Privacy Policy

Last Updated: 16/05/2023

Introduction

Gaia Fertility Ltd. (“Gaia”, “we”, “our”) is committed to protecting the privacy and security of the personal data we collect about end customers and users of our services (“you/your”).

The purpose of this privacy policy is to explain what personal data we collect from our end customers and users about you when you:

  • Create an account on our website;
  • Speak to our advisor;
  • Enquire about our products;
  • Request marketing to be sent to you;
  • Give us feedback or contact us;
  • Provide us with a scan of your document if this is required for “know your customer” or anti-money laundering purposes;
  • Interact with our website;
  • Contact us, including for assistance or sending feedback;
  • Request information about a clinic;
  • Receive treatment at one of Gaia’s partner clinics;
  • Complete our customer surveys, and
  • Browse the internet while on our website.

This notice provides you with information about your rights and obligations and explains how, why and when we collect and process your personal data. 

We take personal data seriously. Anything containing personally identifiable information is kept safe and we have put in place appropriate technical and other security measures to protect it. We need to collect certain types of information to allow us to make a decision on your request for financial and insurance products. We also need to comply with legal and regulatory requirements relating to anti-fraud, anti-money laundering, know your customer and responsible lending obligations. 

We will only collect the information we need to be able to provide you with the service you have requested. You need to make sure that the information you provide is accurate, complete, and not misleading. Your personal information may need to be disclosed when we are obliged to by law, for purposes of national security, taxation, defence of a legal claim or criminal investigations.

We also collect data from third-parties (see the ‘Third parties we collect personal data from’ below). When we do this, we are the data controller. Our website may contain hyperlinks to websites that are not operated by us. We urge you to review any privacy policies posted on any site you visit before using the site or providing any personal information about yourself.

Please read this privacy policy carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy policy you can contact us using the information provided below or by emailing us at dataprotection@gaia.family.

Who are we? 

We are Gaia Fertility Ltd. 

Our registered office is at Great Western Studios, 65 Alfred Rd, London W2 5EU, UK. 

We are registered in England and Wales under company number 12009812. 

We are registered on the Information Commissioner’s Office (ICO) Register under number CSN6144773. 

We can be contacted: 

If you want to contact us about anything data privacy related, you can do so at dataprotection@gaia.family.

This privacy policy covers our processing of personal data which relates to the following categories of data subjects. 

  • Member is a person who has signed a Gaia Membership agreement
  • Visitor is a person who has visited Gaia website

What is personal data?

Personal data’ is any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier.

Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

What personal data do we collect? 

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The personal data we collect about you depends on the purpose for which you engage with us. We may collect and use the following data about you:

  1. Identity - full name, marital status, title, date of birth.
  2. Contact - address, email address, telephone number(s), Gaia profile data.
  3. Financial - bank account and payment card details.
  4. Transaction - details about payments to and from you.
  5. Usage - details about how you use our website.
  6. Marketing and Communications - your preferences in receiving marketing from us and your communication preferences.
  7. Technical - internet protocol (IP) address, Gaia log in details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website
  8. Medical - health & lifestyle data, see “Special Categories of Personal Data” below.

Special Category Personal Data

Sometimes we will request or receive Personal Information that is sensitive due to its nature, and we call this “Special Category of Personal Data.” The types of Special Categories of Personal Data Information that we hold, and process include:

  • Health and lifestyle data – including details of pre-existing or past medical conditions, your family medical history, details regarding appointments and consultations with medical professionals, diagnoses, medical records, whether you do or have ever smoked, details regarding alcohol consumption.

Conditions for processing special category data

We will only process this data with explicit consent from the user. We may collect this data and your explicit consent, either before or after entering a contract and providing The Gaia Plan. Additionally, where we collect additional sensitive health and lifestyle data throughout the course of your engagement with us, we will always ensure that we have your explicit consent to do so.

