Privacy Policy
Effective Date: 01.01.24
1. Definitions:
1. Gopi Ltd (The “company”, “us”, “we”, or “our”) operates the gopi.life website. This also covers reference to its employees and resources.
2. “Service” is the website gopi.life operated by Gopi Ltd and all educational work undertaken by Gopi Ltd. It also refers to all products available within the Service. It also refers to any consultancy, education, educational support or information you receive from Gopi Ltd and its employees and resources.
3. “Client”, “practitioner”, “you”, “your”; this refers to the individual purchasing/using the Service from Gopi Ltd.
4. “Terms and Conditions”; this refers to the terms of usage and conditions under which all purchases are pursued and the website is utilised.
5. “GDPR” means Regulation (EU) 2018 of the European Parliament and of the Council of 25 May 2018 on the protection of natural persons with regard to the processing of Personal Data and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119/1.
6. “Personal Data” refers to data about a living individual who can be identified from that data (or from other information either in our possession or likely to come into our possession).
7. “Usage Data” is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
8. “Special Category Data”; is personal information of Data Subjects that is especially sensitive; Personal Data revealing political opinions, Personal Data revealing religious or philosophical beliefs, Personal Data revealing trade union membership, genetic data, biometric data (where used for identification purposes), data concerning health, data concerning a person’s sex life and data concerning a person’s sexual orientation.
9. “Cookies”; cookies are small pieces of data stored on your device (computer or mobile device).
10. “Data Controller”; Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purposes of this Privacy Policy, we are a Data Controller of your Personal Data.
11. “Data Processors”; Data processors (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of other Service Providers in order to process your data more effectively. In these instances, we will ensure that the relevant agreements will be in place to ensure the security of your data to the best of our ability.
12. “Data Subject” or “User”, “you” or “your”; Data subject is any living individual who is using our Service (whether directly or through a representative) and is the subject of Personal Data.
2. General Information:
1. This document informs you of our policies regarding the collection, use and disclosure of Personal Data when you use the Service and the choices you have associated with that data.
2. It is important that you read this Privacy Policy together with any other Privacy Policy or fair processing policy we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data.
3. We use your data to provide and improve the Service. By using the Service, and accepting that you have read and understood our Privacy Policy, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use.
4. We use administrative, technical and physical safeguards to protect your Personal Data, taking into account the nature of the Personal Data and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your Personal Data secure.
5. In a situation where you are using the Service, but in aid of a third party, or when you are using the Service on behalf of someone else, remember to obtain appropriate authorisation prior to providing this data.
6. In accordance with Article 14 of UK GDPR please ensure that they have read and understood how their data is used and shared before authorising the use of their data.
7. This document governs your use of this Website or Service and you should cease using the Service if you do not agree with these provisions.
8. We will use reasonable efforts to include up-to-date and accurate information in the Service, but make no representations, warranties, or assurances as to the accuracy, currency, or completeness of the information provided. We shall not be liable for any damages or injury resulting from your access to, or inability to access, the Service (including all products), or from your reliance on any information provided on the Service.
9. The Service does not constitute in any way medical advice and should not be taken as such. If you have medical concerns contact your GP, Local Health Service or an accredited medical professional.
10. Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3. Copyright:
1. All content of the Service is owned or controlled by Gopi Ltd and is protected by worldwide copyright laws. You may not download content for your personal or professional use and no modification or further reproduction of the content is permitted without prior written Consent from Gopi Ltd. The content may otherwise not be copied or used in any way.
2. The trademarks, service marks, trade names, trade dress and products in the Service are protected internationally. No use of any of these may be made without prior written authorisation of from us, except to identify the products or the Service. Information, products, processes and technologies described as a part of the service may be subject to other intellectual property rights.
4. Information Collection and Use:
1. We collect several different types of information for various purposes to provide and improve the Service to you. These our outlined along with their legal basis below. We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
2. Where we need to perform the contract we are about to enter into or have entered into with you.
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
4. Where we need to comply with a legal obligation.
4a) What data do we collect?
