NUORA
NUORAGet Started

Legal

Privacy Policy

Last updated: 4 February 2026

1. Introduction

NUORA Health Limited ("NUORA", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our weight management services and website at nuorahealth.com.

We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: NUORA Health Limited
Contact Email: privacy@nuorahealth.com
GPhC Registration: Regulated by the General Pharmaceutical Council

2. Information We Collect

2.1 Personal Information

  • Name, date of birth, and contact details (email, phone, address)
  • Payment and billing information
  • Account login credentials
  • Communication preferences

2.2 Health Information (Special Category Data)

  • Medical history and current health conditions
  • Current medications and allergies
  • Weight, height, BMI, and body measurements
  • Clinical assessment responses
  • Prescriber consultation notes
  • Treatment progress and outcomes

2.3 Technical Information

  • IP address and device identifiers
  • Browser type and operating system
  • Pages visited and interaction data
  • Cookies and similar technologies (see our Cookie Policy)

3. How We Use Your Information

3.1 Healthcare Provision (Lawful Basis: Legitimate Interest / Contract)

  • Assess your eligibility for weight management treatment
  • Prescribe and dispense appropriate medications
  • Provide clinical consultations and ongoing care
  • Monitor your treatment progress and safety
  • Communicate important health information

3.2 Service Operations (Lawful Basis: Contract)

  • Process payments and manage subscriptions
  • Deliver medications to your address
  • Respond to your enquiries and support requests
  • Send service-related communications

3.3 Legal and Regulatory Compliance (Lawful Basis: Legal Obligation)

  • Maintain pharmacy records as required by the GPhC
  • Report adverse drug reactions to the MHRA
  • Comply with NHS and healthcare regulations
  • Respond to lawful requests from authorities

4. Data Sharing

We may share your information with:

  • Healthcare Professionals: Prescribers, pharmacists, and clinical staff involved in your care
  • Your GP: With your consent, we may share relevant treatment information
  • Delivery Partners: To fulfil medication deliveries (limited to delivery information only)
  • Payment Processors: To process secure payments (we do not store full card details)
  • Regulatory Bodies: GPhC, MHRA, and NHS as required by law

We will never sell your personal or health data to third parties for marketing purposes.

5. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Secure, access-controlled cloud infrastructure
  • Regular security audits and penetration testing
  • Staff training on data protection and confidentiality
  • Strict access controls based on role requirements

6. Data Retention

We retain your data for the following periods:

  • Medical Records: Minimum 10 years from last treatment (as required by GPhC guidelines)
  • Prescription Records: Minimum 6 years
  • Account Information: Duration of account plus 2 years
  • Marketing Consent Records: Until consent is withdrawn

7. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing activities
  • Withdraw Consent: Where processing is based on consent

To exercise any of these rights, please contact us at privacy@nuorahealth.com.

8. Cookies

Our website uses cookies and similar technologies. We use:

  • Essential Cookies: Required for the website to function
  • Analytics Cookies: Help us understand how visitors use our site
  • Marketing Cookies: Used with your consent to deliver relevant advertisements

You can manage your cookie preferences through your browser settings or our cookie consent banner.

9. International Transfers

Your data is primarily processed within the United Kingdom. Where we use service providers outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our website. The "Last updated" date at the top indicates when this policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer
NUORA Health Limited
Email: privacy@nuorahealth.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.