Purposes for which we use personal data and the legal basis

When providing services to you, we may use your personal data for the following purposes and on the following lawful bases: 

Purpose: To register you as a new customer

Type of Data:

  1. Identity
  2. Contact

Lawful Basis for Processing: Performance of a contract with you

Purpose: To provide the Treatment Pathway Report to you

Type of Data:

  1. Identity
  2. Contact
  3. Health & Lifestyle

Lawful Basis for Processing:

  1. Performance of a contract with you
  2. Explicit consent (in relation to any Health & Lifestyle Data we need to process in order to provide the Treatment Pathway Report to you)

Purpose: To provide The Gaia Plan to you, including:

  1. To manage payments, fees and charges
  2. To collect and recover money owed to us

Type of Data:

  1. Identity
  2. Contact
  3. Financial
  4. Health & Lifestyle

Lawful Basis for Processing:

  1. Performance of a contract with you
  2. Explicit consent (in relation to any Health & Lifestyle Data we need to process in order to provide the Gaia Plan to you)
         

Purpose: To manage our relationship with you (including notifying you about changes to The Gaia Plan’s terms and privacy policy)

Type of Data:

  1. Identity
  2. Contact
  3. Marketing and Communications

Lawful Basis for Processing: Performance of a contract with you

Purpose: To enable you to leave a review, complete a survey or provide us with feedback

Type of Data:

  1. Identity
  2. Contact
  3. Usage
  4. Marketing and Communications
  5. Health & Lifestyle

Lawful Basis for Processing: Explicit consent (completing surveys will always be optional)

Purpose: To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Type of Data:

  1. Identity
  2. Contact
  3. Technical

Lawful Basis for Processing: Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

Purpose: To deliver relevant website content and marketing materials to you and to measure and understand the effectiveness of the marketing we send you

Type of Data:

  1. Identity
  2. Contact
  3. Usage
  4. Marketing and Communications
  5. Technical

Lawful Basis for Processing: Consent (subscribing to our marketing emails & communicates will always be optional)

Purpose: To carry out data analysis: including to ensure data accuracy and quality and for insurance risk modelling and product and pricing refinement 

Type of Data:

  1. Technical
  2. Usage
  3. Health & Lifestyle

Lawful Basis for Processing: Necessary for our legitimate interests (to define types of customers for The Gaia Plan, to keep our website updated and relevant and to develop our business)


Purpose: To make suggestions and recommendations to you about The Gaia Plan that may be of interest to you

Type of Data:

  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Health & Lifestyle

Lawful Basis for Processing: Necessary for our legitimate interests (to develop The Gaia Plan and grow our business)

Purpose: To carry out scientific and statistical research about fertility and IVF treatments

Type of Data:

  1. Identity
  2. Contact
  3. Health & Lifestyle

Lawful Basis for Processing: Archiving, research and statistics

Purpose: To perform credit and affordability checks in order to grant you credit

Type of Data:

  1. Identity
  2. Contact
  3. Financial

Lawful Basis for Processing: Explicit consent (conditional to the services provided by Gaia)

Purpose: To gather insights from customers about Gaia and the effectiveness of our marketing campaigns and engagement

Type of Data:

  1. Identity
  2. Usage
  3. Technical

Lawful Basis for Processing: Consent

Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information. 

Sharing your data and third parties

Third parties assist us in our marketing efforts, to deliver our products to you and in the provision of our services. The type of information shared will depend on the third party: it can be identity, contact, financial, transaction, usage, marketing & communications, technical and health & lifestyle, but will be limited to what is strictly necessary.

We only allow third parties to handle your personal data if we are satisfied, they take appropriate measures to protect your personal data. We also impose contractual obligations on our service providers, to ensure they can only use your personal data to provide services to us and to you.

We may disclose your personal data to law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations, including our principal firm Bluefriars Brokers Limited. You can read more about how Bluefriars Limited uses your Personal Information in their privacy policy: https://www.bluefriars.co.uk/privacy-and-legal

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring. Usually, data will be anonymised but this may not always be possible. The recipient of the data will be bound by confidentiality obligations.

The third parties we currently rely on or with whom we share personal data 

Accounting services

Gaia uses the accounting service Xero. You can read more about how Xero uses your Personal Information in their privacy notice.

Aircall

Aircall is a telecom company offering a cloud-based phone system which we use for communicating with our customers. You can read more about how Aircall uses your Personal Information in their privacy notice.

Amazon Web Services (AWS)

AWS is an industry-standard cloud service provider which we build our platform on and provide our web services through. You can read more about how AWS uses your Personal Information here.

Calendly

Calendly is a meeting scheduling automation platform. You can read more about how Calendly uses your Personal Information and Calendly’s activities in their privacy notice.

Docusign

We use Docusign for sending and signing our membership agreements and other legal contracts. You can read more about how Docusign uses your Personal Information in their privacy notice.

Fintern

Fintern is your loan originator for treatment costs repayment if you have a child. You can read more about how Fintern uses your Personal Information and Fintern’s activities in their privacy notice.

