This Privacy Policy (“Policy”) is provided for the users of the Website and clients of Habitual. Its purpose is to explain the privacy choices you have when using the Website and informs you about your rights under Data Protection Legislation.

We understand how important it is to keep your personal data safe and secure and we take this very seriously. We have taken steps to make sure your personal data is looked after in the best possible way and we review this regularly.

Please read this Policy carefully, as it contains important information about who we are, your rights and how we use the personal data we collect, store and process on your behalf.

Who we are

We are Habitual (the trading name for Habitual Healthcare Limited), a company registered in England and Wales with its registered office situated at 25 Eccleston Place, London, England, SW1W 9NF, with company number 15535376. 

We are registered with the Information Commissioner’s Office under reference number ZB676724.

Terms used in this Policy

"App" means the Habitual health tracking and information mobile application.

Cookies” means any small text file placed on your computer by the Website when you visit certain parts of the Website and/or when you use certain features of the Website.

Data Protection Legislation” means (i) the UK GDPR; (ii) the Data Protection Act 2018, to the extent that it relates to processing of personal data and privacy; (iii) all applicable law about the processing of personal data and privacy.

Habitual”, “our”, “us” and “we” means Habitual Health Ltd.

personal data” means personal information about an individual that can be used to identify a person.

Programme” means our weight loss and habit-change programme (which includes total diet replacement food products), expert articles, the App, and virtual social networks with other programme users.

user”, “you” and “your” means users of the Website and clients of Habitual. 

Website” means and all associated subdomains, including the App.

UK GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679) as incorporated into UK legislation by way of the European Union (Withdrawal Agreement) Act 2020 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019.

Data Protection

If you wish to contact us about this Policy, please email and mark for the attention of Pip Young.

Personal data we collect about you

When you visit the Website, make a request for us to contact you, request further information about our services and products, register to the Programme, or you contact us for any other reason, we will obtain personal data about you, such as:

  • your full name;
  • your date of birth;
  • your lifestyle or health data (including, but not limited to; height, weight, medical and medication history, blood test readings, sleep and eating habits, sleep quality, mood, and GP contact details);
  • your telephone number (mobile and/or landline);
  • your postal and/or email address;
  • billing details for invoicing purposes;
  • details of your visits to the Website and the resources that you access (including, but not limited to, traffic data, location data, weblogs, other communication data, and the resources that you access).

How we collect your personal data

We collect personal data from you automatically, as well as when you give us your data.

We will usually collect personal data from you when you:

  • contact us through the Website, by telephone, post, e-mail or through any other means; 
  • make a request for us to contact you;
  • elect to receive marketing communications from us;
  • complete any form on the Website; 
  • register to the Programme; and/or,
  • contact us for any other reason.

We automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.

We will collect your personal data automatically via Cookies, in line with the cookie settings on your browser. For more information about Cookies, and how we use them on the Website, please see the section below, headed ‘Cookies’.

We automatically collect information about your interactions with our email marketing communications and product-related emails, such as whether or not you open the email. 

Legal basis for using your personal data

The law says we need a legal basis to collect your personal data. We may collect your personal data when:

  • you have given your consent;
  • we have a contract with you which permits us to use your personal data;
  • we have a legal obligation to do so;
  • we have a legitimate interest to do so (where we have a business or commercial reason) and this is not overridden by your fundamental rights and freedoms.

How we use your personal data

Your personal data may be used by us from time to time in order to provide you with the best possible service and experience when using our Website and/or where you wish to register or are a registered user of the Programme. We use your personal data:

  • to evaluate your suitability for the Programme;
  • to provide you with more information about the Programme, as well as to improve your experience on the Programme;
  • where you are a registered user of the Programme, to: some text
    • identify you and keep our internal record of you updated;
    • track information on a daily basis, including weight, sleep, mood, and eating, exercise, and mental habits, for the purpose of calculating your daily ‘health score’ as well as monitoring your progress;
    • provide you with advice and tips, as we feel are relevant to you; 
    • provide you with daily journaling for the purpose of allowing you to reflect on your progress;
    • carry out administrative functions, including for billing purposes;
    • notify you of any changes to the Website or to our services that may affect you; and,
    • improve our products and services;
  • to send you marketing materials relevant to the services that we provide that may be of interest to you;
  • to contact you for market research and/or marketing purposes, for which your information may be used to customise or improve the Website;
  • to detect and prevent fraud; and/or,
  • to respond to any complaint.

We may also share your personal data with a third party called Persona Identities Inc. in order to verify your identity when purchasing medication from us. Any personal data shared by us shall be for the purposes of providing services to you and we have the appropriate documentation in place in order to share your personal data and for it to be processed in accordance with applicable laws. Persona Identities Inc. is certified under the Data Privacy Framework Program. The Data Privacy Framework list can be accessed via the following link: 

All product-related data, including daily tracking information and health history, will be made anonymous for any internal reviews and for analytics. 

Processing your personal data

For the purposes of Data Protection Legislation, we are the ‘data controller’. This means we control and are responsible for the processing of your personal data.

As well as being the controller of your personal data, sometimes we process the personal data we collect about you meaning we become the “data processor”. We are the processor of your personal data when we use it for the purposes that you have instructed us to, for example, to receive support and advice from us under the Programme. We will always ensure your information is processed fairly and lawfully in accordance with our legal obligations.