1. Financial/Billing/Transaction data:
2. We collect data necessary billing information to process your payment if you make a purchase. We do not store or retain any payment details once the purchase is complete. Please be aware there may be a record of your personal details on a bank statement depending on how you make a purchase. This is not a record we are able to remove as legally we must maintain a record of it.
4b) Identity and Contact Data:
1. When using the Service, we may ask you to provide us with certain personally identifiable information that can be used to contact, identify or verify you (“Personal Data”. Personally identifiable information may include, but is not limited to):
• Email address
• First and last name
• Phone number
• Address
• Company name
• License number/proof of qualification
• Clinical degree
1. We also store information from you when you communicate with us regarding the provision of the Service, including email, postal mail or telephone.
2. While every effort is made to protect the privacy of communications, please be aware that any information disclosed over the internet is very difficult to 100% protect.
4c) Profile Data:
1. This may include your username and password (where these were generated for you), your preferences, order records, questionnaire responses.
5. Usage Data:
1. We may also collect information on how the Service is accessed and used (‘Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of the Service that you visit, the time and data go your visit, and other diagnostic data.
2. The data is anonymised before being used for analytics and web performance processing. We will not identify you through analytics information, and we will not combine analytics information with other data sets in a way that would identify who you are. We use this information for our internal analytics purposes and to improve the quality of the Service.
6. Statistical Data:
1. Information inputted into the website may be stored for statistical analysis. However, this data will be anonymised at the point of input at which point will become a statistic. As the data is used to gather statistical analysis, please ensure it is correct and accurate. Failure to do this will be considered fraudulent. Information gathered when providing our service may also be anonymised into statistical data.
7. Client Data:
1. When inputting/sharing data on behalf of someone else, it is important to make them aware that their data is being shared, their data rights and gain their Consent for the data to be used. When ordering for a client, personal information may be collected, including (but not limited to):
• Name
• Age
• Sex
• Address
• Any notes that you provide when booking a consultation
1. This information is stored for the purpose of fulfilling our obligations and providing the service. It may also be stored for marketing, statistical analysis and for ease-of-use for our Clients.
2. If you do not obtain Consent from the Data Subject, please refrain from using the website until they have Consented to their data being shared by you.
3. Personal Data shared with us in order to provide the Service, which may be provided through communications that are not the website. When data is shared in this way either on your behalf or the behalf of a Data Subject, it is essential to ensure they have read and understood our Privacy Policy and understand how their data may be gathered, used, retained and also their data rights. Please ensure to gain Consent before disclosing any personal information for a third party.
8. Aggregated Data:
1. We also collect, use and occasionally share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity.
2. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
9. Special Category Data:
1. Special Category Data we may process is data relating to health. However, we note that we are not a company run by medical professionals and the Service in no way constitutes medical advice. If you have any concerns about your health or the health of someone who’s data you are processing, please contact your GP or an accredited medical body.
2. Any health data provided by you, or on behalf of someone else should only be provided when consent is given. This data may be collected by us in order to give context to consultation bookings or for informational purposes. We do not claim to treat, diagnose or cure and any medical concerns should always be addressed by your GP.
3. Special Category Data processed through communications with us are processed to provide detailed and tailored educational support on a ‘case by case’ basis. In the instances whereby the Data Subject is identifiable, the data will be maintained or processed on a secure server or in a hard-copy format that is locked. Communications relating to personal information may also take place over Whats-app and will be end-to-end encrypted. Any Personal Data shared will be protected to the best of our ability and should not be shared without the Consent of the Data Subject.
4. How do we collect our data?
10. You directly provide us with the data we collect. We collect data and process data when you:
• Register through the company in order to obtain your login user information.
• Contact us.
• Use the Service
• We may also collect Usage Data through the website for example, number of uses per week. However, this will be analysed into a figure and will not be personally identifiable.
