Placeholder Privacy Policy

Privacy Policy and Notice 

General Information 

Everest Enterprises Limited (EVEREST) is a Company incorporated under the provisions of the Companies Act of Gibraltar whose registered office is situate at 124 Irish Town, Gibraltar with registered number 84578.  

Everest Enterprises Limited is a wholesale, retail and ecommerce business. 

Holland & Barrett Gibraltar, which is operated by Everest Enterprises Limited under licence, is a health and food supplement business operating from 53 Main Street and 160 Main Street, which is also part to this privacy policy. 

Privacy Commitment 

We are committed to protecting and respecting your privacy. 

Our privacy policy is fully complaint with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Data Protection Act 2004. 

In line with this regulation this Privacy Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be gathered, used, held and processed by us. Furthermore, it explains your rights in relation to this data. 

For the purpose of the General Data Protection Regulation (GDPR) 25th May 2018, the Data Controller is Data Manager, Everest Enterprises Limited, with registered number 844 and registered address Everest Enterprises Limited, Suite 1, Burns House, 19 Town Range, Gibraltar.   

We have appointed a Data Protection Officer for the purpose of Data Protection Law who is contactable at: 

Data Protection Officer, 

Everest Enterprises Limited,  

124 Irish Town  


Or by email at:

WhatsApp: (+350) 54082855

What is Personal Data? 

Personal data is:  

“any information (including opinions) relating to an identified or identifiable natural person ‘data subject’ and from which he or she can be identified either directly or indirectly through other data which EVEREST has or is likely to have in its possession such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. 

Guiding Principles 

We take the handling of your personal data very seriously and, in line with the GDPR, make sure of the following: 

  • Integrity & Confidentiality. We make sure that all data is kept safe and secure at all times. 
  • Minimal. We strive to never hold more data than is necessary to carry out the specific services offered to our clients. 
  • Accurate. We will do our best to keep the data up to date and accurate.  
  • Limited to Purpose. We will only use your data for the specific purpose it was collected or provided for. 
  • Lawful, fair and transparent. We will always be clear about what data we hold, and how we use it, as well as making sure that we have a lawful basis for holding it under the terms of the GDPR. 


The Data We Hold 

We only collect Personal Data from you that is necessary for us to carry out the tasks expected of us effectively and for the greatest ease of communication with you. 

The data we hold varies according to our business relationship with you and your requirements, however it may comprise any of the following: 

  • Contact information – name, address, telephone numbers and email address.  This information is required to fulfil our obligations under our Holland & Barrett Gibraltar Club Card programme terms and conditions (separate to this policy). 
  • Identity information: where appropriate and in respect of Club Card members who have signed up to the loyalty programme: name(s), address, contact telephone number(s), email address(s) and Identification document(s), date of birth, and loyalty points. 
  • Accounting information: including invoices, payments, statements of account and related correspondence. 
  • Correspondence from and to Club Card members in relation to various marketing emails and Club Card events via normal telephone, mail and email. 
  • Customers making queries via telephone or email: name, contact telephone number(s), email address. 

How We Obtain Your Data 

This is information about you that you give us by filling in forms in-store or by corresponding with us by phone, e-mail, or otherwise. It includes information you provide when you use our social media site, subscribe to our loyalty programme, search for a product, place an order, participate in discussion boards or other Holland & Barrett Gibraltar social media functions, enter a competition, promotion or survey, and when you report a problem with us, products or services and when you apply for a job via email or otherwise. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information. If you provide any information about any other individuals such as friends, family or colleagues, you warrant to us that you are entitled to provide that information to us and to authorise us to process it on the same basis as we will process the rest of the data you provide about yourself. 

We may also collect information about you when you visit our stores via CCTV. Any CCTV recording and use is governed by our separate CCTV policy. We will not collect any other information about you when you are in-store or when you correspond with us apart from the information that you provide to us. 

We may also collect information from other sources we receive about you from sources other than directly from yourself, which may include social media such as Linked In, Facebook, Twitter and Instagram. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers). 

