate with you, provide the products or services that you have requested, and support you throughout your engagement with us. We also store your data for managing your account, processing payment, and various other processing activities. For more information on this, see our Privacy Notice.
Q. Do you share my personal data?
A. We may share your personal data where it’s necessary for the provision of the product or services that you have requested from us. We may also share your personal data where we have your consent to do so or where required by law.
When you make a customer service enquiry, we will share your personal data with our customer support agents, who handle your personal data with care, and minimise the processing of your personal identifiers to only when it is absolutely necessary.
Q. Where can I read more about how you process my personal data?
A. We maintain our Privacy Notice, which explains how we use your personal data, what your data subject rights are, and how to exercise them.
Q. What international standards do you adhere to in relation to cyber & IT security?
A. Our business adheres to the SOC 2framework, ensuring that our systems and processes meet rigorous standards for security, availability, processing integrity, confidentiality, and privacy.
Q. Do you encrypt data in transit and at rest?
A. Yes, we and our trusted partners deploy industry standard encryption both in transit and at rest.
Q. Do you undertake penetration testing and/or vulnerability scanning?
A. Yes, we undertake both penetration testing via a third party, and conduct regular vulnerability scanning
Q. How do you protect against malware and phishing attacks?
A. We carry out staff training internally to help prevent phishing attempts, and to ensure appropriate handling of IT assets to protect against malware. We also govern our IT usage with specific policies considering malware and antivirus software.
Q. What organisational policies and procedures do you have in place?
A. We have established a comprehensive suite of policies and procedures covering a range of compliances and best practices; including UK Data Protection, Information Security, and IT Security.These include core overarching policies such as our Data Protection Policy andInformation Security Policy, but also include supporting policies such as ourAcceptable Use Policy, Breach Management Policy, Data Subject Rights Policy, and more.
Additionally, alongside our truster partners, we maintain a large suite of internal policies in relation to the handling of data, access control, incident response, backup plans, code of conduct, etc. These are in accordance with both SOC2 and HIPAA.
Q. What training do your employees receive?
A. Our employees receive training relevant to the handling and security of your data. This including data protection, detailing how to adequately protect data during their day-to-day activities, recognising data subject rights requests, and carrying out best practices in order to prevent data breaches from occurring. It also includes information security training, covering secure and appropriate usage of email and messaging, device and endpoint security best practices, and phishing awareness.
Q. What is your risk management strategy?
A. The Ultimate Human Wellness, through a trusted partner, maintains a risk assessment and treatment policy, and also maintains a risk register that is regularly reviewed and updated, capturing ongoing business risks, each with supporting information around risk acceptance and mitigation controls.
Q. Which industry standards or certifications do you adhere to?
A. As mentioned earlier, our business adheres to the SOC 2 framework, ensuring that our systems and processes meet rigorous standards for security, availability, processing integrity, confidentiality, and privacy.
Q. How do you manage access to information systems and the data stored within?
A. TheUltimate Human Wellness, through a trusted partner maintains strict access control policies, and follows the principle of least privilege for all systems.
Q. What measures are in place to protectIT assets?
A. We implement various policies and procedures to govern acceptable usage and handling of IT assets. We also have authentication and encryption controls in place to protect these assets.
Q. How do you deal with information security incidents?
A. When we first recognise that an information security incident has taken place, it’s important that we make it our top priority. We capture as much information as we can, about the scope of the incident, if personal or sensitive data is involved, if any IT systems are compromised, and then we ensure we draft an initial report on the incident. If required as per relevant legislation, we will share this report with the necessary regulatory authorities. We also focus on mitigating any actual or potential impact.
Following this, we conduct a full analysis of the incident, implementing permanent fixes where needed, documenting lessons learned, and ensuring our risk management materials are updated.
Rest assured, in the event of any information security incident, we understand our obligations and responsibilities to do everything we can to protect your information.
Q. Do you have a business continuity or disaster recovery plan?
A. Yes, we maintain a response plan in relation to business continuity and disaster recovery.
