Privacy Policy

Cookie categories

Cookies are small text files stored on your device. We use cookies and similar technologies to keep the site working, understand performance, and support advertising measurement when you consent. Cookies on this website are divided into exactly three categories:

1. Essential cookies

Purpose: core site functionality, security, session management.
Examples: session_id, csrf_token, cookie_consent_status.
Consent required: NO. Essential cookies are activated automatically because the site cannot function properly without them.
Retention: session duration or up to 12 months for preference storage.

2. Analytics cookies

Purpose: measuring traffic, user behavior, site performance.
Tools: Google Analytics 4.
Examples: _ga, _ga_XXXXXXX, _gid, _gat.
Consent required: YES. Analytics cookies activate only after you accept them.
Retention: up to 14 months.

3. Marketing / advertising cookies

Purpose: remarketing, personalized ad delivery, conversion tracking.
Consent required: YES. Marketing cookies activate only after you accept them.
Retention: up to 540 days (Google Ads default).

Marketing cookies disclosures

When you consent to marketing cookies, we and our partners may use tracking technologies to deliver ads, measure performance, and show relevant messages to people who previously visited the site. The following disclosures describe how this works:

Third-party vendors, including Google, use cookies to serve ads based on a user's previous visits to this website and other sites on the internet.

We may work with advertising partners such as Google and Meta to deliver advertisements tailored to your interests across various websites and platforms.

We may use remarketing services to advertise to previous visitors of our website. After visiting our site, you may see our ads on other websites, apps, or platforms you visit.

Advertisements may appear across Google services including YouTube, Gmail, and the Google Display Network.

We use the following tracking technologies on this website:

Cookies (first-party and third-party)
Tracking pixels (Google Ads tag / gtag.js, Meta Pixel)
Device identifiers (browser fingerprint, IP address)
Conversion event tags

We use conversion tracking to understand which advertisements lead to actions on our website such as form submissions, calls, or purchases. This allows us to measure campaign effectiveness and allocate budget appropriately. Conversion data may be shared with Google Ads and Meta.

Advertising and analytics technologies active on this site:

Google Ads (gtag.js / Google Tag Manager)
Google Analytics 4
Google Remarketing Tag
Meta Pixel (Facebook / Instagram)

You may opt out of personalized advertising at any time:

Google Ads Settings: https://adssettings.google.com
Your Online Choices (EU): https://www.youronlinechoices.eu
Network Advertising Initiative: https://optout.networkadvertising.org
Digital Advertising Alliance: https://optout.aboutads.info

Opting out does not remove ads entirely. You will continue to see non-personalized advertisements.

To change cookie categories at any time, use the clearly visible link labeled Manage cookie preferences in the website footer. This opens the cookie panel where you can accept or reject each category independently.

Consent requirements

Our cookie consent banner offers three options: Accept All, Reject Non-Essential, and Manage Preferences. Analytics and marketing cookies are not activated unless you consent. Your choice is stored in localStorage for 12 months, and the banner can be dismissed without accepting.

By clicking 'Accept All Cookies', you consent to the storing of cookies on your device for analytics and advertising purposes, including personalized advertising delivered by Google and Meta. You may withdraw consent at any time through the cookie preferences panel without affecting the lawfulness of processing that occurred before withdrawal.

Users in the European Economic Area and the United Kingdom receive this consent notice in compliance with the General Data Protection Regulation (GDPR) and UK GDPR. Marketing and analytics cookies are activated solely after explicit, informed, freely given consent under GDPR Article 6(1)(a). Consent is recorded with a timestamp and may be audited upon request.

You may withdraw consent at any time by clicking 'Manage cookie preferences' in the website footer, or by clearing cookies via your browser settings. Withdrawal does not affect processing that occurred while consent was valid.

Data Sharing with Advertising Partners

We share certain data with advertising partners for campaign delivery and measurement. Recipients and the data categories shared include:

Google LLC

cookie identifiers, conversion events, anonymized behavioral data, remarketing lists. Governed by Google's Privacy Policy: https://policies.google.com/privacy

Meta Platforms, Inc.

pixel events, conversion data, custom audiences. Governed by Meta's Data Policy: https://www.facebook.com/privacy/policy

We do not sell personal data. All transfers to Google and Meta operate under Standard Contractual Clauses where applicable. Data is processed for ad targeting and campaign measurement only, not resold to unaffiliated third parties.

Google and Meta may use this data across their own platforms in accordance with their respective policies. We encourage users to review those policies directly.

Lead Forms and Contact Requests

When you submit a contact form, request a quote, or register interest in our services, we collect the information you provide. This typically includes: full name, email address, phone number, and your message.

