Theya Healthcare takes protection of your data seriously and we are committed to putting in place rigorous measures to protect any data that you share with us. We make sure that we adhere to all of the current data protection regulations in the markets in which we operate so you can rest assured that your information is protected.


Who we are?

In compliance with the requirements of the General Data Protection Regulation (GDPR) Theya Lingerie Ltd. t/a Theya Healthcare is registered in Ireland , company number: 530197 with registered offices at Bridgewater Business Centre, Conyngham Road, Islandbridge, Dublin 8.

If you would like to contact us about our data protection processes or any aspect of this statement, you can do so by email to

or by post to

Data Protection, Theya Healthcare, NovaUCD, Belfield Innovation Park, Belfield, Dublin 4.


What information do we collect?

For the purposes of better serving our customers, Theya Healthcare collects the following information when you provide us with it, in the course of an order, a mailing list signup, an enquiry, a complaint, a testimonial or a website visit.

  • Name & Contact details including:
    • Name and Title
    • Address
    • Phone number
    • Email
  • Payment card details
  • Transaction data including:
    • Details about payments from and to you
    • Details of products you have purchased from us
  • Technical data including:
    • Internet Protocol Address
    • Your login username and password to your Theya Healthcare account
    • Your timezone, language and location settings
    • Your operating system and device type
    • Your browser
    • Your conversion details
  • Profile data
    • Username and password
    • Abandoned Checkouts
    • Orders made
    • Your marketing preferences
    • Your feedback
    • How you heard about us
  • Third Party sources
    • Amazon customer data including name and contact details and transaction details.


How do we use personal information?

Theya Healthcare uses the personal information you share with us principally for the following purposes:

  • To respond to enquiries/complaints
  • To open an account
  • To fulfil orders
  • To process refunds/exchanges
  • To seek feedback through customer satisfaction survey requests
  • To share information about our products or other information we feel may be of interest to you via email.
  • To identify trends in our online performance in terms of geography, device usage etc to allow us to improve


What legal basis do we have for processing your personal data?

We will only ever use the personal data you share with us within the confines of the General Data Protection Regulation and usually to help us offer you a better more personalised service.



If you have given us your consent to contact you in order to keep you up to date about our promotions, products, or news that we think may be of interest to you, we will contact you via email. You can unsubscribe from these mailings at any time simply by clicking unsubscribe on any one of the mailings or emailing us at



If you are a customer, we will use your personal data to allow us to supply our products and services to you.

  • To respond to your enquiries/complaints
  • To identify your profile and corresponding data on our system
  • To deliver our product to you
  • To facilitate your creation of an account with us
  • To inform you of any stock issues should the item you have ordered be out of stock
  • To process payments, refunds, credit notes etc.


Legitimate interests

We process your personal information for the following legitimate business purposes

  • To conduct and manage our business.
  • To protect our business from suspicious or illegal activities (eg phishing, high risk card transactions etc)
  • To personalise your web experience
  • To analyse our customer experience so that we can improve our products and services for the benefit of all of our customers
  • To request feedback on our products from our customers


Legal Obligation

If we were required by law to process your personal data, we would do so.


When do we share personal data?

We may share your personal data with third parties in the following cases:

  • Service Providers
    • Logistics providers that we use to deliver your orders
    • Our e-commerce, mail service and customer feedback service providers
    • Our technical service providers including Secure Payment Providers, our e-commerce platform, our technical back up services.
  • Law Enforcement Authorities
    • Where we are legally required to respond to such parties which have legal authority to access the information we hold.


Where do we store and process personal data?

Personal Data on our ecommerce platform Shopify is processed by Shopify’s Irish affiliate, Shopify International Ltd. As part of providing the Services, this Personal Data may be transferred to other regions, including to Canada and the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation. Shopify Data Processing Addendum

We use a cloud server solution from Dropbox where we do store some customer data. Although this data is physically hosted in the United States, Dropbox is entirely GDPR compliant. You can see more about their GDPR policies here.


How do we secure personal data?

Theya Healthcare has rigorous data protection processes in place to prevent data loss and protect your data from unauthorised access or use. Only authorised Theya Healthcare employees and third parties processing data on our behalf have access to your personal data.

All authorised staff are required to adhere to our Standard Operating Procedure on Data Protection.


How long do we keep your personal data for?

We will store your personal data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship and/or provide our services; (ii) whether there is a legal requirement to which we are subject; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). Please contact us if you wish to obtain further information concerning our retention periods (see Contact Us below).


Your rights in relation to personal data

Under GDPR you have the following rights relating to access and protection of your personal data

  • access to personal information: you can request a copy of the personal data which we hold about you at any time.
  • correction: you have the right to request that we correct any inaccuracies in your personal data record
  • deletion: you have the right to ask that your personal data be removed from our records in certain circumstances including:
    • The personal data are no longer needed for the purpose for which they were collected;
    • You withdraw your consent (where the processing was based on consent);
    • You object to the processing and there are no overriding legitimate grounds justifying us processing the personal data (see Right to Object below);
    • The personal data have been unlawfully processed; or
    • To comply with a legal obligation.
  • withdrawal of consent: if we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time (see Contact Us below). However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent.
  • data portability: Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:
    • The processing is carried out by automated means; and
    • The processing is based on your consent or on the performance of a contract with you.
  • Right to object or restrict
    • processing of personal data concerning you for direct marketing
    • decisions being taken by automated means which produce legal effects concerning you or that similarly significantly affect you
    • in certain other situations, to our continued processing of your personal data
  • lodging a complaint with the Information Commissioner’s Office: You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.


You should explain how individuals can exercise their rights, and how you plan to respond to subject data requests. State if any relevant exemptions may apply and set out any identity verifications procedures you may rely on.

Include details of the circumstances where data subject rights may be limited, eg if fulfilling the data subject request may expose personal data about another person, or if you’re asked to delete data which you are required to keep by law.


Use of automated decision-making and profiling

Although as mentioned above we do use automated systems to help highlight suspicious activity on our site, we do not make automated decisions based on these profiles.


How to contact us?

If you would like to contact us about our data protection processes or any aspect of this statement, you can do so by email to

or by post to

Data Protection, Theya Healthcare, NovaUCD, Belfield Innovation Park, Belfield, Dublin 4.


Use of cookies and other technologies

At Theya Healthcare ("we", "us" or "our"), we want to ensure that your visit to our website (the "Website") is smooth, reliable and as useful to you as possible. Subject to your consent where required by applicable law, we use cookies and similar technologies (“cookies”) to help us improve the use and functionality of the Website and to better understand how visitors use the Website and the tools and services offered on it. Find out more about our Cookies Usage and Policy.


Linking to other websites / third party content

On occasion we link to external sites and resources from our website. We do not take any responsibility for the content or information on any linked websites.