Privacy Policy
Last updated: March 2026
The London Weight Loss Clinic Limited ("we", "us", "our", or "TLWLC") is committed to protecting your privacy and ensuring the security of your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding your data.
Data Controller
The data controller responsible for your personal data is:
The London Weight Loss Clinic Limited
128 City Road, London EC1V 2NX
+44 207 55 88 177
What Personal Data We Collect
As a healthcare provider, we collect and process the following categories of personal data:
Identity Information
Name, date of birth, gender, and identification documents for verification purposes.
Contact Information
Email address, telephone number, and postal address.
Health and Medical Data (Special Category Data)
Medical history, current medications, weight, height, BMI, health conditions, allergies, and treatment records. This data is essential for providing safe and effective medical care.
Transaction Information
Order history, payment details (processed securely by third-party payment providers), and prescription records.
Technical Data
IP address, browser type, device information, and cookies for website functionality and analytics.
Legal Basis for Processing Your Data
We process your personal data under the following lawful bases as defined by UK GDPR:
| Purpose | Legal Basis |
|---|---|
| Providing medical consultations and prescriptions | Performance of a contract; Provision of healthcare (Article 9(2)(h)) |
| Processing payments and orders | Performance of a contract |
| Maintaining medical records | Legal obligation; Provision of healthcare |
| Sending transactional emails (order confirmations, dispatch notifications) | Performance of a contract |
| Marketing communications to existing/former patients | Legitimate interest (soft opt-in under PECR) |
| Improving our services and website | Legitimate interest |
| Complying with regulatory requirements | Legal obligation |
Marketing Communications
As an existing or former patient, we may contact you with information about our prescription services, treatment options, and clinic updates that we believe may be relevant to your ongoing healthcare needs.
This is based on the "soft opt-in" provision under the Privacy and Electronic Communications Regulations (PECR), which allows businesses to send marketing emails to existing customers about similar products and services.
Your Right to Opt Out
You can unsubscribe from marketing communications at any time by:
- Replying "UNSUBSCRIBE" to any marketing email
- Emailing us at [email protected]
- Calling us on +44 207 55 88 177
Opting out of marketing will not affect transactional communications (e.g., order confirmations, prescription reminders) or your medical care.
Who We Share Your Data With
We may share your personal data with:
- GMC-registered prescribers who review and approve prescriptions
- Partner pharmacies (e.g., Simple Online Pharmacy) for dispensing and delivery
- Payment processors (e.g., Revolut, Stripe) for secure payment handling
- Healthcare management systems (e.g., Cliniko) for appointment and patient record management
- Regulatory bodies (e.g., CQC, MHRA) when required by law
We do not sell your personal data to third parties for marketing purposes.
How Long We Retain Your Data
Medical records: In accordance with NHS guidelines and professional body requirements, we retain medical records for a minimum of 10 years from the date of last treatment, or longer if clinically appropriate.
Prescription records: Retained for 10 years as required by pharmacy regulations.
Transaction records: Retained for 7 years for tax and accounting purposes.
Marketing preferences: Retained until you opt out or for 3 years of inactivity.
Website analytics: Retained for up to 26 months.
Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Secure authentication for patient accounts
- Regular security assessments and updates
- Staff training on data protection
- Access controls limiting data access to authorised personnel only
Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data (subject to legal retention requirements).
Right to Restrict Processing
Request limitation of how we use your data.
Right to Data Portability
Request your data in a machine-readable format.
Right to Object
Object to processing based on legitimate interest, including marketing.
To exercise any of these rights, please contact us at [email protected]. We will respond within one month.
Cookies
Our website uses cookies to enhance your browsing experience and analyse site traffic. Cookies we use include:
- Essential cookies: Required for website functionality and secure login.
- Analytics cookies: Help us understand how visitors use our website (e.g., Google Analytics).
- Preference cookies: Remember your settings and choices.
You can manage cookie preferences through your browser settings.
Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on our website or by email. We encourage you to review this page periodically.
Questions About This Policy?
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: