Transparency & Cookies

Version 2.4 | Effective Date: May 12, 2024

2. SCOPE OF DATA COLLECTION

In order to provide precision nutritional services, we collect 'Personal Data' and 'Special Category Data'. This includes, but is not limited to:

• Identity Information: Full legal name, date of birth, and gender identity for metabolic calculations.
• Contact Channels: Physical delivery address in Reading/Berkshire, secondary billing address, verified email, and mobile telephone numbers.
• Health & Biometric Data: This is 'Special Category Data'. We process information regarding food allergies, intolerances, medical conditions (e.g., Type 2 Diabetes, Celiac disease), and physical metrics (height, weight, body fat percentage) provided voluntarily.
• Transactional Records: A comprehensive history of meal plans purchased, payment methods (excluding full card numbers, which are tokenized by PCI-DSS compliant processors), and loyalty engagement.

3. LEGAL BASIS FOR PROCESSING

We process your data under the following lawful bases:

• Contractual Necessity: To fulfill your order and deliver meals to your specified location.
• Legal Obligation: For tax records and food safety traceability requirements under UK Food Standards Agency (FSA) guidelines.
• Explicit Consent: Specifically for the processing of Health Data to customize your nutritional profile.
• Legitimate Interests: To improve our menu engineering and secure our platform against fraudulent activity.

4. DATA RETENTION & DELETION

We do not retain data longer than necessary. Standard Identity and Transactional data are held for six (6) years following the end of the financial year of your last purchase to comply with HMRC audit requirements. Health data is deleted within twelve (12) months of account inactivity unless explicit renewal of consent is provided.

5. YOUR RIGHTS UNDER UK GDPR

As a data subject, you possess the following statutory rights:

• The Right to Access: You may request a 'Subject Access Request' (SAR) at any time. We will provide a machine-readable copy of all data we hold within 30 calendar days.
• The Right to Rectification: If your biometric data or address is inaccurate, you have the right to demand correction.
• The Right to Erasure ("Right to be Forgotten"): You may request the deletion of your account. Note that this is subject to our legal obligations for tax retention.
• The Right to Restrict Processing: You may opt-out of automated profiling used for menu recommendations.

6. INTERNATIONAL DATA TRANSFERS

While our primary servers are located within the United Kingdom, certain third-party processors (e.g., cloud analytics) may process data in the EEA or USA. In such cases, we ensure 'Standard Contractual Clauses' (SCCs) are in place to maintain a level of protection equivalent to the UK GDPR.

7. LIABILITY LIMITATIONS & SERVICE TERMS

While we use medical-grade research for our meal planning, JUST PREP IT LTD is not a medical provider. Our plans are suggestions and should be reviewed by your physician if you have pre-existing conditions. We are not liable for adverse reactions to ingredients disclosed on our labeling.