Privacy Policy

Information Privacy Policy

Last updated 27 May 2026. Version 2.0.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit www.fertility-smart.net or buy from us. It tells you what choices you have about your data, how we treat fertility-related data (which we recognise as sensitive special-category data), and how to contact us or the regulator if you have a concern.

1. Who we are

FertilitySmart is a trading name of Cognitive Bioscience Ltd, the data controller for your personal data when you use this website.

  • Registered office: 1 Coldbath Square, London EC1R 5HL, United Kingdom
  • Companies House registration: 14557197
  • Privacy contact: customerservice@fertility-smart.net (please put “Privacy” in the subject line)
2. What this policy covers

This policy covers personal data we collect when you visit our website, buy from us, sign up to our newsletter, contact our customer service team, or interact with our site in any other way. It applies to information that identifies you or could be used to identify you (such as your name, email, address, or order history), and it applies to inferred information about you (such as inferences about your fertility status that arise from the products you buy or the topics you read about).

This policy works alongside our Cookie Policy, which covers the specific cookies and similar technologies in use on this site, and our Terms and Conditions, which govern your purchases.

3. Information we collect

We collect the following categories of personal data:

  • Contact and account data: your name, email address, postal address, phone number, password (held in encrypted form), and account preferences.
  • Order and transaction data: products you have bought, order dates, delivery addresses, billing information. Card details are not stored by us — they are processed by our payment provider (see Section 8).
  • Communication data: emails, messages, or calls you exchange with our customer service team, including any information you share about your fertility journey.
  • Marketing preferences: whether you have opted in to email or other marketing communications, and your engagement with those communications.
  • Website usage data: pages you visit, time spent on the site, products viewed, basket contents, device information, browser, IP address. See our Cookie Policy for full detail.
  • Inferred fertility-related data: because you are on a fertility supplement website, your purchases and your engagement with our content can imply something about your reproductive health. We treat this category of data with the elevated protections set out in Section 5 below.
4. How we use your information — and the lawful basis for it

UK GDPR requires us to identify a lawful basis under Article 6 for each processing activity. Here is how we map each purpose to a basis:

  • Fulfilling your order, taking payment, and arranging delivery — lawful basis: performance of a contract (Article 6(1)(b)). Without this data, we cannot send you your order.
  • Customer service, returns, refunds (including under the Pregnancy Refund Offer) — lawful basis: performance of a contract and legitimate interests (Article 6(1)(b) and 6(1)(f)). Our legitimate interest is to support you after a purchase and to investigate and resolve any issue.
  • Email marketing — lawful basis: consent for new customers (Article 6(1)(a)), or legitimate interests for existing customers receiving messages about similar products under the soft opt-in permitted by PECR. You can withdraw consent or opt out at any time using the unsubscribe link in every email.
  • Website analytics, basket abandonment, and product recommendations — lawful basis: consent (Article 6(1)(a)) where the activity uses non-essential cookies. We do not run analytics without your cookie consent.
  • Fraud prevention and security — lawful basis: legitimate interests (Article 6(1)(f)). Our legitimate interest is to protect our customers and our business.
  • Legal and regulatory compliance — lawful basis: legal obligation (Article 6(1)(c)). Examples: keeping accounting records, responding to lawful requests from regulators.
5. Fertility-related data and special-category data

The Information Commissioner’s Office (ICO) has been clear that data revealing or allowing inference about reproductive health, fertility status, or pregnancy is special-category personal data under Article 9 of UK GDPR. This means it requires both a lawful basis under Article 6 (above) and a separate condition under Article 9.

We process inferred fertility-related data only with your explicit consent under Article 9(2)(a). In practice:

  • When you buy from us, your purchase tells us you have an interest in fertility nutrition. We treat that information with elevated security and we do not share it with third parties for their own marketing.
  • If you complete any quiz, consultation form, or other feature that asks about your fertility journey, we collect the answers only with your separate, explicit consent, recorded at the time of collection.
  • We retain inferred fertility-related data only for as long as needed to provide our service, and we apply the retention periods in Section 7.
  • If you contact our customer service team and share information about your fertility journey, we record that information only to handle your enquiry, with elevated access controls.
6. Who we share your data with

We do not sell your personal data. We do share your data with the following categories of processors, each of whom is bound by a data processing agreement with us:

