Your cart

Your cart is empty

Continue shopping

Privacy policy

Last updated: March 31, 2026

ITL Health EU/UK (the "Site," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and share information about you when you use our website, services, or make a purchase from itlhealth.eu (the "Site") or otherwise interact with us (collectively, the "Services").

We process your personal data in accordance with this Privacy Policy and applicable data protection laws.

1. Information We Collect

1.1 Information You Provide Directly

When you register, purchase products, or contact us, we collect:

  • Contact details: name, address, phone, email
  • Order information: billing/shipping address, payment details, order history
  • Account information: username, password, security questions (for consumer, practitioner, or shop accounts)
  • Trade account / practitioner info: business details, tax information, certifications if required
  • Customer support communications: messages, inquiries, and related information

Providing this information is necessary to use certain services, including purchases and trade accounts.

1.2 Information We Collect Automatically

We use cookies, pixels, and similar technologies to collect Usage Data, including:

  • Device information (type, OS, browser)
  • IP address and network information
  • Pages viewed, time spent, and interactions
  • Clicks on marketing emails and links

Device and IP information are collected to prevent fraud, enhance security, and improve user experience, in accordance with GDPR principles of data minimization and purpose limitation. This information helps us improve the Site, personalize your experience, and measure performance.

2. Cookies and Tracking

We provide a cookie preferences tool allowing you to:

  • Accept all cookies
  • Decline all cookies
  • Save your choices by category

Cookie Categories:

  • Required: Necessary for Site functionality, e.g., logging in, adding to cart.
  • Personalization: Stores your preferences for future visits.
  • Marketing: Used by us and partners (e.g., Shopify, Omnisend) to optimize marketing and show ads. Marketing cookies are only activated once you give explicit consent.
  • Analytics: Helps us understand user behavior and improve the Site. Analytics cookies are only set after you provide explicit consent via the cookie preferences tool. No analytics tracking occurs before consent.

Consent and Control:
We only activate marketing and analytics cookies after you give explicit consent. You can manage or withdraw your cookie preferences at any time through the cookie preferences tool or your browser settings. Blocking some cookies may affect Site functionality, but opting out of analytics cookies will not prevent you from using the Site.

3. How We Use Your Information

We use your information for the following purposes, based on applicable legal bases under GDPR/UK GDPR:

Purpose Legal Basis (EEA/UK)
Process orders, payments, and shipping Contract performance (Art. 6(1)(b))
Manage accounts, customer support Contract performance (Art. 6(1)(b))
Provide trade account features (discounts, reports) Legitimate interest (Art. 6(1)(f))
Marketing communications (emails, newsletters, and other similar communications) Consent (Art. 6(1)(a)) – Marketing communications will only be sent after explicit opt-in consent, and you can withdraw consent at any time using the unsubscribe link or account settings
Transactional Communications: We may send you transactional emails related to your orders or account (such as order confirmations, shipping updates, and account notifications). These communications are necessary for the performance of our contract with you and are not affected by your marketing preferences. These communications are based on contract performance (Art. 6(1)(b)) and do not require consent.
Personalized ads and product recommendations Consent (Art. 6(1)(a)) – Ads will only be personalized after consent, which can be withdrawn at any time
Fraud detection and security Legitimate interest (Art. 6(1)(f))
Website analytics and performance Consent (Art. 6(1)(a))


Automated Processing and Profiling:
We may use limited automated processing (including profiling) to provide product recommendations and personalize your experience. This does not produce legal or similarly significant effects on you. 

Legitimate Interests Assessment (LIA):
We process data for fraud detection, security, and website analytics to protect users, ensure proper functionality, and improve user experience. These interests are balanced against your rights and freedoms and do not override your privacy.

4. Sharing Your Information

We share personal data with:

  • Service providers acting on our behalf: Shopify (orders/accounts), fulfilment partners (shipping), Omnisend (marketing), Google Analytics (analytics), Odoo (for invoicing and accounting). All service providers are bound by data processing agreements and comply with GDPR/UK GDPR. All service providers are bound by data processing agreements, and we require them to process personal data in accordance with applicable data protection laws, including GDPR/UK GDPR. We take reasonable steps to ensure appropriate safeguards are in place.
  • Third-party warehouse partners: We share your name, shipping address, and order details solely for the purpose of fulfilling your orders.
  • Business partners / affiliates: Only with privacy compliance
  • Legal obligations: To comply with law, protect rights, or in business transactions (e.g., mergers)
  • With your consent: e.g., social media integrations

We do not intentionally collect special category data. We do not sell your personal data Links to Third-Party Privacy Policies:

5. International Transfers

Your data may be transferred outside the EU/UK. Where transfers are made to countries recognized as providing an adequate level of protection (such as Canada under PIPEDA) or otherwise using appropriate safeguards such as Standard Contractual Clauses or other GDPR-compliant mechanisms to provide an adequate level of protection.

6. Retention of Personal Data

We retain personal information only for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods include:

  • Orders and financial records: Up to 6 years to meet tax and legal obligations.
  • Marketing data: Retained until you unsubscribe, withdraw consent, or as otherwise required by law.
  • Accounts and profile information: Active accounts are retained as long as they are in use. Accounts that have been inactive for more than 2 years may be reviewed and deleted if retention is no longer necessary for providing our services or fulfilling legal obligations.
  • Support communications: Retained until resolved or as required by law.

We regularly review our retention practices to ensure personal data is not kept longer than necessary and that deletion or anonymization is carried out where appropriate.

7. Your Rights (EEA/UK)

Depending on your location, you may have the right to:

  • Access, correct, delete, or transfer your data
  • Receive your personal data in a structured, commonly used, machine-readable format and transfer it to another controller
  • Withdraw consent where previously given, including for marketing communications, personalized ads, and analytics tracking (withdrawal does not affect lawfulness of prior processing)
  • Object to processing, including marketing or analytics
  • Opt out of data sharing for marketing
  • Receive information about any data breaches affecting your personal information, where high risk is identified
  • File complaints with supervisory authorities
  • Restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or object to processing

Requests can be made at privacy@itlhealth.com. Identity verification may be required. We aim to respond within 1 month, as required by law.

8. Children's Privacy

Our Services are not intended for children under 16. We do not knowingly collect data from children. Parents/guardians may request deletion by contacting us.

9. Third-Party Links

The Site may link to third-party websites. We are not responsible for their privacy practices. Please review their policies separately.

10. Security

We implement appropriate technical and organizational measures, including encryption, access controls, and secure data storage, to protect personal information. While we strive to protect your data, no system can be completely secure. In the event of a data breach posing high risk to users, we will notify affected individuals without undue delay, as required by law.

11. Complaints

For concerns or complaints:

Email: privacy@itlhealth.com
Address: Suite 1, 7th Floor, 50 Broadway, London, ENG, SW1H 0BL, GB

EEA residents may also contact local supervisory authorities.

12. Contact

Questions about this Privacy Policy or your data rights can be sent to:

Data Protection Officer (DPO)
Email: privacy@itlhealth.com.
Address: Suite 1, 7th Floor, 50 Broadway, London, ENG, SW1H 0BL, GB

You may also contact us at info@itlhealth.com.

ITL Health Ltd (registered in the United Kingdom) and ITL Health (Ireland) Ltd (if applicable) act as data controllers depending on the customer's location. (this would apply to both UK and IE businesses since they have the same name)

13. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be communicated via the Site or by email if you have an account, with the updated version published with the "Last updated" date.