Fivetran

Fivetran is a data ingestion tool that connects with multiple sources of data. You can read more about how Fivetran uses your Personal Information in their privacy notice.

Google Analytics

Google Analytics allows us to see how users are finding out about Gaia and if our use of social or paid campaigns are working to draw users to sign up to our platform. 

You can read more about how Google uses your Personal Information here. You can also opt-out of Google Analytics here.

Google Cloud Services 

Google Cloud Services is a suite of cloud computing services that provides a series of modular cloud services including computing, data storage, data analytics and machine learning. You can read more about how GCS uses your Personal Information here.

Guy Carpenter

We use the Llyod’s broker Guy Carpenter to distribute our insurance product. You can read more about how Guy Carpenter uses your Personal Information in their privacy notice.

Hex

Hex is a tool used for data science analysis. You can read more about how Hex uses your Personal Information in their privacy notice.

Hubspot

We use Hubspot to manage all communication with our potential and existing members. You can read more about how Hubspot uses your Personal Information in their privacy notice.

Insurers

Beazley Furlonge Ltd and other insurance market participants help us provide you an insurance cover. When you give us your consent to the use of your personal information and your partner’s, if applicable, we might share data with the insurers to issue you an insurance policy in connection with your Gaia Plan. You do not have to give your consent and you may withdraw your consent at any time. However, if you do not give your consent, or you withdraw your consent, this may affect our ability to provide the insurance cover from which you benefit and may prevent the provision of cover for you or handling your claims. You can read more about how Beazley uses your Personal Information in their privacy notice.

Looker

Looker is a data visualisation tool used to analyse Gaia’s business. You can read more about how Looker uses your Personal Information in their privacy notice.

Mixpanel

Mixpanel allows us to see what pages visitors on our website and app visit. You can read more about how Mixpanel uses your Personal Information in their privacy notice.

Money services providers

Gaia uses different banks, money services providers and payment processors: GoCardLess, HSBC, Revolut, Stripe and Wise. You can read more about how they use your Personal Information in their privacy notices:

  • GoCardLess: https://gocardless.com/privacy/
  • HSBC: https://www.hsbc.co.uk/content/dam/hsbc/gb/pdf/privacy-notice-full.pdf
  • Revolut: https://www.revolut.com/legal/privacy/
  • Stripe: https://stripe.com/fr-gb/privacy
  • Wise: https://wise.com/gb/legal/global-privacy-policy-en

Partner Clinics

We might share data with the clinic you go to for treatment. This data might include medical data, identity and contact information. We will only share it with your treatment clinic where we have explicit consent to do so.

Prefect

Prefect is a data orchestration tool used for data pipelines. You can read more about how Hex uses your Personal Information in their privacy notice.

Snowflake

Snowflake is a cloud based database, used for storing data. You can read more about how Snowflake uses your Personal Information in their privacy notice.

TransUnion

We collect financial information and results of “politically exposed persons” or sanction checks received from the credit bureau TransUnion. Our sanctions check, credit check and affordability check processes include sharing and obtaining data from TransUnion. 

You can read more about how TransUnion uses your Personal Information here and TransUnion’s activities in their privacy notice.

Experian

We collect financial information and results of “politically exposed persons” or sanction checks received from the credit bureau Experian. Our sanctions check, credit check and affordability check processes include sharing and obtaining data from Experian. 

You can read more about how Experian uses your Personal Information here and Experian’s activities in their privacy notice.

Typeform

Typeform is an online software service that specialises in online form and survey building. 

You can read more about how Typeform uses your Personal Information here.

Vercel

Vercel provides infrastructure to easily deploy, distribute and host web applications. You can read more about how Vercel uses your Personal Information in their privacy notice.

Webflow

Webflow hosts our marketing website. You can read more about how Webflow uses your Personal Information in their privacy notice.

Meta

We use Meta for advertising and marketing purposes. We may share certain personal data, such as your contact information and website usage data, with Meta to target and deliver relevant advertisements to you. Please note that the collection and use of your personal data by Meta is governed by Meta's privacy policy. You can learn more about how Meta uses your personal information by reviewing their privacy policy

International Transfers of Personal Data

To provide products and services to you, it is sometimes necessary for us to share your personal data outside the UK, for example, with our service providers located outside the UK.

We may also send your data outside of the UK upon your data portability request, to comply with legal and regulatory duties, and to work with our agents and advisers that runs your accounts and services.

