top of page

PEPTIDE WELLNESS™

PRIVACY POLICY

Last Updated: February 2026
Effective Date: February 2026

 

1. INTRODUCTION

This Privacy Policy explains how Peptide Wellness™ ("we," "us," "our," "the Company") collects, uses, stores, and protects your personal information when you use our services or visit our website.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller:
Peptide Wellness™
Lucy Hatton
United Kingdom
Email: thepeptidewellness@gmail.com
Website: peptidewellness.co.uk

 

2. INFORMATION WE COLLECT

2.1 Personal Information

When you book a consultation or use our services, we may collect:

Contact Information:

  • Full name

  • Email address

  • Phone number

  • Mailing address (if applicable)

Account Information:

  • Username/login credentials (if using client portal or app)

  • Payment information (processed securely via third-party processors)

Health & Lifestyle Information:

  • Date of birth

  • Gender

  • Health history and medical conditions (self-reported)

  • Current medications and supplements

  • Lifestyle habits (sleep, stress, exercise, nutrition)

  • Goals and objectives

  • Progress data (weight, measurements, energy levels, etc.)

Consultation & Service Data:

  • Consultation notes and summaries

  • Peptide protocols and plans

  • Training programs and nutrition frameworks

  • Progress tracking and data analysis

  • Communications (emails, messages, calls)

 

2.2 Information Collected Automatically

When you visit our website or use our services, we may automatically collect:

Technical Information:

  • IP address

  • Browser type and version

  • Device type and operating system

  • Time zone and location data (general, not precise)

  • Referring website

  • Pages viewed and time spent on pages

Cookies & Tracking:

  • We use cookies to improve user experience (see Section 8: Cookies)

 

2.3 Information from Third Parties

We may receive information from:

  • Payment processors (Stripe, GoCardless, etc.)

  • Booking systems (Calendly, Acuity, etc.)

  • App platforms (Trainerize, etc.)

  • Email service providers

We only receive information necessary to provide our services.

 

3. HOW WE USE YOUR INFORMATION

3.1 Lawful Basis for Processing

We process your personal data under the following lawful bases:

Consent: You provide explicit consent when booking services or signing consent forms
Contract: Processing is necessary to fulfill our service agreement with you
Legitimate Interests: We have legitimate business interests in providing services, improving quality, and communicating with clients

 

3.2 Purposes of Data Use

We use your information to:

Provide Services:

  • Deliver consultations and monthly services

  • Design bespoke protocols and plans

  • Track progress and analyze data

  • Provide support and accountability

Communication:

  • Send booking confirmations and reminders

  • Provide service updates and educational content

  • Respond to inquiries and support requests

  • Send marketing communications (with consent)

Business Operations:

  • Process payments and manage billing

  • Maintain accurate records

  • Improve service quality

  • Conduct research and analysis (anonymized)

Legal Compliance:

  • Comply with legal obligations

  • Protect against fraud and abuse

  • Enforce our Terms & Conditions

 

4. HOW WE SHARE YOUR INFORMATION

4.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

 

4.2 Third-Party Service Providers

We may share your information with trusted third-party providers who assist in delivering our services:

Payment Processors:

  • Stripe, GoCardless (payment processing)

  • They handle payment information securely and do not store full card details on our systems

App & Platform Providers:

  • Trainerize (training app)

  • DocuSign/PandaDoc (document signing)

  • Calendly/Acuity (booking systems)

  • Email service providers (e.g., Mailchimp, ConvertKit)

These providers:

  • Only receive information necessary to perform their functions

  • Are contractually obligated to protect your data

  • Are GDPR-compliant (or equivalent)

 

4.3 Legal Obligations

We may disclose your information if required by law, such as:

  • Responding to legal requests or court orders

  • Protecting our legal rights

  • Preventing fraud or harm

 

4.4 Business Transfers

In the event of a merger, acquisition, or sale of business assets, your information may be transferred to the new owner (with notice provided).

 

5. DATA SECURITY

5.1 How We Protect Your Data

We implement appropriate technical and organizational measures to protect your personal information, including:

Technical Measures:

  • Secure Socket Layer (SSL) encryption for data transmission

  • Encrypted storage of sensitive data

  • Secure password protection

  • Regular security audits and updates

  • Access controls and authentication

Organizational Measures:

  • Limited access to personal data (need-to-know basis)

  • Staff training on data protection

  • Confidentiality agreements with service providers

  • Data backup and recovery procedures

 

5.2 Data Retention

We retain your personal information for as long as necessary to provide services and comply with legal obligations.