Marketing and opting out

At any time, you have the right to ask us to stop processing your personal data for marketing and/or market research purposes.

If you wish to exercise this right, please put your request in writing via email which should be sent to the email address stated under the section above, headed ‘Data Protection’. Please state ‘Unsubscribe’ as the subject and provide us with enough information so we can identify you (e.g. your registration details or any username).

Disclosure of your personal data

Other than that which is permitted under our contract with you and/or your consent, we will never pass on your personal data to anyone else who does not need it, or has no right to it, unless you give us clear consent to do so.

However, there may be occasions where we may need to pass on your personal data in order to comply with any regulatory or legal obligations.

Retention of your personal data

We may retain your personal data where necessary for a maximum of 7 years or until such time you are no longer a user. 

Your personal data may be retained to:

  • reply to any complaints or queries;
  • maintain records according to rules that apply to us; and/or,
  • meet our regulatory obligations to act in your interests.

Please be assured that during the period we retain your personal data, we will take the appropriate measures to keep your personal data safe and secure and will only use it for one of the purposes listed here.

When it is no longer necessary to retain your personal data, we will delete it from our system.

Keeping your personal data secure

The security of your personal data is very important to us so we will use technical and organisational measures to safeguard it.

We take measures to ensure:

  • access to our network is strictly restricted to permitted users;
  • access to your account is controlled by a unique password and username; and,
  • your personal data is stored on secure servers.

Please note that while we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.

We also ensure that everyone handling your personal data within Habitual is subject to a duty of confidentiality and understands the importance of safeguarding your information.

We have procedures in place to deal with any suspected security breach and we will notify you and any applicable regulator of any such breach where we are required by law to do so.

Your data protection rights

You have the right to:

  • be informed if your personal data is being used;
  • request access to the personal data that we have collected about you. We are obliged to provide this to you free of charge within one month of receipt of your request (unless your request is complex, or you have made numerous requests, in which case it may take us longer). If your request is unfounded, excessive, or repetitive we may charge a reasonable administrative fee;
  • request the correction of any personal data held about you that is inaccurate or incomplete. We encourage you to inform us of any changes to your personal data as soon as possible so that we can ensure that your personal data held by us is accurate and up to date;
  • request the deletion or removal of your personal data where your personal data is no longer necessary for the purpose for which it was collected/processed, where there is no appropriate reason for us to continue processing it or where we have processed your information unlawfully. However, your request for deletion/removal may not always be met for legal reasons. You will be informed of these reasons when you make your request;
  • object to the processing of your personal data for a particular purpose or purposes. If we agree with your objection, we will stop using your personal data. If we feel there are strong and legitimate reasons to continue using your data despite your objections, we will continue to do so, and we will inform you of the reasons. You have a right to object to us using your personal data for direct marketing. This means we must stop using your personal data if you object;
  • restrict the processing of your personal data, for example, when you challenge the accuracy of the data, we hold on you and we are verifying that data;
  • request portability of your personal data. This means you have a right to receive the personal data you provided to us in a way that is accessible and machine-readable. You also have the right to ask us to transfer your data to another organisation if this is technically feasible;
  • not to be subject to automated individual decision-making and profiling (known as automated processing), if the decision affects your legal rights or has an important effect on you in some other way; and,
  • withdraw your consent at any time where we process your personal data on the basis of your consent. Please note, that if you withdraw your consent we may not be able to continue to provide you with our services. We will inform you of this at the time you withdraw your consent.

For further information on your rights please go to:

Third-Party Websites

We do not take any responsibility for any third-party websites which you may access through links from the Website. Please ensure you read the privacy policy of every website you visit.


The Website may place and access certain Cookies on your computer. We use Cookies to improve your experience of using the Website. We have carefully chosen these Cookies and have taken steps to ensure that your privacy is protected and respected at all times.

All Cookies used by the Website are used in accordance with the UK GDPR.

Before any Cookie is placed on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide a better experience and service to you. You have the right to deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

The Website may place the following Cookies:

  • Strictly necessary Cookies - these are Cookies that are required for the operation of the Website. They include, for example, Cookies that enable you to log into secure areas of the Website, use a shopping cart or make use of e-billing services;
  • Analytical/performance Cookies – these Cookies allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.

You can find a list of Cookies that we use in the Cookies Schedule at the end of this Policy.

You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser.

You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.

It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

For more general information on Cookies, including how to disable and/or delete them, please refer to


If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal data, then please email our contact named in the section above, headed ‘Data Protection’, who will try to resolve any query or concern you may have.

You also have a right to raise any concern or complaint with the Information Commissioner’s Office:

Regular Review of our Privacy Notice

We may update this Policy from time to time. Please check this Policy each time you access the Website to ensure you are aware of the most recent version that will apply to you.

This Policy was last updated in April 2024.

Cookies schedule 

Below is a list of the Cookies that we use. We have tried to ensure this is complete and up to date, but if you think that we have missed a Cookie or there is any discrepancy, please let us know.






This Cookie is installed by Google Analytics. The Cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The Cookies store information anonymously and assign a randomly generated number to identify unique visitors.

2 years



This Cookie is installed by Google Analytics. The Cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

1 day



Google uses this Cookie to distinguish users.

1 minute



Mixpanel sets this cookie to determine how users use the website so that a good user experience can be provided.

1 year



Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.

8 Months



Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.

7 Days


Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.

1 Year



Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.

1 Year