top of page

The General Data Protection Regulation (GDPR)

Privacy Notice

Last Updated: May 2026

Introduction

ElizabethPharma Ltd trading as West Midlands Institute for Weight Management (“WMIWM”, “we”, “our”, or “us”) recognises the importance of protecting and managing personal information in accordance with applicable UK data protection legislation, including the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and where applicable, the Privacy and Electronic Communications Regulations (“PECR”).

This Privacy Notice explains how we collect, use, store, protect, and process personal information when you use our website, services, suitability tools, booking systems, consultations, and associated communications.

Please read this Privacy Notice carefully.

Who We Are

The Data Controller is:

ElizabethPharma Ltd
Trading as: West Midlands Institute for Weight Management (WMIWM)

Email: enquiries@wmiwm.co.uk
Website: [https://www.wmiwm.co.uk/

For the purposes of UK GDPR and data protection law, ElizabethPharma Ltd is responsible for determining how your personal data is processed.

Our Services

WMIWM is a pharmacist-led private weight management service providing:

  • Weight management consultations

  • Clinical assessments

  • Prescribing services where clinically appropriate

  • Lifestyle and health awareness support

  • Follow-up reviews

  • Website-based informational and suitability tools

WMIWM is not an emergency medical service and our website tools do not provide diagnoses or emergency medical advice.

Information We May Collect

Depending on how you interact with our services, we may collect the following categories of information.

Personal Information

This may include:

  • Full name

  • Date of birth

  • Address

  • Email address

  • Telephone number

  • Appointment details

  • Payment and transaction information

  • Communication preferences

 

Health Information

Where relevant to the services we provide, we may collect health-related information including:

  • Height and weight

  • BMI and waist measurements

  • Medical conditions

  • Medication history

  • Allergies

  • Previous treatments

  • Lifestyle information

  • Relevant clinical observations

  • Suitability assessment information

Health information is classified under UK GDPR as “special category data”.

Suitability Checker

Our website may contain suitability or eligibility assessment tools designed to provide general informational guidance regarding our services.

The suitability checker is designed, where possible, not to request directly identifiable personal information during the initial assessment stage.

Responses submitted through the suitability checker are used to generate immediate informational guidance only and do not constitute:

  • a diagnosis,

  • a medical opinion,

  • or a guarantee of treatment eligibility.

Completion of the suitability checker does not guarantee that prescribing or treatment will be offered. Final clinical suitability is determined following formal assessment by a qualified prescribing clinician.

Booking And Payment Information

If you choose to proceed with booking an appointment or purchasing services, identifiable personal information will be collected and processed.

This may include:

  • Name

  • Contact details

  • Appointment information

  • Payment information

Booking and payment systems may be provided through third-party technology providers including Wix and associated payment processors.

How We Use Your Information

We may use your information for the following purposes:

  • To provide our services

  • To manage bookings and appointments

  • To communicate with you

  • To conduct clinical assessments

  • To determine prescribing suitability

  • To maintain clinical records

  • To comply with legal and professional obligations

  • To improve service quality

  • To maintain patient safety

  • To manage complaints or incidents

  • To comply with regulatory obligations

  • To process payments

  • To maintain website functionality and security

We may also use anonymised or aggregated information for service evaluation, audit, governance, and quality improvement purposes where individuals cannot reasonably be identified.

Legal Basis For Processing

Under UK GDPR, our lawful bases for processing personal information may include:

Article 6 UK GDPR

  • Article 6(1)(b) — processing necessary for performance of a contract

  • Article 6(1)(c) — compliance with legal obligations

  • Article 6(1)(f) — legitimate interests in operating and improving our services

 

Article 9 UK GDPR

Where health information is processed, additional conditions under Article 9 UK GDPR may apply, including:

  • Article 9(2)(h) — provision of health or social care or treatment

  • Article 9(2)(a) — explicit consent where appropriate

 

Confidentiality And Security

We take the confidentiality and security of personal information seriously.

We implement appropriate technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include:

  • Secure systems and access controls

  • Password protection

  • Encryption where appropriate

  • Restricted staff access

  • Staff confidentiality obligations

  • Secure backup procedures

  • Audit and monitoring processes

Only authorised individuals who require access to information for legitimate purposes will be permitted access.

Third-Party Providers And Data Processing

We may use carefully selected third-party providers to support our services and website operations.

These may include providers relating to:

  • Website hosting

  • Appointment booking systems

  • Payment processing

  • Email communications

  • Analytics

  • Website security

  • Cloud storage

  • Messaging systems

This may include technology providers such as:

  • Wix

  • Wix Bookings

  • Wix Payments

  • Stripe

  • PayPal

  • Google services

  • WhatsApp integrations

These providers may process personal information on our behalf under contractual arrangements designed to protect personal data.

International Transfers

Some third-party technology providers may process or store data outside the United Kingdom.

Where international transfers occur, we aim to ensure appropriate safeguards are implemented in accordance with UK GDPR requirements.

Cookies And Website Technologies

Our website may use cookies and similar technologies to:

  • Maintain website functionality

  • Improve user experience

  • Analyse website usage

  • Support security functions

  • Remember user preferences

Where required by law, consent will be requested before non-essential cookies are used.

Further information is available within our Cookie Policy and cookie consent tools.

Automated Website Tools

Automated website tools may be used to provide general informational suitability guidance.

These tools are intended to support user understanding only and do not replace professional clinical assessment.

Final prescribing and treatment decisions are always made following assessment by a qualified clinician.

How Long We Retain Information

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including legal, regulatory, clinical, insurance, governance, and professional obligations.

Retention periods may vary depending on the nature of the information and applicable legal requirements.

Your Rights

Under UK GDPR, you may have rights including:

  • The right to access your personal information

  • The right to request correction of inaccurate information

  • The right to request erasure in certain circumstances

  • The right to restrict processing

  • The right to object to certain processing

  • The right to data portability where applicable

  • The right to withdraw consent where consent is relied upon

Some rights may be limited where legal, clinical, regulatory, or professional obligations apply.

Requests relating to your information should be submitted in writing using the contact details provided below.

We may request proof of identity before disclosing information.

Marketing Communications

Where applicable, we may send service-related communications or marketing communications.

You may opt out of marketing communications at any time using the unsubscribe methods provided or by contacting us directly.

Children

Our services are intended for adults unless otherwise explicitly stated.

We do not knowingly collect personal information from children without appropriate lawful basis and safeguards.

Complaints

If you have concerns regarding how your information is managed, please contact us first so we can attempt to resolve the matter.

You also have the right to complain to the Information Commissioner’s Office (“ICO”).

Information Commissioner’s Office

Main Website: https://ico.org.uk/

To Make A complaint: https://ico.org.uk/make-a-complaint/

Telephone No: 0303 123 1113

Address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

ICO Registration

ElizabethPharma Ltd is registered with the Information Commissioner’s Office (ICO) as required under applicable data protection legislation.

ICO Registration Number: [INSERT ICO REGISTRATION NUMBER]

Contact Details

If you have questions regarding this Privacy Notice or your personal information, please contact:

ElizabethPharma Ltd
Trading as West Midlands Institute for Weight Management (WMIWM)

Email: enquiries@wmiwm.co.uk

Website: https://www.wmiwm.co.uk/

Changes To This Privacy Notice

We may update this Privacy Notice periodically to reflect changes in legal requirements, technology, services, or business operations.

The latest version will always be published on our website.

whatsapp Message
bottom of page