  • BigCommerce — the e-commerce platform that hosts our store. Stores your account and order data. Privacy policy: www.bigcommerce.com/privacy.
  • Stripe and other payment providers — process card payments. They receive only what they need to take payment and never share that with us beyond the transaction confirmation. Privacy policy: stripe.com/privacy.
  • Klaviyo — our email marketing platform. Processes your email address and engagement data if you have opted in to marketing. Privacy policy: www.klaviyo.com/legal/privacy.
  • Google (Analytics, Tag Manager, Ads) — processes website usage data and ad performance data only if you have given consent via our cookie banner. Privacy policy: policies.google.com/privacy.
  • Delivery providers — we share your name, delivery address, and contact details with the carrier handling your order (for example Royal Mail or a courier).
  • Customer service tools and reviews platform — we use tools to triage customer queries and collect post-purchase reviews. They receive only your name, email, and order context.
  • Professional advisers and regulators — if we are required to share data by law, by a court order, or by a regulator (such as the ICO, MHRA, or Trading Standards), we will do so.
7. International transfers

Some of our processors are based in the United States or elsewhere outside the United Kingdom. Where we transfer personal data internationally, we rely on one of the following safeguards:

  • The UK’s Adequacy Decision for transfers to specific countries that the UK Government has approved.
  • The UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum, supplemented by transfer impact assessments.
  • The UK-US Data Bridge for transfers to US providers that are certified under the relevant framework.

You can ask us for a copy of the safeguards in place for any specific transfer by emailing the privacy contact above.

8. How long we keep your information

We keep your personal data only for as long as we need it to deliver our service and meet our legal obligations.

  • Account and order data: for the duration of your account plus seven years after your last order, to meet HMRC accounting record-keeping requirements.
  • Marketing email data: until you unsubscribe, plus a short suppression list afterwards to make sure we honour your opt-out.
  • Customer service correspondence: typically two years from the date of the enquiry, longer if the matter is unresolved or if we need it to defend a claim.
  • Inferred fertility-related data: only for as long as needed to provide our service, and reviewed at least annually for whether it can be deleted or further pseudonymised.
  • Website usage and analytics data: typically 14 months for Google Analytics, subject to your cookie consent.
  • Records we are required to keep by law: for the period set by the relevant law (for example, financial records for seven years).
9. Your rights

UK GDPR gives you the following rights. You can exercise any of them by emailing our privacy contact above. We will respond within one month (extendable to three months if the request is complex).

  • Right of access (Article 15) — the right to be told what personal data we hold about you, and to receive a copy.
  • Right to rectification (Article 16) — the right to have inaccurate data corrected.
  • Right to erasure (Article 17) — the right to ask us to delete your data, subject to our legal obligations to keep certain records.
  • Right to restriction of processing (Article 18) — the right to ask us to pause processing of your data in certain circumstances.
  • Right to data portability (Article 20) — the right to receive your data in a portable format, where we hold it based on consent or contract.
  • Right to object (Article 21) — the right to object to processing based on legitimate interests, and the absolute right to object to direct marketing.
  • Rights related to automated decision-making (Article 22) — we do not make automated decisions that produce legal or similarly significant effects on you.
  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time. Withdrawing consent does not affect any processing carried out before the withdrawal.
10. Cookies

This site uses cookies and similar technologies. Strictly necessary cookies are set when you arrive. Non-essential cookies (analytics, marketing, advertising) are only set if you give consent via our cookie banner. You can change or withdraw your cookie consent at any time.

See our Cookie Policy for the full list of cookies in use, what they do, how long they last, and which third parties are involved.

11. How we keep your information secure

We apply technical and organisational measures appropriate to the sensitivity of the data:

  • All data transmission to and from our website is encrypted using TLS (https).
  • Passwords are stored using salted hashing, not in plain text.
  • Access to customer data is limited to staff who need it to do their job, and is logged.
  • Special-category data (including inferred fertility-related data) is subject to elevated access controls.
  • We maintain backups and a disaster-recovery plan.
  • We review our security posture periodically and respond promptly to any incident.
12. Data breaches

If we identify a personal-data breach that poses a risk to your rights and freedoms, we will report it to the Information Commissioner’s Office within 72 hours of becoming aware. If the breach poses a high risk to you specifically, we will also notify you directly, with information about the breach and what we are doing in response.

13. Children

FertilitySmart products are intended for adults trying to conceive. This website is not aimed at people under 18 and we do not knowingly collect personal data from children. If you believe we hold data about a child, please contact our privacy contact above and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time, for example when the law changes, when we change a processor, or when we add a feature. The “Last updated” date at the top of this page shows when the most recent version came into effect. If we make material changes, we will alert you (for example by email or by a banner on the site) before they take effect.

15. How to complain

If you have a concern about how we have handled your personal data, please contact our privacy contact above first — we want the chance to put things right. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office:

  • Information Commissioner’s Office
  • Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Helpline: 0303 123 1113
  • Website: ico.org.uk
16. Contact us

For any question about this Privacy Policy, your data, or how to exercise your rights:

  • Email: customerservice@fertility-smart.net (please put “Privacy” in the subject line)
  • Post: Privacy Officer, Cognitive Bioscience Ltd, 1 Coldbath Square, London EC1R 5HL, United Kingdom
!