11. Use of Data:
Data is used:
1. To provide and maintain the Service
2. To notify you about changes to the Service
3. To allow you to participate in interactive features of the Service when you chose to do so
4. To provide customer support
5. To gather analysis or valuable information so that we can improve the Service and maintain a high standard
6. To monitor the usage of the Service
7. To detect, prevent and address technical issues
8. To respond to your queries efficiently
9. To meet our contractual commitments to you
10. To maintain the account you create or use on our Website
11. To provide you with information you request from us
12. Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR):
1. If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.
2. We may process your Personal Data because:
• We need to perform a contract with you
• You have given us permission to do so
• The processing is in our legitimate interests and it’s not overridden by your rights
• For payment processing purposes
• To comply with law
13. Legitimate Interest:
1. When using Personal Data, if used in ways that would reasonably be expected by the Data Subject, the legal basis is covered by Legitimate Interest. We do not process any ‘hidden’ Personal Data, and only processes minimal Personal Data that is essential in order to provide the Service. We do not sell on Personal Data.
2. In order to conduct the Service, the processing of Personal Data is fundamental and therefore covered as Legitimate Interest.
3. While processing Personal Data is essential for the Service, we make every effort to make sure our Data Subject’s data is as protected as possible.
14. Consent:
1. By using the Service, you Consent to the collection and use of information as outlined within this document. The processing of Personal Data is essential for verification and for the Service and so is fundamentally a prerequisite. If you do not wish for your Personal Data to be processed, please do not use the Service.
2. If you are stating Consent on behalf of somebody else e.g. a client, or sharing their data with us, you must ensure that they have been made fully aware of how their data will be collected, used, maintained, stored, shared (if relevant) and of their rights. This must be done in language that is easy to understand and age-appropriate.
3. Please note that where applicable, you have the right to withdraw Consent at any time, although this will not affect the lawfulness of any processing carried out before the withdrawal (Article 7(3)).
4. If you are using the Service on behalf of someone with some form of mental or physical disability, please ensure they are able to give informed Consent, or that you have obtained Consent from their Health Power of Attorney or carer with authorisation/the authority to do so.
5. If you have any concerns regarding your personal information that we may hold please contact us.
15. Contract:
1. In order for the provision of the Service, and in order to uphold contractual obligations, certain personal data must be processed.
2. This includes, but is not limited to;
• Billing Data (Including a shipping address)
• Client Data; this will need to be processed in order to provide the Service correctly and fulfil our contract with our users.
• Profile Data
• Identity & Contact Data
• In some circumstances it may also include Special Category Data. See below.
16. Lawful Basis for Processing Special Category Data:
Article 6 of UK GDPR:
1. Consent- by stating that you have read and understood this Privacy Policy you Consent to the processing of personal and Special Category Data. If you are inputting personal or Special Category Data on behalf of someone else please ensure you gain Consent from them prior to using the Service or providing us with any information. This Consent may be withdrawn at any time. For clarification, please see your rights below.
2. Legitimate Interest- the processing of Special Category Data is necessary for us to provide the Service.
3. Contract- the processing of Special Category Data is necessary for us to perform our contract with our users and clients.
4. Article 9 of UK GDPR:
5. When data is collected and processed for the purposes related to provision of the Service; the legal grounds for processing is your voluntary Consent and intent to take advantage of the solutions provided (legal grounds under Article 9(2)(a) of GDPR).
17. Transfer of Data:
1. Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
2. If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United Kingdom and processes it there.
3. Your Consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
4. In such circumstances as a transfer of data is necessary in order to fulfil our contractual obligations it is covered under Contract as legal basis.
5. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
18. Disclosure of Data:
1. Disclosure for Law Enforcement
2. Under certain circumstances, we may be required to disclosure your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
19. Legal Requirements:
We may disclose your Personal Data in the good faith belief that such action is necessary to:
• Comply with a legal obligation
• To protect and defend the rights or property of the company
• To prevent or investigate possible wrongdoing in connection with the Service
• To protect the personal safety of users of the Service or public
• To protect against legal liability
20. Security of Data:
• The security of your data is important to us, but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
21. Storing, Managing, and Transferring Data:
1. The personal information that we collect is stored centrally on secure servers within the EU & UK.
2. We have a strict data retention policy, where we have a justifiable business or legitimate legal reason to store data. Data with no legal or business purpose to retain, is erased with immediate effect and is not stored. Please note that the transmission of information via the internet (including email) is not completely secure and therefore, although we endeavour to protect the personal information you provide to us, we cannot guarantee the security of data sent to us electronically and the transmission of such data is therefore entirely at your own risk.
3. Personal Data, may also be transferred to, and maintained on, computers located outside of the European Economic Area, where the data protection laws may differ from the GDPR. This will only be done for the prevision of services. If we provide the Personal Data beyond the European Economic Area, and in particular to any third countries, such provision will take place on the basis of appropriate legal mechanisms, such as Executive Decisions of the Commission (EU), standard contractual clauses applicable, or other similar legal instruments specified on the content of GDPR.
4. To ensure that you have adequate control over your Personal Data transferred outside the European Economic Area, you will have the right to obtain a copy of your Personal Data transferred to third countries at any time. If you wish to obtain a copy of your Personal Data held by a partner company, you will need to contact them directly.
5. We shall process data in accordance with the relevant provisions in your country, for example if you are located in the European Economic Area (EEA), the GDPR shall be adhered to and your data protected accordingly. If an international transfer of data must take place in order provide the service agreed, data shall only be transferred where:
• The applicable country meets the requirements and has therefore been granted a European Commission on Adequacy.
• A US-EU Privacy Shield Exists
• Appropriate safeguards have been applied, such as a EU Model Contract.
6. Third Party Link:
1. The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
2. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Policy of every website you visit.
3. We only use plugins necessary for website function, if you would like any further information about which plugins process your data please contact contact@gopi.life.
22. Data Retention:
Under UK GDPR, a company may hold information for a foreseeable event that many never occur provided it is justifiable. Under this precedent, we maintain personal information in the event that a user wishes to see the information that has been provided historically, that has contributed to our statistical analysis and data platform.
1. We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
2. We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Service, or we are legally obligated to retain this data for longer time periods.
3. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
4. All essential contact information will be kept for a duration of 6 years for the purpose of accountancy records. After this point the information will be archived, unless a person exercises their right to removal. If this is exercised, it will be determined what, if any, information needs to be retained by us to comply with current laws.
5. All personal information that is collected and anonymised as a statistical data set will be retained as long as that statistical information is still relevant to the company or any educational information/statistical analysis that it is needed for. Please note that once data has been added to a statistical data set, as it is anonymised, we would be unable to remove this data. However, once it is part of the data set it is no longer Personal Data as it would not be identifiable.
6. All correspondence including personal information will be kept for a period of 5 years in case it is needed for reference in continuing communications/education. After this period it will be archived or deleted. Please note that although we make every effort to delete or archive all information, it is often difficult to compile every digital communication (particularly when it is spread across different platforms of communication) and so will likely never cover 100% of communication.
7. Personal Data will be kept for a period of 5 years as it is unlikely that we have a direct relationship with you/our Users beyond this period. In the cases where a relationship is ongoing, data will be retained until such time that the relationship ceases, at which point the data will be archived, unless a Data Subject exercises their right to removal. If this is exercised, it will be determined what, if any, information needs to be retained by us to comply with current laws.
8. In some circumstances you can ask us to delete your data: see your legal rights below for further information.
9. In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
23. Service Providers:
1. We may employ third party companies and individuals to facilitate the Service (“Service Provide”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how the Service is used.
2. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
24. Analytics:
1. We may use third-party Service providers to monitor and analyse the use and results of the Service.
2. When you use the Service, we may perform analytics on your actions in order to improve the Services, so that you receive a better user experience. Analytics is done for two purposes and on the following legal bases:
3. We analyse the data collected during your use of the Service in order to improve the Service and products, and the legal basis is our legitimate interest (legal basis in Article 6(1)(f) of GDPR) understood as the need to provide the Service and products of the highest quality, corresponding to the needs of users, to develop software functionality, to improve its accuracy and correctness.
4. The recipients of your Personal Data may include:
• Entities authorised by law on the basis of proper request (courts, authorities);
• Entities providing accounting, IT, Marketing, Communication, Analytical and legal services.
• Subcontractors with whom we cooperate.
25. Data Security:
1. We are committed to implementing appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of Personal Data to be protected (in accordance with Article 32(1), UK GDPR).
2. We have put in place appropriate security measures to prevent your Personal Data from being used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
3. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
26. Protection against claims and recovery of claims:
1. We may process your Personal Data in order to assert or defend against possible claims related to the contact or processing of your Personal Data and the processing is based on a legitimate interest (Article 6(1)(f) GDPR), understood as the possibility to assert or defend against claims.
2. The data will be processed until the statute of limitation for the respective claims has expired.
27. Anonymised/ Pseudonymised data:
1. In the instances where Personal Data is collated as a part of a data-set for statistical analysis, educational resources or market research, the data will be anonymised.
2. We make every attempt to anonymise all data handled on, and provided to, the website. All login details are anonymised digitally and all hard-copy records are stored securely.
28. Payment:
1. When providing the Service/Products, we may use third-party services for payment processing (e.g. Payment Processors).
2. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
3. The payment processors we work with are:
• Stripe
• Their Privacy Policy can be viewed at https://stripe.com/us/privacy
• Paypal
• Their Privacy Policy can be viewed at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
29. Your Data Protection Rights:
1. Your Data Protection Rights Under General Data Protection Regulation (GDPR)
2. If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend delete, or limit the use of your Personal Data.
3. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
4. You have the following data protection rights:
5. The right to access, update or to delete the information we have on you.
6. The right to rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
7. The right to object. You have the right to object to our processing of your Personal Data.
8. The right of restriction. You have the right to request that we restrict the processing of your personal information.
9. The right to data portability. You have the right to be provided with a copy of the information we have on you in a structures, machine-readable and commonly used format.
10. The right to withdraw Consent. You also have the right to withdraw your Consent at any time where we relied solely on your Consent to process your Personal Data.
11. Please note we may ask you to verify your identity before responding to such requests.
12. Please note we may also ask for clarification/specification on which data it is you are requesting, in circumstances where certain data is anonymised or we hold large volumes of data or it required access to our archives in order to obtain or remove the desired data.
13. Please note we are obligated and will comply with your data protection rights to a reasonable extent.
14. In cases whereby a data request is deemed excessive or manifestly unfounded, we may charge a reasonable free to provide the data, taking into account the administrative costs of providing the information or communication.
15. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
16. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
30. Children’s Privacy:
1. The Service does not directly address anyone under the age of 18 (“Children”).
2. We do not knowingly collect personally identifiable information from anyone under the age of 18 without parental Consent. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental Consent, we take steps to remove that information from our servers.
3. If you are providing us with Personal Data relating to anyone under the age of 18, please ensure you have gained informed Consent from a parent/guardian and have made them aware of their rights when doing so. It is also important before disclosing any personal information of anyone between the ages of 14 and 18 to us to ensure that they also understand how their data is being used and Consent to it.
31. Personal Data and Your Duty to Inform Us of Changes:
• It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
32. Changes to the Privacy Policy:
1. We keep our Privacy Policy under regular review. [This version was last updated on 17.01.2024].
2. We may update our Privacy Policy from time to time. We will show this by updating the Privacy Policy on our website, and update the date at the top of the new Privacy Policy.
3. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on the website.
33. How to contact the appropriate authority:
• Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.
Telephone: 03031231113