Privacy Policy


This is the privacy notice of Dr Steven Harris Ltd (“we”, “our”, “us”).

We respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you interact with us via our website (the “Site”) or otherwise contact us about it.

  1. Who we are

The Site is owned and operated by Dr Steven Harris Ltd (“We”). We are a limited company incorporated under the laws of England and our registered office address is 110 Chandos Avenue Whetstone, London, United Kingdom, N20 9DZ.


For the purposes of data protection laws Dr Steven Harris Ltd is the data controller.

Contact details

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

Email address:

Postal address:[The Crouch Hall Road Surgery, 48 Crouch Hall Road, London , N8 8HJ

  1. How is your personal data collected?

We may collect data from and about you in the following ways:

For more information on how we use cookies on the Site and how you can disable or refuse cookies, please see our Cookie Policy.

  1. The personal data we collect

Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which will principally be comprised of:

  1. How we use your personal data

We will use your personal information only where we have a lawful basis for doing so.  The lawful basis for processing your personal data will depend on the purpose for which it was obtained.  The table below sets out the purposes for which we may process your personal information and the relevant lawful basis/bases that allow for that processing:

Purpose of processing

Type(s) of data

Lawful basis for processing

Managing our relationship with you (where you place an online order for a Subscription or express an interest in doing so by creating a user account with us)

Identity data

Contact data

Financial data

Location data

Necessary to comply with a legal obligation

To perform a contract with you

For our legitimate interests in managing and maintaining end-customer relations, or for supplying products and services.

Managing our relationship with you (where you are a user of the Site, participant in a promotion, competition or other marketing activity or otherwise correspond with us)

Identity data

Contact data

Marketing and communications data

Necessary to comply with a legal obligation

For our legitimate interests in marketing our business


Administration purposes and the protection of our business and the Site – e.g. accounting, invoicing, reporting, fraud prevention, IT system maintenance and security – and to protect our business interests including exercising our legal rights.

Identity data

Contact data

Technical data

Financial data

Location data

Necessary to comply with a legal obligation

To perform a contract with you

For our legitimate interests in running our business to receive or provide goods and services.

“Legitimate interests” means our legitimate interests in conducting and managing our business where these interests are not overridden by your fundamental rights, interests and freedoms.

  1. Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out below:

We require all third parties processing personal data for us to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

The Site may include links to third-party websites, plug-ins, extensions or applications and will include third-party cookies and identifiers.  Detailed information about the third-party cookies (as well as our own cookies) can be found at [INSERT LINK TO COOKIE POLICY].  These third parties are not processing personal data for us.  We do not control those third parties and we are not responsible for their content, use or privacy practices.  We strongly suggest you review the privacy policy or notice of any linked website, plug-in or application before you use it.

In particular, we integrate Google Analytics Advertising Features and Facebook Pixel services with the Site.  When you visit the Site, your web browser will automatically send certain information to Google including the URL of the page that you’re visiting and your IP address. Google may also set cookies on your browser or read cookies that are already there.  Your use of the Site will involve the collection, sharing, and use of personal data for personalization of ads by Google.  Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to the Site and/or other sites on the Internet. You may opt out of Google’s personalised advertising by visiting Further information about Google’s use of your data can be found at

The Facebook Pixel allows Facebook to receive information when you visit the Site or other sites or apps provided by other companies that use Facebook technologies.  This will include information about your device, websites you visit, purchases you make, the ads you see and how you use our services – whether or not you have a Facebook account or are logged in to Facebook.  Further information about Facebook’s use of your data can be found at

  1. International transfers

Some of our service providers are based (or have part of their systems based) outside of the EEA, and in providing services to you, we may need to transfer your personal information to them in countries that do not afford the same level of data protection as EU member states.  Where your data is processed outside of the EU, we will ensure your personal information is protected by putting in place appropriate safeguards such as EU Commission Standard Contractual Clauses.  Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

  1. Updating or requesting access to your personal information

To contact us, please email

If your personal data changes or if you no longer wish to receive our service, please let us know and we will correct, update or remove your details. Under data protection law, individuals have the right to request access to information about them that we hold; again please let us know if you want to make a request.

Your other data protection rights

       A. By law you have certain other rights.  These are to:

You also have the right to make a complaint at any time to your local data protection authority (a list and contact details of which is available here .We would, however, appreciate the chance to deal with your concerns so please contact us in the first instance.

        B. California

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to:

Postal address: [contact address]

To learn more about your California privacy rights, please visit

  1. Marketing

We will send you marketing communications if you have signed up for them and where you have not opted out of receiving that marketing.  You can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.

  1. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data retention

We will retain any personal data that you provide in accordance with applicable laws and our Data Retention Policy. Subject to applicable law, we will only retain your personal data on our systems for as long as is necessary for the relevant purpose for which it was collected. We will delete or destroy it when it is no longer required.

  1. Changes to this privacy notice and your duty to inform us of changes

We keep our privacy notice under regular review. This version was last updated in December 2020.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.