Privacy Policy

Who we are

Suggested text: Our website address is: https:.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.

Last updated: February 23, 2025

Introduction

This privacy policy covers the collection, use, and disclosure of information practices while on our website. This privacy policy together with our terms and conditions and other agreements with you forms the basis on which we will collect and process your data. In this policy, InjectaHealth is referred to as “we,” “us,” “our.” The policy describes how we collect, store, and process your data on this website and how to contact us in the event you have a complaint.

When we collect and use your personal data, we are subject to the UK General Data Protection Regulation (UK GDPR), retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (EU GDPR), and the Data Protection Act 2018. For the purposes of these regulations, InjectaHealth is the ‘data controller’, that is, the company which is responsible for and controls the processing of your personal data. We are committed to ensuring that your privacy is protected in accordance with both UK and EU data protection laws. The Department of Health recommends minimum retention periods for health records, which we follow at all times.

Personal Data We May Collect About You

Before you use certain areas of this Website, we will ask you to register by requiring you to enter your personal information, including ‘sensitive personal data’ as defined by the Regulation. For example, we will obtain your personal data when you register to use this Website, complete the online medical questionnaire, send us feedback, post material, contact us for any reason, sign up to a service, and purchase goods or services.

We may collect and use the following personal information about you:

Your name and contact information, including your residential address, email address, telephone number, and company details if applicable;
Information to enable us to check and verify your identity, such as your date of birth and other identification documents when required;
Your medical details, opinions, and health information provided through questionnaires and consultations;
Your gender information and other demographic details;
Your location data and IP address when accessing our services;
Your billing information, transaction details, and payment card information (processed securely through our payment providers);
Your contact history, purchase history, and saved items in your account;
Information to enable us to undertake credit or other financial checks on you when necessary;
Information about how you use our Website, IT, communication, and other systems;
Your responses to surveys, competitions, and promotions if you choose to participate;
Your NHS number and other healthcare identifiers;
Video consultation recordings and associated metadata;
Any correspondence between you and us.

We may also obtain sensitive personal data about you if you volunteer it by completing the online medical questionnaire. If you volunteer such information, you will be consenting to our processing it for the purpose of obtaining a medical opinion and purchasing the treatment.

This personal data is required to provide products and services to you. If you do not provide the personal information we ask for, it may delay or prevent us from providing products and services to you.

How Your Personal Information is Collected

We collect most of this personal information directly from you via our Website, by telephone, email, or video consultation. However, we may also collect information:

Directly From You

When you:

Create an account on our website and maintain your account information
Complete forms, questionnaires, and surveys
Register for and participate in our services
Purchase or express interest in our products and services
Communicate with us by phone, email, or video consultation
Take part in video consultations with our healthcare professionals
Post comments or reviews on our platforms
Report problems with our services
Sign up for our newsletters or marketing communications

From Your Use of Our Website and Services

We may monitor your use of this Website through the use of cookies and similar tracking devices. For example, we may monitor:

How many times you visit our website
Which pages you navigate to
Traffic data and patterns
Location data
The originating domain name of your internet service provider
Technical information about your equipment, browsing actions, and patterns

Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. For further information on our use of cookies, please see our Cookie Policy.

From Third Parties

We may receive information about you from:

Your healthcare providers (with your explicit consent)
Credit reference agencies
Customer due diligence providers
Analytics providers
Advertising networks
Search information providers
Our technology and payment service providers

Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you in order to help us improve and personalize our service to you.

How and Why We Use Your Personal Information

Under data protection law, we can only use your personal information if we have a proper reason for doing so. We must have one or more of the following lawful bases:

To comply with our legal and regulatory obligations
For the performance of our contract with you or to take steps at your request before entering into a contract
For the purposes of medical diagnosis and the provision of healthcare and treatment
For our legitimate interests or those of a third party
Where you have given consent

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

What we use your personal information for	Our reasons	Our legitimate interests
To provide treatment and healthcare services	- For the performance of our contract with you - Legitimate interests	- Ensuring quality healthcare provision - Maintaining accurate medical records - Providing continuity of care
Processing payments and managing financial transactions	- For the performance of our contract with you - Legal obligation	- Efficient business operations - Preventing fraud
Managing your account and relationship with us	- For the performance of our contract with you - Legitimate interests	- Keeping records up to date - Providing customer service
Recording video consultations	- Legal obligation - Legitimate interests	- Quality assurance - Training purposes - Audit requirements

We may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal information.

Marketing Communications

We may use your personal information to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services.