How We Use Your Data 

We use information held about you in the following ways: 

Information you give to us.  

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
  • to update you with regard to the progress of orders that you have placed;
  • to resolve any queries you may have regarding orders that you have placed;
  • to administer any loyalty, discount or other such cards or initiatives that we may operate from time to time;
  • to initiate any product recalls or provide any important information to you relating to products that we supply;
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing consumer customer, we will only contact you by electronic means (e.g. e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you unless you have consented to receive wider communications. If you are a consumer and are not an existing customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this, e.g. by ticking a box to indicate your consent to receiving such communications. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick or, as applicable, leave unticked, the relevant boxes situated on the form on which we collect your data or notify our in-store staff accordingly when they attempt to collect your information;
  • to notify you about changes to our products or services;
  • or fraud prevention;
  • to ensure that content from our site is presented in the most effective manner for you and for your computer;
  • if you have submitted a job application, in order to evaluate and manage that application, and to manage your employment if you are successful.

Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (e.g. contact, delivery or payment information) it is a requirement for us to enter and perform such a contract or fulfil your request that you provide that information – if you do not do so, we may not be able to perform your contract or fulfil your request. 

Information we collect about you.  

We will use this information: 

  • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our site safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

We may process your personal data for a different purpose and without your consent where it is necessary for us to comply with our legal obligations. 

Disclosure of your information 

You agree that we have the right to share your personal information: 

1.1 For administrative purposes, any of our group undertakings, as defined in the Data Protection Act 2004 and also including any undertaking which is under 50% or more ultimate common ownership with Everest Enterprises Limited, provided that they either:  

(a) are within the European Economic Area; 

(b) are in a country that the European Union has decided has adequate data protection laws in place; or 

(c) have provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.  

Any use by other group members of one group member’s personal data beyond administration will be subject to all the requirements of Data Protection Law. In particular, we may only pass such data to them for their marketing purposes if you have consented to that. 

1.2. With selected third parties including: 

  • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.  We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience
  • analytics and search engine providers that assist us in the improvement and optimisation of our site

2.2. Additionally, we may disclose your personal information to third parties: 

2.2.1. If we outsource any aspect of our business or systems, then we may disclose your personal data to our service provider(s). 

2.2.2. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. 

2.2.3. If we or a substantial part of our assets are acquired by a third party, in which case personal data held by us about our customers may be one of the transferred assets. 

2.2.4. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of our business, our customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. 

Lawful Basis 

  1. Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the General Data Protection Regulation. The grounds applicable to the personal data to which this notice relates are:

1.1. Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, that is the ground on which we are processing that data; 

1.2. Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data; 

1.3. Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your fundamental rights and freedoms which require protection of your data override those legitimate interests (our legitimate interests comprise the management, marketing and promotion of our business, products and services, and the supply of our products and services, and the recruitment and management of staff); 

1.4. If you have given your consent to our processing the data, which is the basis on which we are processing that data.  

If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above. 

  1. Special categories of personal data

If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, then unless you provide that information to us in a recruitment or employment context (in which case please see below) it is a condition of us receiving that information that you expressly consent (and you hereby do) to us processing that personal data for the purposes set out in the section “Information we collect about you” under the heading “How we use your data”.  Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us.  It is not Everest Enterprises Limited policy to collect any of the special categories of data, as classified by the GDPR. 

If you provide us with any of the above types of data in relation to a job application or in the context of your work with us, the information will only be used so that we can monitor our compliance with the law and best practice in terms of equal opportunities and non-discrimination and, where applicable to review and keep under review your ability and suitability to carry out the work for which you may be employed and any health and safety issues. 

How and where we store this data 

Information you provide to us is stored on our secure servers.  Once we have received your information, we follow strict procedures to take security measures to try to prevent unauthorised access.    

These security measures include storing electronic personal data under confidential password protected servers and hardcopy personal data in secure premises under lock and key restricting access to authorised officers or representatives of the company on a need to know basis. 

