Privacy Policy
1. Introduction
We are committed to protecting and respecting your privacy. Therefore this Privacy Policy (the ’Policy’) sets out the basis on which any personal data we collect about you, or that you provide to us, is processed by us.
Please read the Policy carefully to understand our views and practices regarding your personal data and how we will treat it. By using our online services (including our site located at www.weightlossyork.co.uk and purchasing products and accessing our services) you agree to the use we make in accordance with this Policy of all personal data you provide to us or we collect about you. If you do not agree with any term in this Policy, please do not use our online services.
2. The Company
www.weightlossyork.co.uk is a website and service operated by Outcome Diagnostics Limited (’we’/’us’). We are a company registered in England and Wales under company number 13190700. Our registered office is located at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
For the purpose of the Data Protection Act 2018 (the “Act”), we are the controller of your personal data. Our nominated representative for the purpose of the Act is available on request.
3. Data we may collect from you
In this Policy your ’data’ means information or pieces of information relating to you or that could allow you to be directly or indirectly identified. We may collect, use, store and transfer different kinds of data about you:
Contact Data includes data such as your email address, telephone number and correspondence address.
Identity Data includes data such as first name, last name, username or similar identifier, date of birth and gender assigned at birth, photographs of you that you send to us.
Health Data includes your responses to our online consultations and any other information you provide to us about your physical or mental health, including current medication and your GP details if you choose to provide that to us.
Technical Data includes data such as internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website and any communications we may send to you.
Usage Data includes information about how you use our website such as information about your visit to our website, including the full Uniform Resource Locators (URL) clickstream to and through, pages you viewed or searches you made, page response times, download errors, length of visit, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Marketing Data includes your preferences in receiving marketing from us.
We do not knowingly collect the data of children. Please do not provide data to us unless you are at least 18 years old.
Data you voluntarily provide
From time to time you may provide data to us. This may be because:
You take one of our online consultations or register to receive communications.
You contact us via email or phone. If you do, we may keep a record of that correspondence and record the phone call.
You complete surveys that we use for research purposes. These, however, are not mandatory.
You purchase services or products through our online service.
You respond to our request for identification documents.
You provide services to us and/or our website users.
You provide feedback to us.
You otherwise contact us, including with queries, comments, or complaints.
You make a claim under one of our guarantees.
We shall process all such data in accordance with this Policy. Certain data is mandatory and must be provided to us so that we can fulfil your request (for example, to purchase services or products on our website), and we shall make this clear to you at the point of collection of the data.
All data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data and we suspect or identify fraud, we will record this and we may also report this to the appropriate authorities.
Data we automatically collect about you
When you use our website we may automatically collect and store information about your Technical Data and Usage Data for the purposes of research and analysis.
Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why we use them, and how you can control them, please see section 12 on cookies in this policy.
Data we receive from others
If we have reason to believe that any of the data you have provided to us is inaccurate, we may receive further data from third parties - such as credit reference agencies, the electoral register, and our verification partners - to verify your identity and confirm the validity of the data.
We may also receive data about you from our third party service providers, including our payment service provider and our analytic service providers. In addition, our business relies on collaboration with third parties such as our prescribers, pharmacies, doctors, and blood testing companies and so we may therefore receive information about you from them.
4. Legal basis for processing your data
We will only use your data where we have a lawful basis to do so. The lawful purposes that we rely on under this Policy are:
Consent (where you choose to provide it).
Performance of our contract with you.
Compliance with legal requirements.
Legitimate interests. When we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.
If you register and use our website we shall use Contact Data, Identity Data and Health Data in order to provide you access to our website and to supply you with products and consulting services all in accordance with our Terms of Use and Terms of Sale as applicable. You agree that we cannot provide consulting services or products to you unless you provide us with and permit us to process your Health Data.
We may from time to time need to use Contact Data and/or Identity Data to comply with any legal obligations, demands or requirements - for example, as part of anti-money laundering processes or to protect a third-party’s rights, property or safety.
We may also use any of your data, except your Health Data, for our legitimate interests including:
To improve our website and our services.
In connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
To deal with any questions or comments you raise.
For audit purposes.
To contact you about changes to this Policy and/or our Terms.
5. Who do we share your data with?
For our legitimate interests, we may share your data with our service providers, sub-contractors, consultants and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, group companies, accountants, auditors and lawyers.