Active Clients:

  • Data is retained for the duration of your service engagement

Inactive Clients:

  • Data is retained for 6 years after service ends (in line with UK business record-keeping requirements)

  • After this period, data is securely deleted or anonymized

Consultation-Only Clients:

  • Data is retained for 3 years after consultation date

You may request earlier deletion (see Section 6: Your Rights)

 

5.3 Data Breach Protocol

In the unlikely event of a data breach, we will:

  • Notify affected individuals within 72 hours (as required by GDPR)

  • Report to the UK Information Commissioner's Office (ICO) if required

  • Take immediate steps to contain and remedy the breach

 

6. YOUR RIGHTS UNDER UK GDPR

You have the following rights regarding your personal data:

6.1 Right to Access

You have the right to request a copy of the personal data we hold about you.

How to request: Email hello@peptidewellness.co.uk with subject line "Data Access Request"

Timeframe: We will respond within 1 month

 

6.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

How to request: Email thepeptidewellness@gmail.com with corrections

 

6.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances:

  • You withdraw consent

  • Data is no longer necessary for the purposes collected

  • You object to processing (and no overriding legitimate grounds exist)

Limitations:

  • We may retain data if required by law (e.g., tax records, contracts)

  • We may retain anonymized data for research purposes

How to request: Email thepeptidewellness@gmail.com with subject line "Data Deletion Request"

 

6.4 Right to Restrict Processing

You have the right to request that we limit how we use your data in certain circumstances.

 

6.5 Right to Data Portability

You have the right to request your data in a structured, commonly used, machine-readable format (e.g., CSV, PDF).

How to request: thepeptidewellness@gmail.com with subject line "Data Portability Request"

 

6.6 Right to Object

You have the right to object to processing of your data for:

  • Direct marketing purposes (opt-out at any time)

  • Processing based on legitimate interests

 

6.7 Right to Withdraw Consent

If processing is based on consent, you have the right to withdraw consent at any time.

Note: Withdrawal does not affect the lawfulness of processing before withdrawal.

 

6.8 Right to Lodge a Complaint

If you believe we have not handled your data properly, you have the right to lodge a complaint with:

UK Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

7. MARKETING COMMUNICATIONS

7.1 Consent

We will only send you marketing communications if you have:

  • Opted in to receive them, OR

  • You are an existing client and the communications relate to similar services

 

7.2 Opt-Out

You can opt out of marketing communications at any time by:

  • Clicking "Unsubscribe" in any marketing email

  • Emailing thepeptidewellness@gmail.com with subject line "Unsubscribe"

  • Updating your preferences in your account (if applicable)

 

7.3 Essential Communications

You cannot opt out of essential service communications (e.g., booking confirmations, payment receipts, important service updates).

 

8. COOKIES & TRACKING TECHNOLOGIES

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us improve your experience and analyze website performance.

 

8.2 Types of Cookies We Use

Essential Cookies:

  • Required for website functionality (e.g., login, booking forms)

  • Cannot be disabled

Analytics Cookies:

  • Help us understand how visitors use our website (e.g., Google Analytics)

  • Used to improve website performance

Marketing Cookies:

  • Used to deliver relevant ads (e.g., Facebook Pixel, Google Ads)

  • Track conversion from ads

 

8.3 Managing Cookies

You can control cookies through:

  • Browser settings: Most browsers allow you to refuse or delete cookies

  • Cookie consent tool: (if available on our website)

Note: Disabling cookies may affect website functionality.

 

8.4 Third-Party Cookies

Third-party services (e.g., Google Analytics, Facebook, Stripe) may set their own cookies. We do not control these cookies. Refer to their privacy policies for more information.

 

9. CHILDREN'S PRIVACY

Our services are not intended for individuals under 18 years of age.

We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child, we will delete it immediately.

If you believe we have collected data from a child, contact us at thepeptidewellness@gmail.com

 

10. INTERNATIONAL DATA TRANSFERS

10.1 Data Location

Your data is primarily stored and processed within the United Kingdom and European Economic Area (EEA).

 

10.2 Third-Party Transfers

Some third-party service providers may be located outside the UK/EEA (e.g., US-based platforms).

When data is transferred internationally, we ensure:

  • Adequate safeguards are in place (e.g., Standard Contractual Clauses)

  • Providers comply with GDPR or equivalent data protection standards

 

11. CHANGES TO THIS PRIVACY POLICY

11.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

 

11.2 Notification

When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this policy

  • Notify you via email (if you are an active client)

  • Post a notice on our website

 

11.3 Your Responsibility

Please review this Privacy Policy periodically to stay informed about how we protect your data.

 

12. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact:

Peptide Wellness™
Email: thepeptidewellness@gmail.comWebsite: peptidewellness.co.uk
Instagram: @thepeptidewellness

Data Protection Queries:
Email: thepeptidewellness@gmail.com with subject line "Data Protection Inquiry"

 

13. ACKNOWLEDGEMENT

By using our services, you acknowledge that:

 You have read and understood this Privacy Policy
You consent to the collection, use, and processing of your personal data as described
You understand your rights under UK GDPR

 

END OF PRIVACY POLICY

Last Updated: February 2026
Version: 1.0

bottom of page