As effective as modern security practices are, no physical or electronic security system is entirely secure and we cannot ensure that all of your personally identifiable information provided will never be accessed.  However, we will use industry standard security measures to ensure that such information is kept as secure as possible. 

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the internet; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. 


Information supplied during a telephone conversation, walk-in or email query will be kept for as long as required to fulfil the query.  

EVEREST will process personal data for so long as we are contracted to provide services to you.  

In compliance with prevailing laws we are obliged to hold any personal data pertaining to financial transactions for 7 years after completion of the transaction.  Essential contact information will therefore be held for this period.  After this period, all personal data relating to inactive tenants will be deleted. 

Third Party Transfers 

Information is periodically shared with authorised accountants/auditors, law enforcement officials, lawyers, and regulatory bodies. 

Rights of Data Subjects 

As a data subject, at any time while we are in possession of or processing your personal data, you, the data subject, have the following rights under the GDPR. 

  • The right to be informed – you have the right to be informed of the information that we hold about you. 
  • The right of access – you have the right to request a copy of the information that we hold about you. 
  • The right to rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. 
  • The right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. 
  • The right to restriction of processing – where certain conditions apply to have a right to restrict the processing. 
  • The right to data portability – in certain circumstances you have the right to have the automated data provided by you transferred to another organisation. 
  • The right to object – you have the right to object to certain types of processing such as direct marketing, even if you have given consent. 
  • The right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing and profiling. 
  • The right to judicial review – in the event that EVEREST refuses your request under the rights of access, we will provide you with a reason as to why.  You have the right to complain as outlined in the Complaints section below. 
  • You can exercise any of the rights set out above, free of charge, by using any applicable methods set out in our communications with you, or by contacting us. 

Accessing your data 

You have the right to obtain from us: 

  1. Confirmation as to whether we are processing (including holding) personal data about you; and
  2. If we are processing personal data about you, you are entitled to be provided with:

2.1. Information as to the purposes for which we process the data; 

2.2. Information as to the categories of the data that we are processing; 

2.3. Information as to the recipients or categories of recipients to whom the data has or will be disclosed; 

2.4. Information as to the envisaged period for which we will store the data, or the basis on which that period will be determined; 

2.5. A copy of the data (further copies are available at a reasonable charge, which we will inform you of should you request further copies). Please note that this right is subject to the rights of others in relation to their own personal data, meaning that we cannot disclose data to you if it would involve disclosing data about someone else. 

Automated decisions 

We may, based on information that you provide or that we collect about you, make certain decisions on an automated basis. For example, we may send higher volume customers a periodic discount code. In certain circumstances, you have the right to object to such decisions being made on an automated basis, for example by having human intervention on our part in the decision-making process, by being able to express your point of view in relation to the decision or being able to contest the decision. If you do not want us to take such decisions on an automated basis, you can exercise any of the rights set out above, free of charge, by using any applicable methods set out in our communications with you, or by contacting us. 


In the event that you wish to make a complaint about how your personal data is being processed by EVEREST (or third parties), or how your complaint has been handled you have the right to lodge a complaint directly with the Gibraltar Regulatory Authority. 

Contact details are as follows: 

Gibraltar Regulatory Authority 

2nd Floor 

Eurotowers 4 

1 Europort Road 


GX11 1AA 

Changes to our Privacy Policy 

If and when there are any updates to our Privacy Policy relevant to our users and clients, we will reflect these within this Privacy Notice and, where appropriate, contact you informing you of any change. 

Accuracy of Data 

It is important that the personal data we hold about you is accurate and current.  Please keep us informed if your personal data changes during your relationship with us.  You can ask us to rectify or update your personal information at any time by emailing us at:

WhatsApp: (+350) 54082855

Not enough items available. Only [max] left.
Add to WishlistBrowse WishlistRemove Wishlist
Shopping cart

Your cart is empty.

Return To Shop

Add Order Note Edit Order Note
Estimate Shipping
Add A Coupon

Estimate Shipping

Add A Coupon

Coupon code will work on checkout page