We shall provide our service providers, sub-contractors, consultants and agents only with such of your data as they need to provide the service for us and if we stop using their services, we shall request that they delete your data or make it anonymous within their systems
As noted above, our business relies on collaboration with third parties such as our prescribers, pharmacies, and blood testing companies, so we will share data about you with them - in particular your Contact Data and Health Data. Again, you agree that we cannot provide consulting services or products to you unless we share your Health Data with these third parties.
If in accordance with our Terms and Conditions we need to verify your identification, we shall share some of your Contact Data and Identity Data with our verification partners.
To facilitate the delivery of your order to you, you also understand and agree that we will use third-party delivery companies (such as Royal Mail and other delivery service companies) to deliver products to you and so we shall share your Contact Data with them.
To evaluate the performance of our business at a granular level we may occasionally send data to validated third parties for the purposes of evaluating ongoing performance.
We ensure that any data we disclose in accordance with our Policy is kept to the minimum required to allow the safe and effective delivery of services to you, and will never knowingly share with third parties who do not comply with the Act.
Only with your consent shall we provide your data, including your Health Data, to your own GP.
If we need to use your data to comply with any legal obligations, demands or requirements (for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety), then in doing so, we may share your data with third party authorities and regulatory organisations and agencies.
If we choose to merge, sell assets, consolidate or restructure, finance, or sell all or a portion of our business by or into another company then the new owners may use your data in the same way that we do as set out in this Policy.
We may also occasionally use your data to receive feedback about our services.
6. Third Party Service providers
Currently, we work with the following third party service providers:
Semble - to provide our clinical patient management system (https://www.semble.io/privacy-policy ).
Pharmacy Online - to dispense and dispatch prescriptions for our weight loss clinic service (https://www.pharmacyonline.co.uk/customer-care/privacy-policy/ )
Google Analytics – to help us analyse how people use its websites and identify improvements (https://www.google.com/policies/privacy/).
Facebook – to help us understand how users find our site and identify improvements to the way we advertise our services (https://en-gb.facebook.com/policies/ads).
Google Stack – to help us understand how users find our site and identify improvements to the way we advertise our services; to help us optimize our site to help users find the information they are looking for (https://policies.google.com/privacy?hl=en).
YouTube – to help us understand how users find our site and identify improvements to the way we advertise our services (https://www.youtube.com/intl/en-GB/yt/about/policies/).
Bing Ads – to help us analyse how people make use of our website and identify improvements; to measure the effectiveness of advertisements and communications; to provide relevant advertisements and communications to users (https://privacy.microsoft.com/en-gb/privacystatement).
Crisp – to enable our customer care team to communicate with customers (https://crisp.chat/en/privacy/ )
7. Where we store your data
The data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom and/or European Economic Area (’EEA’). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of services.
Where your data is transferred outside the United Kingdom and/or the EEA, it will only be transferred to countries that have been identified as providing adequate protection for data or to a third party where we have approved transfer mechanisms in place to protect your data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).
8. Information security
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data.
These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store data.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our online properties, you are responsible for keeping this password confidential. You should not share this password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
9. Marketing
You may request or consent to receive marketing email messages such as special offers from us about our website and our services and business generally. You may do so by ticking the ‘Please keep me updated’ box when you sign up.
You can choose to no longer receive such marketing emails from us by contacting us via email at customer.service@medicspot.co.uk. You can also opt out by clicking ’Unsubscribe’ at the bottom of any marketing email.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send you marketing information.
10. Your rights
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. You can exercise any of these rights at any time by contacting us at customer.service@medicspot.co.uk .
Right of access: you have the right to obtain from us a copy of the data that we hold for you.
Right to rectification: you can require us to correct errors in the data that we process for you if it is inaccurate, incomplete or out of date.
Right to portability: you can request that we transfer your data to another service provider if you initially provided consent for us to use the data or where we used the data to perform a contract with you.
Right to restrict or object to processing: in certain circumstances, you have the right to require that we restrict the processing of your data if you believe our processing impacts on your fundamental rights and freedoms. However, we may demonstrate that we have legitimate grounds to process your data not withstanding your rights and freedoms.
Right to be forgotten: you also have the right at any time to require that we delete the data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your data in accordance with applicable laws, and when we respond to your request we shall notify you of any specific legal reasons that we have to retain your data.
Right to stop receiving marketing information: you can ask us to stop sending you information about our services, but please note we shall continue to contact you in relation to any matters relating to your account, if you have one.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive, and we may ask for identification from you before we can fully respond to your request.
