HealthMatters Group Limited – Privacy Policy
Last updated: 7th September 2025
Our Privacy Principles
At HealthMatters Group Ltd (“we”, “our”, “us”), we are committed to protecting your privacy and handling your personal data responsibly. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
We collect only the personal data necessary to provide our services, keep it secure, and use it only for purposes that are fair, lawful, and transparent.
If you have any questions, please contact our Data Controller, James Lamper, at:
help@healthmattersgroup.co.uk | 020 7622 7727
WHO WE ARE
This privacy policy applies to HealthMatters Group Ltd, which operates the following websites:
- www.weightmatters.co.uk
- www.emotionmatters.co.uk
- www.nutritionalmatters.co.uk
- www.surgicalweightmatters.co.uk
- www.healthmattersgroup.co.uk
- www.healthmattershealth.co.uk
Registered office:
c/o Wilson Partners, Arena Court, Crown Lane, Maidenhead SL6 8QZ
Company number: 05654323
Other Websites
This policy applies only to our websites and services. If you follow links to other websites, their own privacy policies will apply.
How do we collect your personal information?
We collect personal data in the following ways:
- Website forms – enquiries, bookings, assessments, and downloadable resources
- Phone, SMS, and WhatsApp – including recorded calls on our secure system
- Email communication – including enquiries, booking confirmations, and follow-ups
- Therapy, nutrition, health coaching, and medical sessions – information you provide directly to your practitioner or coach
- Cookies & analytics – see our Cookie Policy for details
Secure third-party integrations – including platforms used for bookings, billing, communication, and video consultations
What information do we collect?
We may collect the following types of information:
Personal Information
- Name, address, email, and telephone number
- Payment and billing details
- Communication preferences
- IP address and device information
Special Category (Sensitive) Data
- Health-related information, including medical history, diagnoses, treatment plans, coaching goals, and lifestyle details
- We process this data under Article 9(2)(h) UK GDPR (health or social care purposes) and Schedule 1, Para 2 of the Data Protection Act 2018.
We maintain an appropriate policy document as required by law to explain how we handle sensitive data securely.
How do we use personal information?
We process your data for the following purposes:
- To respond to your enquiries and provide requested information
- To deliver therapy, nutrition, health coaching, and related healthcare services
- To manage appointments, billing, and secure payments
- To maintain clinical records in line with professional and legal obligations
- To send service updates and administrative notices
- To deliver relevant marketing communications (with consent or under soft opt-in rules)
- To improve our websites, services, and communications
- To ensure security and prevent fraud
OUR LAWFUL BASES FOR PROCESSING
| Purpose | Lawful Basis (UK GDPR) |
| Responding to enquiries | Legitimate interests / steps before entering a contract (Art. 6(1)(f) / 6(1)(b)) |
| Providing therapy, nutrition, medical, and health coaching services | Performance of contract (Art. 6(1)(b)) and health care purposes (Art. 9(2)(h)) |
| Managing billing & compliance | Legal obligation (Art. 6(1)(c)) |
| Sending marketing emails, SMS, WhatsApp, or calls | Consent (Art. 6(1)(a)) or soft opt-in legitimate interest (Art. 6(1)(f)) |
| Call recordings | Legitimate interests (Art. 6(1)(f)) – for quality, accuracy, and enquiry follow-up |
DIRECT MARKETING
We may contact you about our services by email, SMS, phone, or WhatsApp:
Soft Opt-In (12 Months)
If you provide your details during an enquiry or booking, we may contact you about similar HealthMatters services for up to 12 months, unless you opt out.
Explicit Consent (24 Months)
If you explicitly subscribe to updates, we may contact you for up to 24 months or until you withdraw consent.
Your Rights
- You can unsubscribe at any time by clicking the link in emails or replying “STOP” to texts.
- We maintain a suppression list to ensure we never contact you if you opt out.
- We never sell your data or share it with third parties for marketing purposes.
When do we share personal data?
We only share your data when necessary to deliver our services:
- With your assigned therapists, nutritionists, health coaches, or medical professionals
- With secure third-party platforms for bookings, communications, and billing
- With healthcare professionals (e.g., your GP) only with your consent, unless legally required
All partners must meet UK GDPR security and confidentiality standards.
CALL RECORDINGS
We use a secure phone platform to record calls for:
- Ensuring accuracy of information
- Service quality monitoring
- Resolving disputes if needed
Retention:
- For enquiries who do not become clients → call recordings are retained for 12 months under our soft opt-in policy.
- For enquiries who become clients → call recordings are linked to their client record and retained for 7 years from the end of treatment.
Recordings are encrypted and accessible only to authorised staff.
SMS & WHATSAPP DATA
- Enquiry messages: Retained for up to 12 months from the last contact, in line with soft opt-in rules.
- Client-related messages: If used to discuss treatment, coaching goals, or appointments, we treat these as part of your clinical records and keep them for 7 years.
- If you unsubscribe from marketing, your contact details are added to our suppression list to ensure no further outreach.
WHERE WE STORE AND PROCESS DATA
We store personal data on secure, encrypted systems. Where data is processed outside the UK, we use approved safeguards such as the UK International Data Transfer Agreement or equivalent protections.
HOW WE SECURE YOUR DATA
We take multiple measures to protect your data, including:
- Regular security audits of third-party vendors
- Role-based access controls
- Encrypted communications and secure storage
- Two-factor authentication on critical systems
- Staff training on data protection and confidentiality
HOW LONG WE KEEP YOUR DATA
| Data Type | Retention Period | Rationale |
| Enquiry leads (soft opt-in) | 12 months from last contact | To follow up on your initial enquiry |
| Call recordings | 12 months for enquiries only; 7 years if linked to client records | Training, quality monitoring, and continuity of client care |
| Marketing subscribers (explicit opt-in) | 24 months or until withdrawal | Consent-based engagement |
| Suppression list | Indefinite | Ensures no further marketing contact |
| Therapy, nutrition, medical & health coaching records | 7 years from the end of treatment | Required by UK healthcare regulations |
| Client admin data (emails, bookings, account history) | 7 years from the end of treatment | Linked to client record retention |
| SMS & WhatsApp messages | 12 months for enquiries; 7 years if linked to client records | Aligns with soft opt-in + healthcare obligations |
| Financial records | 7 years | Required by HMRC |
After these periods, we securely delete or anonymise your data.
YOUR DATA RIGHTS
After these periods, we securely delete or anonymise your data.
Under UK GDPR, you have the right to:
- Access the data we hold about you
- Request correction of inaccurate information
- Request deletion of data (unless legal obligations prevent it)
- Restrict processing in certain circumstances
- Object to marketing at any time
- Withdraw consent where we rely on it
- Complain to the ICO if you believe your data is misused
For more details, visit: https://ico.org.uk/concerns/
CHANGES TO THIS POLICY
We review this policy regularly and update it as needed. Please check back periodically to stay informed.