top of page

Privacy Policy

Effective Date: 01.03.2026

Last Updated: 01.03.2026

This Privacy Policy describes how Elizabethpharma Ltd (“we”, “our”, “us”) collects, uses, discloses, and protects personal information you (“you”, “your”, “patient”) provide when you visit or interact with the website for West Midlands Institute for Weight Management (the “Website”), and how we comply with UK data protection laws including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this Privacy Policy carefully. By using our Website, booking appointments, or making payments, you agree to the practices described in this Policy.

1. Who We Are

Data Controller:
Elizabethpharma Ltd
Company Number: 12596850
Registered Office: 84 Rowan Crescent, Wolverhampton, WV3 7HL, United Kingdom

Contact for Data Protection Matters:
Data Protection Officer: Hassan Bhatti
Email: Bhatti061989@hotmail.com
Telephone: 07477835373

2. The Personal Data We Collect

We collect personal and health data only when necessary to provide clinical services. This includes:

A. Personal Identification Data

  • Full Name

  • Postal Address

  • Email Address

  • Telephone Number

  • Date of Birth

B. Special Category (Health) Data

  • Medical history

  • Weight and BMI

  • Blood test results

  • Medication history

  • GP details

  • Clinical consultation notes

We do not collect website technical data such as IP addresses, cookies, analytics, or tracking unless required in the future (see Cookies section).

3. How We Collect Your Information

You provide most of the personal data directly when you:

  • Create an account

  • Book an appointment

  • Complete online forms

  • Attend clinical consultations

  • Make a payment

You may provide this data via forms on the Website or directly in consultation sessions with clinicians.

4. Legal Basis for Processing Your Data

We process your personal data on the following lawful grounds:

4.1 Contractual Necessity (Article 6(1)(b) UK GDPR)

Your personal and health data is processed to:

  • Provide clinical services

  • Manage consultations

  • Carry out necessary clinical assessments

  • Communicate with you regarding appointments and treatment

Processing this data is necessary to perform the service contract between you and us.

4.2 Legal Obligation (Article 6(1)(c) UK GDPR)

We process your data to comply with professional and legal obligations, including record keeping required by:

  • GPhC professional standards

  • Medicines legislation

  • Healthcare audit requirements

4.3 Provision of Healthcare (Article 9(2)(h) UK GDPR)

Health and medical data (special category data) are processed because it is necessary for the provision of healthcare by a qualified healthcare professional.

We do not rely solely on consent as a legal basis for processing clinical data.

5. Use of Your Personal Data

We use your information to:

  • Provide clinical services

  • Administer appointments

  • Process online payments

  • Perform clinical assessments and treatment

  • Communicate with you about your care

  • Maintain medical records

We do not use your data for marketing or profiling.

6. Payments and Financial Data

Online payments are processed via PayPal. We do not store your payment card information on our systems.

When you complete a payment, your information is transmitted directly to the payment processor (PayPal). We only receive payment confirmation and required payment details for service delivery.

We do not intentionally share financial data with third parties beyond what is necessary to complete the payment transaction.

7. Data Sharing and Third Parties

We do not intentionally share your personal data with any of the following:

  • GP practices

  • Laboratories

  • IT providers

  • Marketing platforms

  • Accountants

  • Other external entities

Third Parties with Limited Access

In certain circumstances, limited data may be accessed by:

  • PayPal: to process payments

  • Website Host (Wix): only if technical support is required

We retain control and responsibility for data even when shared for technical support.

8. Data Storage and Security

Your data is stored securely in:

  • UK-based servers

  • On an encrypted, password-protected local hard drive

  • Within the Elizabethpharma Medical System (encrypted)

We use appropriate technical and organisational measures to safeguard your data against unauthorised access, loss, misuse, or alteration.

9. Data Retention

We follow NHS-aligned retention standards:

Type of Record

Retention Period

Adult Clinical Records

Minimum 8 years

Prescription Records

Minimum 8 years

Appointment Records

Minimum 8 years

Administrative Data

Minimum 6 years

After the retention period, data is securely deleted or anonymised in accordance with UK GDPR.

10. Minors

This Website and our services are available only to individuals aged 18 or above.

We do not intentionally collect personal data from minors. If we discover data has been collected from anyone under 18, we will take steps to delete it promptly.

11. Cookies and Tracking Technologies

We currently do not actively use cookies, tracking pixels, or analytics on the Website.

Should this change in the future (e.g., to support online forms or security measures), we will implement an appropriate cookie notice and obtain clear consent where required by law.

12. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion (where lawful)

  • Restrict processing

  • Object to processing

  • Data portability (where applicable)

To exercise your rights, contact the Data Protection Officer at Bhatti061989@hotmail.com.

We aim to respond within one month, as required by law.

13. Complaints

If you have concerns about how your personal data is processed, you may:

Contact the ICO

The Information Commissioner’s Office (ICO) is the UK’s independent authority for data protection.

ICO Contact Details:
Website: https://ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

You also have the right to lodge a complaint with the ICO.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in legal requirements or operational needs.

The “Last Updated” date will reflect when changes are made.

15. Contact Us

Questions about this Privacy Policy should be sent to:
Bhatti061989@hotmail.com

End Of Policy

whatsapp Message
bottom of page