Introduction
Don’t Weight Ltd (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect information when you use our website dontweight.co.uk and our services.
We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered address is Don’t Weight Ltd, registered in England & Wales.
Information We Collect
Information you provide directly
- Account & consultation data: name, email address, date of birth, biological sex, height, weight, BMI, ethnicity, and medical history provided during your eligibility assessment
- Health data: information about existing medical conditions, current medications, allergies, and treatment preferences (this is special category data under UK GDPR)
- Contact information: email address, phone number, postal address for delivery
- Payment information: processed securely by our third-party payment provider — we do not store full card details
Information collected automatically
- Device & usage data: IP address, browser type, operating system, pages visited, time spent on site
- Cookies: see our Cookie Policy for full details
- Analytics data: anonymised usage patterns to improve our service
How We Use Your Information
We process your personal data for the following purposes:
- Healthcare provision: to assess your eligibility for treatment, prescribe medication, and provide ongoing clinical care (legal basis: performance of a contract and vital interests)
- Regulatory compliance: to meet our obligations under CQC regulations, MHRA requirements, and pharmacy legislation (legal basis: legal obligation)
- Communication: to send you treatment updates, appointment reminders, and important safety information (legal basis: legitimate interest and/or consent)
- Service improvement: to analyse anonymised data and improve our platform (legal basis: legitimate interest)
- Marketing: only with your explicit consent, which you can withdraw at any time
Special Category Data
Health data is classified as special category data under UK GDPR. We process this data under Article 9(2)(h) — for the purposes of preventive or occupational medicine, medical diagnosis, and the provision of health care treatment. Your health data is only accessible to our registered clinicians and authorised clinical staff.
Data Sharing
We may share your data with:
- Prescribing clinicians: UK-registered doctors and pharmacists who review your consultation
- Pharmacy partners: to dispense and deliver your medication
- Payment processors: to process transactions securely
- Regulatory bodies: CQC, MHRA, GPhC, or the ICO if required by law
- Your GP: only with your explicit consent, or where required for patient safety
We will never sell your personal data to third parties.
Data Retention
We retain your health records for a minimum of 10 years from the date of your last consultation, in line with NHS and regulatory guidance. Account data is retained for the duration of your account plus 2 years. You may request deletion of non-medical data at any time.
Your Rights
Under UK GDPR, you have the right to:
- Access your personal data (Subject Access Request)
- Rectify inaccurate data
- Request erasure (where not overridden by legal retention requirements)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with the Information Commissioner’s Office (ICO)
Data Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS 1.2+), encrypted storage, access controls, regular security audits, and staff training on data protection.
International Transfers
Your data is primarily stored and processed within the UK and EEA. Where any data is processed outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR.
Contact Us
For any data protection enquiries or to exercise your rights:
You also have the right to complain to the Information Commissioner’s Office: ico.org.uk