PRIVACY POLICY

PRIVACY POLICY

Last Updated: 3 July 2026

1. Introduction

Welcome to KIVALIA Clinical Body ("KIVALIA", "we", "our", or "us").

Your privacy is extremely important to us. This Privacy Policy explains how we collect, use, disclose, process, store and protect your personal information when you visit our website, purchase our products, book appointments, complete health questionnaires, participate in coaching programmes or otherwise interact with our services.

This Policy has been prepared in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
  • The Malta Data Protection Act
  • Applicable consumer protection legislation
  • Electronic Communications Regulations

By using our website or services, you acknowledge that you have read this Privacy Policy.


2. Data Controller

The Data Controller responsible for processing your personal information is:

KIVALIA Clinical Body

Email:
ksckivalia@gmail.com

Website:
https://kivaliaclinicalbody.com

If you have any questions regarding this Privacy Policy, you may contact us using the email above.


3. Information We Collect

Depending on your interaction with us, we may collect different categories of information.

Personal Identification Information

  • Full name
  • Date of birth
  • Gender
  • Email address
  • Telephone number
  • Postal address
  • Country of residence

Health Information

For personalised nutrition plans or aesthetic treatments, we may collect:

  • Height
  • Weight
  • Body measurements
  • Medical history
  • Allergies
  • Current medications
  • Previous surgeries
  • Lifestyle habits
  • Physical activity level
  • Dietary preferences
  • Food intolerances
  • Pregnancy status
  • Medical conditions
  • Digestive symptoms
  • Weight-loss goals
  • Progress photographs (only where consent has been provided)

Health information is classified as Special Category Personal Data under Article 9 GDPR.

We only process this information with your explicit consent.


Payment Information

Payments are processed securely by third-party payment providers.

We never store:

  • Credit card numbers
  • Security codes (CVV)
  • Bank card PINs

Payment processors may collect payment information according to their own Privacy Policies.


Technical Information

When you visit our website we automatically collect:

  • IP address
  • Browser type
  • Device type
  • Operating system
  • Language preferences
  • Time zone
  • Website usage data
  • Pages visited
  • Session duration
  • Referral URLs

Marketing Information

If you subscribe to our newsletter or marketing communications we may collect:

  • Email engagement
  • Marketing preferences
  • Click behaviour
  • Purchase history

4. How We Collect Information

Information may be collected through:

  • Website forms
  • Health questionnaires
  • Booking forms
  • Online purchases
  • Shopify checkout
  • WhatsApp conversations
  • Email correspondence
  • Facebook Lead Forms
  • Instagram enquiries
  • Telephone consultations
  • In-clinic consultations

5. Why We Process Your Data

We process personal information for the following purposes:

To provide personalised nutrition programmes

To prepare customised coaching plans

To schedule appointments

To provide aesthetic treatments

To communicate regarding appointments

To send invoices

To process payments

To provide customer support

To improve our services

To comply with legal obligations

To detect fraud

To maintain security

To send newsletters (only where consent has been provided)

To fulfil contractual obligations


6. Legal Basis for Processing

Under GDPR, we rely on one or more of the following lawful bases:

  • Your explicit consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate business interests
  • Protection of vital interests where applicable

Health data is processed solely on the basis of explicit consent.


7. Cookies

Our website uses cookies to:

  • Remember your preferences
  • Improve website performance
  • Analyse visitor behaviour
  • Secure website functionality
  • Measure marketing effectiveness

You may disable cookies in your browser at any time.

A separate Cookie Policy is available.


8. Sharing Your Information

We never sell your personal information.

We may share information only where necessary with trusted service providers including:

  • Shopify
  • Stripe
  • PayPal
  • Google Analytics
  • Meta Platforms
  • Email marketing providers
  • Appointment scheduling software
  • Accounting professionals
  • Legal advisors
  • Government authorities where legally required

Each third party processes data under its own privacy obligations.


9. International Data Transfers

Your information may be transferred outside the European Economic Area (EEA).

Where this occurs, we ensure appropriate safeguards are implemented including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions
  • GDPR-compliant processors

10. Data Retention

We retain information only for as long as necessary.

Typical retention periods include:

Customer records:
Up to 7 years

Invoices:
Up to 10 years

Marketing consent:
Until withdrawn

Health questionnaires:
As required for service delivery and legal obligations.


11. Security Measures

We implement technical and organisational measures including:

  • SSL encryption
  • Secure hosting
  • Password protection
  • Access controls
  • Staff confidentiality
  • Secure payment providers
  • Regular software updates

While we strive to protect your information, no internet transmission can be guaranteed as completely secure.


12. Your GDPR Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request portability
  • Lodge a complaint with the supervisory authority

Requests may be sent to:

kcskivalia@gmail.com


13. Children's Privacy

Our services are intended for individuals aged 18 years or older.

We do not knowingly collect personal information from minors.

If we become aware that such information has been collected, it will be deleted promptly.


14. Marketing Communications

You may unsubscribe from marketing emails at any time by:

  • Clicking the unsubscribe link
  • Contacting us directly

Transactional emails relating to purchases or appointments may still be sent.


15. Automated Decision Making

We do not use fully automated decision-making that produces legal or similarly significant effects.

Recommendations generated from questionnaires are always reviewed before personalised programmes are provided.


16. Third-Party Websites

Our website may contain links to third-party websites.

We are not responsible for the privacy practices of those websites.


17. Changes to This Policy

We may update this Privacy Policy periodically.

The latest version will always be published on our website with the updated revision date.


18. Contact

For any privacy-related enquiry, please contact:

KIVALIA Clinical Body

Email:
kcskivalia@gmail.com

Website:
https://kivaliaclinicalbody.com


19. Supervisory Authority

If you believe your rights have been violated, you have the right to lodge a complaint with the competent data protection authority in your country of residence or with the supervisory authority having jurisdiction over the Data Controller.