If you have any complaints in relation to this Policy or otherwise in relation to our processing of your data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time. You do also have the right to contact the Information Commissioner (see www.ico.org.uk), or if you are based outside of the United Kingdom, please contact your local regulatory authority.
11. Retention of data
Subject to the provisions of this Policy, we will retain data in accordance with applicable laws. This means that we shall retain your data for as long as you have an account with us or otherwise access or use our site. However, we may also be required to retain data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents and in order to deal with any dispute you might raise. You acknowledge and agree that we are required by law to archive electronic patient records including your personal information, communication and treatments for a minimum of 10 years.
Where we have no legal basis for continuing to process your data, we shall either delete or anonymise it or, if this is not possible (for example, because your data has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
12. Cookies
What are cookies?
We use cookies on our website. Cookies are small pieces of data that are stored on your computer, mobile phone or other devices.
We also use pixels, which are small blocks of code on web pages that do things like allow another server to measure viewing of a webpage. These are often used in connection with cookies.
We also use other tracking technologies like web beacons (sometimes called “tracking beacons” or “clear gifs”) and local storage. These are tiny graphics files that contain a unique identifier that enable us to recognise when someone has visited our website or opened an email that we have sent them.
You can find more information about cookies at https://www.cookieyes.com.
How we use cookies
Cookies help us to operate our website and provide services to you. In particular, they can:
Make your online experience more efficient and enjoyable, including by recognising you when you return to our website and by customising the website according to your individual interests.
Enhance and customise your experience across our website, including by speeding up your searches.
Enable us to perform research and carry out analytics.
Deliver advertising and marketing that is relevant to you.
Third party cookies enable third party features or functionality to be provided on or through our website, such as advertising, interactive content and analytics. These third parties are responsible for the cookies they set on our website and we have no control over them.
What cookies do we use?
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. For instance, cookies to enable you to log in to access our services, or cookies that are needed to take advantage of our e-billing services.
Performance cookies. These cookies allow us to track how our users use our website, the number of visits on each page, and behaviour on each page. This helps us optimise our website so you can find the things you are looking for and have the best experience possible.
Functionality cookies. These cookies allow us to recognise you by name and create a more personalised experience for you.
Analytics cookies. These cookies record your visit to our website, the pages you have visited and the links you may have clicked. We will use this information to curate services and content based on your needs. This information may also be shared with third-party providers.
Advertising cookies. We use cookies to help us show adverts to you from other websites across the internet based on your actions on our website and elsewhere. If you have viewed a page about erectile dysfunction on our website, we may advertise our prescribing services to you on other websites. If you would like more information on behavioural advertising/retargeting, including how to opt out of it, please visit https://www.cookieyes.com.
What technical information do we collect about your device?
We collect the following information about the device you are using to access our website:
The type of device you use.
Network information.
Your operating system.
Your IP address.
The browser you are using and what version it is.
Your time zone setting.
Usage data
We collect usage data about your activities on our website, including:
The full Uniform Resource Locators (URL) clickstream to, through and from our online properties (including date and time).
The different types of services/products you viewed or searched for.
Page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Any phone number used to call our customer service number.
How can you control cookies?
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our online services. Unless you have adjusted your browser’s settings so that it will refuse cookies, our system will issue cookies when you log on to our online properties.
To change your cookie settings, or if you want to be notified each time a cookie is about to be used, you should amend the settings provided in your web browser to prevent us from storing cookies on your computer hard drive.
Most advertising networks also offer you the option to opt out of targeted advertising. For more info, visit http://www.aboutads.info/choices/ or https://www.cookieyes.com.
You can manage your cookie settings by following your browser's instructions. Here are some links that might be of assistance:
Google Chrome
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
Microsoft Internet Explorer
https://support.microsoft.com/en-nz/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari
https://support.apple.com/en-nz/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Microsoft Edge
The above cookies are not exhaustive. For more information regarding the specific cookies used, please view the link: https://www.cookieyes.com.
13. General
Our website may contain links to third party websites, plug-ins and applications. We are not responsible for the content of such third party content, or their privacy statement/s. If you provide any information to the third party, then you should check the third party website to find the applicable privacy policy.
If any provision of this Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.
Any changes we may make to our Policy in the future will be posted on this page and, if the changes substantially affect your rights or obligations, we shall notify you if we have your email address.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to Outcome Diagnostics Limited, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ or via email at customer.service@medicspot.co.uk.
This Policy was last updated on 13/05/2024. You may contact us if you wish to review any previous version.