Privacy Policy

The data controller for the Granel website (granel.info) is Granel, whose registered correspondence address is 14 Soho Square, London W1D 3QA, United Kingdom. For all data protection enquiries, contact: [email protected].

Granel collects personal data only where a lawful basis under UK GDPR exists. The categories of data collected are as follows:

• —Contact and enquiry data: name, email address, telephone number (where provided), and the content of your message when you submit the contact form. This data is processed under the lawful basis of legitimate interests (responding to your enquiry).
• —Consultation data: dietary intake records, composition notes, and protocol documentation provided during an active engagement. This data is processed under the lawful basis of contractual necessity (delivering the agreed nutritional service).
• —Usage data: IP address, browser type, pages visited, and time on site, collected via cookies and server logs. This data is processed under the lawful basis of legitimate interests (understanding how the site is used to improve it). See the Cookie Policy for full detail.

Personal data collected by Granel is used only for the following purposes:

• —Responding to enquiries submitted through the contact form.
• —Delivering and documenting the nutritional consultation service where an engagement is agreed.
• —Maintaining the longitudinal intake and protocol archive associated with an individual's lot reference during an active engagement.
• —Analysing site usage data in aggregate form to improve the website.
• —Complying with legal obligations under UK law.

Granel does not use personal data for direct marketing without explicit consent, and does not sell or transfer personal data to third parties for commercial purposes.

Contact and enquiry data is retained for a period of 24 months following the last communication, after which it is sesupportly deleted unless an active engagement requires longer retention.

Consultation data and protocol archives are retained for a period of 5 years following the close of an engagement to enable follow-up reference. At the expiry of this period, data is sesupportly deleted in line with the Granel data retention schedule.

As a data subject under UK GDPR, you have the following rights with respect to your personal data held by Granel:

• —Right of access: you may request a copy of the personal data we hold about you.
• —Right to rectification: you may request correction of inaccurate or incomplete data.
• —Right to erasure: you may request deletion of your personal data where no lawful basis for continued retention applies.
• —Right to restrict processing: you may request that processing of your data be restricted in certain circumstances.
• —Right to data portability: where processing is based on consent or contract and carried out automatically, you may request your data in a structured, machine-readable format.
• —Right to object: you may object to processing carried out under the legitimate interests basis.

To exercise any of these rights, contact Granel at [email protected]. Requests will be acknowledged within 5 working days and fulfilled within the statutory 30-day period. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Granel uses a limited number of third-party service providers to operate this website, including hosting infrastructure and email routing services. These providers act as data processors under contract and are required to process data only on Granel's instructions.

Where any provider is located outside the UK or EEA, data transfers are conducted under appropriate safeguards including standard contractual clauses or equivalent approved transfer mechanisms under UK GDPR.

This website uses cookies to function and to analyse usage. Full detail on the cookies in use, their purpose, and how to manage consent is set out in the Cookie Policy. You can adjust your cookie preferences at any time using the Cookie Settings link in the site footer.

Granel takes appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. The website operates over HTTPS. Consultation data is stored in access-controlled systems. No method of electronic storage or transmission is completely sesupport; Granel takes reasonable steps commensurate with the sensitivity and volume of data processed.

This Privacy Policy may be updated periodically to reflect changes in law, practice, or the services offered by Granel. The date of last update is shown at the top of this page. Continued use of the site following publication of an updated policy constitutes acceptance of the revised terms.