These transfers are subject to special rules under UK data protection law, as non-UK countries are not subject to the same data protection laws as the UK.

We will, however, ensure the international transfer complies with the UK GDPR and all personal data will be secure. Unless the location we are transferring personal data to has been deemed to provide personal data with an adequate level of protection by a decision from the Secretary of State, for example EEA countries, our standard practice is to enter into International Data Transfer Agreements with the relevant data importer and conduct a Transfer Impact Assessment to understand and mitigate any associated risks.

Cookies and Analytical Tools

We collect personal data by using cookies, server logs, visit statistics such as Google Analytics and other similar technologies. 

We may also record information within your browser that is necessary for the functioning of the website, for example whether cookie consent has been agreed to or progress through online form

We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details.

Please note that we do not alter our site’s data collection and use practices when we see a Do Not Track signal from your browser.

Definitions 

To make it clear, here are the definitions and uses of:

  • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, read our cookie policy on gaiafamily.com.
  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site. More information about the use of these can be found in our cookie policy.

How long we keep your data

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints, litigation and claims. 

After your relationship with Gaia ends, we may keep your data for the following scenarios:

  • To respond to any queries or complaints;
  • To show that we have acted and treated you fairly;
  • To maintain records according to rules and regulations that apply to us.

At the end of the retention period, we may also retain data for a longer period, and your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims.

Data Analysis and Research 

Gaia will anonymise your information for health-related studies, or research or evaluation in which Gaia will participate. The types of data which may be used for analysis and research purposes include details about a patient (e.g. age, cause of infertility, lifestyle), lab results (e.g. blood test results, hormonal levels), information about cycle planning, the cycle itself, the stimulation phase and egg collection (e.g. stimulation treatment, number of follicles, number of collected eggs), information about embryology and the embryo transfer, results of ultrasound scans, and details about the success or otherwise of a pregnancy. 

Once information is truly anonymised, it does not relate to a person and it is impossible to identify a person from that data. As a result this type of information falls outside data protection laws. 

The purposes for which Gaia will use this analysis and research information are:

  • To report on Gaia’s performance based on statistical studies (e.g., pregnancy rate, birth rate, etc.). Any reporting information will be aggregated, and it will never be possible to identify you from this.  
  • Improve Gaia’s services to you.

Marketing preferences

Both when you enter our site or sign up as a user, we will confirm that you have opted into our services. Any electronic marketing communications we send you will include clear instructions to follow should you wish to unsubscribe at any time.

You may also amend your contact preferences by emailing us at dataprotection@gaia.family.

How we protect your data

We are committed to ensuring that your information is secure. Appropriate security measures are in place to protect against loss, misuse, unauthorised disclosure, destruction, or alteration of information collected from you, including measures to prevent, as far as possible, access to our databases by parties other than Gaia.

We adopt the following technical and organisational measures to protect your personal data:

  1. Limit access to your personal information to those who have a genuine business need to know it. Those accessing and processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
  2. Have policies and procedures in place regarding treating personal data lawfully and appropriately, including a procedure to deal with any suspected data security breach. We will also notify you and the ICO of a suspected data breach where we are legally required to do so.
  3. Backups of information.
  4. Data protection training for staff.
  5. Encryption of personal data.
  6. Anonymisation of personal data.

Secure Online Services

You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.

Your rights and and options

You have certain rights in relation to the processing of your personal data, including to: 

  • Request access to your personal data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the personal data we hold about you.
  • Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. If you object to us using your personal data for marketing purposes we will stop sending you marketing material. 
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party (data portability).
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.  

Right to withdraw consent

In the circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, please contact us at dataprotection@gaia.family and we’ll respond within 30 days.  We will assess your request and if we decide not to act upon it or place certain restrictions on it, we will inform you of our reasons for this.

We may need to request specific information from you to help us confirm your identity before we can process a request from you to exercise any of the above rights.  This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/. Their address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by phone on 0303 123 1113 (local rate) or 01625 545745 if you prefer to use a national rate number. 

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. You can find details on how to report a concern at: https://ico.org.uk/make-a-complaint/.

Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at: dataprotection@gaia.family.

If you would like this website privacy policy in another format (for example: audio, large print, braille) please contact us at: dataprotection@gaia.family.

Changes to this privacy policy

We may update this policy (and any supplemental privacy notice), from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. Updated versions of this policy will be posted on our website. We will notify you by email if there are significant changes to this policy.

Last Updated: 16/05/2023