Legal basis: consent (GDPR Art. 6.1.a) and, where a service relationship exists, performance of a contract (GDPR Art. 6.1.b).

Retention: form submission data is retained for up to 2 years from the date of submission, unless a longer period is required by applicable law.

You may request deletion of your data at any time by contacting us at the email address in this policy.

A link to this Privacy Policy appears adjacent to every submission button on this site. Submitting a form constitutes acknowledgment of this policy.

Google Services and Advertising

This website uses the following Google services:

Google Analytics 4: collects anonymized usage data, device info, and behavioral signals. IP anonymization is enabled. Data retention is set to 14 months. Users may opt out via the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
Google Ads Conversion Tracking: records when a user completes a defined action (form submission, call, purchase) after clicking one of our ads. This data is used solely for measuring ad campaign performance.
Google Remarketing: allows us to show ads to previous visitors across Google's network. Remarketing lists are not created from sensitive data categories (health, finance, religion, sexual orientation).
Google Tag Manager: deploys tracking tags on our behalf. No personal data is collected by GTM itself; it acts as a container for the tags listed above.

Google's advertising products are governed by: https://policies.google.com/technologies/ads

Meta Advertising Services

This website uses the Meta Pixel to measure the effectiveness of our advertising on Facebook and Instagram. The pixel may record:

Page views and time on site
Specific conversion events (form submissions, purchases)
Custom audience membership for retargeting purposes

We do not use the Meta Pixel to collect sensitive personal data, nor to target users based on health status, financial situation, religion, political views, sexual orientation, or any other special-category attribute prohibited under Meta's advertising policies.

Meta acts as an independent data controller for data collected via its Pixel and processed within its own platform. Refer to Meta's Data Policy: https://www.facebook.com/privacy/policy

To manage your ad preferences on Meta platforms, visit: https://www.facebook.com/adpreferences/

Prohibited content self-declaration

This website does not promote, sell, or facilitate access to prohibited product or service categories including but not limited to: weapons, controlled substances, counterfeit goods, gambling services (unlicensed), adult content, or services that make misleading health or financial claims. All advertising conducted through Google Ads and Meta Ads complies with the respective platform policies in full.

Landing page integrity statement

The content of this website accurately represents the products and services advertised. No bait-and-switch practices are employed. The experience delivered to users arriving from paid advertisements is identical to the experience for all other visitors. Cloaking, automatic redirects, and content variation by traffic source are not used on this website.

Children's privacy

This website is not directed at individuals under the age of 16. We do not knowingly collect personal data from minors. If we discover that data has been collected from a person under 16 without verifiable parental consent, we will delete it promptly. Contact us at the address in this policy if you believe we have received data from a minor.

International data transfers

Personal data collected through this website may be transferred to and processed in countries outside the European Economic Area, including the United States, where Google LLC and Meta Platforms, Inc. are based.

These transfers are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission, which provide appropriate safeguards for personal data. A copy of the applicable SCCs can be requested by contacting us directly.

User rights (GDPR Articles 15-22)

If you are located in the EEA or UK, you have the following rights:

Access (Art. 15): request a copy of data we hold about you
Rectification (Art. 16): correct inaccurate or incomplete data
Erasure (Art. 17): request deletion (right to be forgotten)
Restriction (Art. 18): limit how we process your data
Portability (Art. 20): receive your data in a structured, machine-readable format
Objection (Art. 21): object to processing based on legitimate interest
Withdraw consent (Art. 7.3): revoke consent at any time without penalty

To exercise any right, email us at the contact address provided in this policy. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority:

EU users: https://edpb.europa.eu
UK users: https://ico.org.uk

Legal basis for processing (GDPR Art. 6)

We process personal data under the following legal bases:

Contact form data: consent (Art. 6.1.a) and contract performance (Art. 6.1.b)
Analytics data: consent (Art. 6.1.a)
Marketing/remarketing data: consent (Art. 6.1.a)
Security and fraud prevention: legitimate interest (Art. 6.1.f)

Retention periods

We retain data only as long as necessary for the purposes described in this policy. Specific retention periods include:

Contact form submissions: 2 years
Analytics data (GA4): 14 months
Marketing cookies (Google Ads): up to 540 days
Email communications: duration of relationship + 1 year
Server logs: 90 days
Cookie consent records: 3 years (audit requirement)

Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact:

HEATHER AND ROSE HEALTH LIMITED

Unit 2 Faircross House 116 The Parade, High Street, Watford, WD17 1BD

Email: [email protected]

For related information, you may also review our Cookie Policy and Terms.

What data we collect