PRIVACY POLICY
Last Updated: 3 July 2026
1. Introduction
Welcome to KIVALIA Clinical Body ("KIVALIA", "we", "our", or "us").
Your privacy is extremely important to us. This Privacy Policy explains how we collect, use, disclose, process, store and protect your personal information when you visit our website, purchase our products, book appointments, complete health questionnaires, participate in coaching programmes or otherwise interact with our services.
This Policy has been prepared in accordance with:
- Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
- The Malta Data Protection Act
- Applicable consumer protection legislation
- Electronic Communications Regulations
By using our website or services, you acknowledge that you have read this Privacy Policy.
2. Data Controller
The Data Controller responsible for processing your personal information is:
KIVALIA Clinical Body
Email:
ksckivalia@gmail.com
Website:
https://kivaliaclinicalbody.com
If you have any questions regarding this Privacy Policy, you may contact us using the email above.
3. Information We Collect
Depending on your interaction with us, we may collect different categories of information.
Personal Identification Information
- Full name
- Date of birth
- Gender
- Email address
- Telephone number
- Postal address
- Country of residence
Health Information
For personalised nutrition plans or aesthetic treatments, we may collect:
- Height
- Weight
- Body measurements
- Medical history
- Allergies
- Current medications
- Previous surgeries
- Lifestyle habits
- Physical activity level
- Dietary preferences
- Food intolerances
- Pregnancy status
- Medical conditions
- Digestive symptoms
- Weight-loss goals
- Progress photographs (only where consent has been provided)
Health information is classified as Special Category Personal Data under Article 9 GDPR.
We only process this information with your explicit consent.
Payment Information
Payments are processed securely by third-party payment providers.
We never store:
- Credit card numbers
- Security codes (CVV)
- Bank card PINs
Payment processors may collect payment information according to their own Privacy Policies.
Technical Information
When you visit our website we automatically collect:
- IP address
- Browser type
- Device type
- Operating system
- Language preferences
- Time zone
- Website usage data
- Pages visited
- Session duration
- Referral URLs
Marketing Information
If you subscribe to our newsletter or marketing communications we may collect:
- Email engagement
- Marketing preferences
- Click behaviour
- Purchase history
4. How We Collect Information
Information may be collected through:
- Website forms
- Health questionnaires
- Booking forms
- Online purchases
- Shopify checkout
- WhatsApp conversations
- Email correspondence
- Facebook Lead Forms
- Instagram enquiries
- Telephone consultations
- In-clinic consultations
5. Why We Process Your Data
We process personal information for the following purposes:
To provide personalised nutrition programmes
To prepare customised coaching plans
To schedule appointments
To provide aesthetic treatments
To communicate regarding appointments
To send invoices
To process payments
To provide customer support
To improve our services
To comply with legal obligations
To detect fraud
To maintain security
To send newsletters (only where consent has been provided)
To fulfil contractual obligations
6. Legal Basis for Processing
Under GDPR, we rely on one or more of the following lawful bases:
- Your explicit consent
- Performance of a contract
- Compliance with legal obligations
- Legitimate business interests
- Protection of vital interests where applicable
Health data is processed solely on the basis of explicit consent.
7. Cookies
Our website uses cookies to:
- Remember your preferences
- Improve website performance
- Analyse visitor behaviour
- Secure website functionality
- Measure marketing effectiveness
You may disable cookies in your browser at any time.
A separate Cookie Policy is available.
8. Sharing Your Information
We never sell your personal information.
We may share information only where necessary with trusted service providers including:
- Shopify
- Stripe
- PayPal
- Google Analytics
- Meta Platforms
- Email marketing providers
- Appointment scheduling software
- Accounting professionals
- Legal advisors
- Government authorities where legally required
Each third party processes data under its own privacy obligations.
9. International Data Transfers
Your information may be transferred outside the European Economic Area (EEA).
Where this occurs, we ensure appropriate safeguards are implemented including:
- Standard Contractual Clauses (SCCs)
- Adequacy Decisions
- GDPR-compliant processors
10. Data Retention
We retain information only for as long as necessary.
Typical retention periods include:
Customer records:
Up to 7 years
Invoices:
Up to 10 years
Marketing consent:
Until withdrawn
Health questionnaires:
As required for service delivery and legal obligations.
11. Security Measures
We implement technical and organisational measures including:
- SSL encryption
- Secure hosting
- Password protection
- Access controls
- Staff confidentiality
- Secure payment providers
- Regular software updates
While we strive to protect your information, no internet transmission can be guaranteed as completely secure.
12. Your GDPR Rights
You have the right to:
- Access your personal data
- Correct inaccurate information
- Request deletion
- Restrict processing
- Object to processing
- Withdraw consent
- Request portability
- Lodge a complaint with the supervisory authority
Requests may be sent to:
13. Children's Privacy
Our services are intended for individuals aged 18 years or older.
We do not knowingly collect personal information from minors.
If we become aware that such information has been collected, it will be deleted promptly.
14. Marketing Communications
You may unsubscribe from marketing emails at any time by:
- Clicking the unsubscribe link
- Contacting us directly
Transactional emails relating to purchases or appointments may still be sent.
15. Automated Decision Making
We do not use fully automated decision-making that produces legal or similarly significant effects.
Recommendations generated from questionnaires are always reviewed before personalised programmes are provided.
16. Third-Party Websites
Our website may contain links to third-party websites.
We are not responsible for the privacy practices of those websites.
17. Changes to This Policy
We may update this Privacy Policy periodically.
The latest version will always be published on our website with the updated revision date.
18. Contact
For any privacy-related enquiry, please contact:
KIVALIA Clinical Body
Email:
kcskivalia@gmail.com
Website:
https://kivaliaclinicalbody.com
19. Supervisory Authority
If you believe your rights have been violated, you have the right to lodge a complaint with the competent data protection authority in your country of residence or with the supervisory authority having jurisdiction over the Data Controller.