Effective Date: 13/02/2024
Privacy Policy
Last updated: 15 October 2025 Version: 2.0 (2025)
1. Introduction & Purpose
Welcome to Dr Green NFT (“we”, “us”, “our”). We are committed to protecting and respecting your privacy. We process your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), the EU General Data Protection Regulation (EU GDPR), and the Protection of Personal Information Act (POPIA) in South Africa.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you:
• Use or interact with our website (https://drgreennft.com);
• Purchase goods or access services via our platform;
• Contact us by email, post, or other channels;
• Engage with us through social media or our marketing campaigns.
By using our services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller & Contact Information
Data Controller: Dr Green NFT Ltd
Registered address: Upcann LDA, R. Zona Industrial Cantanhede, lote 62, 3060-197 Cantanhede, Portugal
Global Data Protection Officer (DPO): LHI Consulting
• Registered with the Information Commissioner’s Office (ICO) in the UK.
• Applies GDPR standards for EU jurisdictions and Portugal.
• Complies with POPIA in South Africa.
Email (for privacy/data protection enquiries): [email protected]
Main contact (Dr Green): [email protected]
If you wish to contact the ICO, visit https://ico.org.uk or call 0303 123 1113.
3. Definitions & Legal Bases
• Personal data: Information relating to an identified or identifiable person.
• Special category data: Sensitive data (e.g. health, genetics, ethnicity, biometrics).
• Processing: Any operation performed on personal data (collection, storage, use, deletion).
We process personal data only where a legal basis applies:
• Consent – you have given explicit agreement, especially for special category (health) data.
• Contractual necessity – to perform or prepare an agreement with you.
• Legal obligation – required by law or regulation.
• Legitimate interests – necessary for our business, subject to your rights and expectations.
• Public interest or official authority – regulatory or legal requirements.
4. What Data We Collect & How
Category | Examples | Source |
Identity & Contact | Name, email, address, phone | Provided by you |
Account & Login | Username, hashed password | You create these |
Transactions & Payments | Order details, billing/delivery info | When you transact with us |
Technical / Usage | IP address, device, browser info, referral URL | Automatically via site tech |
Medical & Health Information | Information from you or third parties, only with your explicit consent | Provided by you or referrers |
Preferences & Profile | Product preferences, saved items | Derived from your activity |
Correspondence & Feedback | Emails, messages, complaints, reviews | When you contact us |
Social Media Interactions | Public profile data you share | From platform interactions |
Special category (health/medical) data will only be processed after receiving your explicit consent and only when necessary for the provision of our services.
5. How We Use Your Data & Legal Bases
Purpose | Legal Basis | Retention/Criteria |
Fulfilling orders, service delivery | Contractual necessity | 7 years (tax/accounting) |
Processing health-related requests | Explicit consent | As required by regulation |
Account management, customer service | Contractual / Legitimate interest | Deleted after 3 years of inactivity |
Marketing communications | Consent | While subscribed; suppression 5 years |
Website analytics & improvement | Consent / Legitimate interest | 12 months logs; aggregated data longer |
Complaints & customer rights | Legitimate interest / Legal obligation | 5-7 years |
Legal compliance & regulatory claims | Legal obligation / Legitimate interest | As required by law |
We retain data only as long as necessary for each purpose.
6. Cookies & Tracking
We use cookies and similar technologies to operate our website, improve site performance, and personalise your experience. You can accept or reject non-essential cookies on your first visit or by using the Cookie Settings. (Please refer to our Cookie Policy)
7. Sharing Your Information
Data may be shared with:
• Payment processors, logistics and delivery providers;
• IT and hosting providers;
• Marketing platforms (only for opt-in communications);
• Regulators or professional advisers (when legally required);
• Successor entities in case of merger or sale.
All third parties process your data under contract and must follow our privacy standards.
8. International Transfers
Your personal data may be transferred and processed outside the UK/EU/South Africa. We implement appropriate safeguards, including ICO-approved mechanisms, GDPR Standard Contractual Clauses, and POPIA requirements.
9. Security Measures & Data Breaches
We use encryption, access controls, secure networks, staff training, and regular audits. If a data breach occurs, we will contain it, notify the ICO/regulator when necessary, within 72 hours, and inform you if there is a high risk to your rights.
10. Your Data Protection Rights
You have rights, depending on your jurisdiction, to:
• Access your personal data and receive copies.
• Rectify inaccurate data.
• Erase your data (“right to be forgotten”) where legally possible.
• Restrict processing in specific cases.
• Data portability.
• Object to certain processing (including direct marketing).
• Withdraw consent at any time (where applicable).
• Not be subject to automated decision-making with significant effects.
• Complain to the relevant authority (see below).
To exercise rights, contact [email protected] or [email protected].
We may need to verify your identity and respond within one month.
11. Children and Minors
Our services are not directed to anyone under 18. We do not knowingly collect data from children under 18. If you believe we process such data, please contact us for prompt removal.
12. Business Changes & Transfers
If Dr Green NFT is reorganised, merged, or sold, your data may be transferred to the new owner under this policy. You will be notified of any material changes.
13. Third-Party Links & Content
Our site may link to external websites or embed third-party content. We are not responsible for their privacy practices; check their policies before providing data.
14. Retention & Deletion
We keep your personal data only as long as needed to fulfil the above purposes and comply with legal obligations. Data is securely deleted/anonymised as soon as the retention period ends.
15. Complaints and How to Contact Us
Please contact our Data Protection Officer or Dr Green NFT if you have questions, concerns, or complaints—we aim to resolve issues promptly and fairly.
• Internal Complaint Contact:
• Email: [email protected]
• Address: LHI Holdings Ltd, 4th Floor Silverstream House, 45 Fitzroy Street, London, W1T 6EB
• External Supervisory Contacts:
• UK: Information Commissioner’s Office (ICO) – Website: ico.org.uk | Tel: 0303 123 1113
• EU: Your national Data Protection Authority
• Portugal: Comissão Nacional de Proteção de Dados (CNPD) – www.cnpd.pt
• South Africa: Information Regulator – www.inforegulator.org.za
We will acknowledge complaints and respond within one month (or explain any time extension).
16. Changes to This Policy
We update this Privacy Policy periodically; changes will be posted at https://drgreennft.com/privacy-policy with a revised “Last updated” date.
Version: 2.0 (2025) | Last updated: 15 October 2025