We have a legitimate interest in processing your personal information for promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal information with the utmost respect and never sell it to other organisations for marketing purposes. You have the right to opt out of receiving promotional communications at any time by:

Contacting us using the details provided at the bottom of this policy
Using the ‘unsubscribe’ link in emails
Updating your marketing preferences in your account settings

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Cookie Usage and Website Technologies

Our website uses cookies and similar technologies to distinguish you from other users of our website. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or device if you agree. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

Essential Website Cookies

These cookies are strictly necessary for the operation of our website and e-commerce platform. They include:

Session cookies that enable you to carry out essential functions on our site, such as maintaining your shopping cart contents between pages and keeping you logged in during your visit
Authentication cookies that allow us to identify registered users and ensure they can access their authorized areas
Security cookies that help us detect and prevent fraudulent activity and ensure the security of your account

WooCommerce Specific Cookies

As we use WooCommerce for our e-commerce functionality, the following cookies are essential for the shopping features of our website:

woocommerce_cart_hash: Helps WooCommerce determine when cart contents/data changes
woocommerce_items_in_cart: Helps WooCommerce determine when cart contents/data changes
wp_woocommerce_session_: Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer
Cookie_notice_accepted: Records if you have acknowledged our cookie notice

Payment Processing Cookies

Our payment processors (Stripe and WooPayments) use cookies to help secure transactions and prevent fraudulent activities:

Stripe session cookies for secure payment processing
Payment verification cookies
Anti-fraud monitoring cookies
Transaction state management cookies

Functionality Cookies

These cookies enable helpful but non-essential functions on our website:

Remembering your preferences and settings
Improving your browsing experience
Enabling specific features you have selected

Analytics and Performance Cookies

We use these cookies to understand how visitors interact with our website:

Collecting information about which pages you visit most often
Noting if you get any error messages
Understanding which links you click on
Recording if you have seen specific notifications or announcements

You can manage cookie preferences through your browser settings. Most web browsers allow some control of most cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Data Security and Protection Measures

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Our security measures include:

Technical Security Measures

We employ industry-standard encryption and security technologies including:

SSL/TLS encryption for all data transmission over our website
Advanced encryption for sensitive medical data storage
Regular security assessments and penetration testing
Continuous monitoring for potential security threats
Regular system updates and security patches

Organizational Security Measures

We maintain strict organizational controls including:

Limited access to your personal information to those employees, agents, contractors and other third parties who have a business need to know
Strict confidentiality obligations binding these parties
Regular staff training on data protection and security
Detailed security and data protection policies and procedures

Payment Security

Our payment processing systems adhere to the highest security standards:

PCI-DSS compliance for all payment processing
Regular security audits of payment systems
Encryption of all payment data
No storage of complete payment card details on our servers

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. While we implement the security measures described above, transmission of information via the internet is not completely secure. Any transmission is at your own risk.

Data Retention and Storage

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider:

The amount, nature, and sensitivity of the personal data
The potential risk of harm from unauthorized use or disclosure of your personal data
The purposes for which we process your personal data
Whether we can achieve those purposes through other means
The applicable legal, regulatory, tax, accounting, or other requirements

Specific Retention Periods

By law, we must keep different types of information for different periods:

Type of Data	Retention Period	Reason
Medical Records (Adults)	10 years after last treatment	NHS and healthcare regulations
Medical Records (Children)	Until age 25 or 26 if treatment ends at 17	NHS and healthcare regulations
Video Consultations	8 years	Clinical audit requirements
Financial Records	7 years	Tax and accounting requirements
Marketing Data	2 years after last interaction	Business purposes

In some circumstances, you can ask us to delete your data. See ‘Your Rights’ below for further information. In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

International Data Transfers

We may share your personal data within our group of companies and with external third parties, which may involve transferring your data outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Your Legal Rights Under UK GDPR

Under the UK GDPR and data protection laws, you have specific rights in relation to your personal data. We have created this comprehensive guide to help you understand your rights and how to exercise them:

Your Right	What This Means	Important Notes
Right to Access (Subject Access Request)	- Obtain confirmation if we process your data - Receive a copy of your personal data - Understand how we use your data	- We may need to verify your identity - Complex requests may take longer - Electronic format provided where possible
Right to Rectification	- Correct inaccurate personal data - Complete incomplete personal data - Update outdated information	- We may need evidence of accuracy - Third parties will be notified - Medical records updates need verification
Right to Erasure ("Right to be Forgotten")	- Request deletion of personal data - Remove data no longer needed - Withdraw consent for processing	- May be limited by legal obligations - Medical records have retention requirements - Some data must be kept for regulatory purposes
Right to Object	- Object to direct marketing - Object to processing based on legitimate interests - Object to research/statistics use	- Absolute right for direct marketing - Must have grounds relating to your situation - May be overridden by compelling legitimate grounds
Right to Restrict Processing	- Limit how we use your data - Temporarily stop processing - Keep but not use your data	- Applies in specific circumstances - Storage permitted while restricted - Will inform you before lifting restriction
Right to Data Portability	- Receive your data in readable format - Transfer data to another provider - Direct transfer where technically possible	- Only applies to electronic data - Must be technically feasible - Limited to data you provided
Right to Withdraw Consent	- Withdraw previously given consent - Stop consent-based processing - Choose communication preferences	- Will not affect previous processing - Alternative legal basis may apply - May affect service provision

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided below. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you:

Specific details about your request
Proof of identity
Additional information to help us locate your data
Written authorization if acting on behalf of someone else

Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Officer:

InjectaHealth
268-270 New Hall Lane Preston PR1 4ST
Email: enquiry@injectahealth.com

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk