Privacy Policy

How ZapMeds Limited (T/A Totiva Health) collects, uses, and protects your personal data in accordance with UK GDPR.

Last updated: April 2026

Key Points

Information we collect

When you visit our website, we may automatically collect your IP address and browsing data. Where you provide information (for example, by filling in an online form to use our services), we may also collect and store your:

  • Name
  • Delivery address
  • Email address
  • Date of birth
  • Telephone number
  • Doctor details
  • Patient notes and consultation notes
  • Payment records
  • Details of medicines you have ordered

Use of your information

We use your data:

  • To provide our services (including medical consultations and prescriptions) and to comply with regulatory requirements.
  • To send you details of our goods and services, but only if you give us permission to do so.

Sharing your information

We share your data:

  • With healthcare professionals and third parties where this is necessary to deliver the services.
  • With trusted third-party providers (e.g. payment processors, couriers) who help us deliver our services.
  • Never for marketing purposes without your consent.

Patient confidentiality

Some of the information we collect is medical data. This is always treated confidentially. We will never disclose medical data unless legally required or permitted to do so. We will not use medical data for marketing without your express permission.

Privacy Policy

Introduction

ZapMeds Limited (company number 16665533), whose registered office is 17 Beresford Way, Chesterfield, UK, S41 9FG (“ZapMeds”, “we”, “us” or “our”), respects your privacy and is committed to protecting your personal data (“Your Data”).

This Privacy Policy (“Policy”) forms part of our website terms and conditions. It explains what happens to any personal information that you provide to us, or that we collect from you when you use our website and services.

We may update this Policy from time to time, so please review it regularly.

Important information about who we are

ZapMeds Limited is the controller responsible for your personal data.

We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Policy.

Contact details:

  • Full name of legal entity: ZapMeds Limited
  • Name/title of DPO: Callum Armstrong
  • Email address: callum.armstrong@zapmeds.co.uk
  • Postal address: 17 Beresford Way, Chesterfield, S41 9FG
  • Telephone number: 02035358993

If you have any queries, concerns or complaints, please contact the DPO using the details above.

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues. We would, however, appreciate the chance to resolve your concerns before you approach the ICO.

Information We Collect

We may collect the following types of personal data:

  • Identity Data – first name, last name, date of birth, gender.
  • Contact Data – address, email address, phone number.
  • Financial Data – payment records, payment card details.
  • Medical Data – medical records, doctor details, patient and consultation notes, details of medicines ordered and order history.
  • Marketing and Communications Data – your preferences in receiving marketing and your communication preferences.
  • Aggregated Data – anonymised statistical or demographic data for internal purposes (not identifying you).

How We Collect Your Data

  • Direct interactions – when you complete forms, medical questionnaires, payments, consultations, feedback, or contact us.
  • Automated technologies – when you browse our site, including IP address, device details, and cookies (see Cookie Policy).

Confidentiality

Your medical data is treated with strict confidentiality. Only qualified healthcare professionals (or those under a duty of confidentiality) may access it.

We will never disclose medical data without your consent unless legally required. It will not be used for marketing without your explicit permission.

Use of Your Information

We use your data to:

  • Provide healthcare services, consultations, and prescriptions.
  • Comply with legal and regulatory obligations.
  • Communicate with you about your order or treatment.
  • Improve and monitor our website and services.
  • Send marketing material, but only where you have given explicit consent.

Marketing

We will only send you marketing communications if you have opted in. You may withdraw consent at any time by contacting us at hello@totiva.co.uk.

We will never use your medical data for marketing unless you give specific consent.

Data Storage and Retention

We implement strong security measures to protect your data. Access is limited to those who need it for business purposes and who are under confidentiality obligations.

We will retain your data only for as long as necessary to fulfil the purposes we collected it for, and as required by law (for example, retention of medical records).

Disclosing Your Data

We may disclose Your Data to third parties, in accordance with this Policy, in the following circumstances:

  • Your Doctor – where clinically necessary to provide treatment.
  • In-house Prescribers – all prescriptions and clinical assessments are completed by prescribers employed by or contracted directly with ZapMeds. We do not use external prescriber networks.
  • Another third party, where you have provided your express consent for us to share Your Data with them.

We may also share your Personal Data with trusted service providers (“External Third Parties”) who carry out processing activities on our behalf, for example:

  • Supabase – for secure hosting, data storage, authentication, and database management.
  • Mollie payments – to process your online payments securely.
  • Trustpilot – to send you review invitations and collect feedback about your experience.
  • Email and communication providers – to send order confirmations, prescription updates, or other service messages.
  • Couriers and delivery partners – to deliver your medicines to the address you provide.

We may also share Your Data where permitted by law:

  • In the event of a joint venture, financing, sale, merger or reorganisation of the company.
  • To further fraud protection and reduce the risk of fraud (for example, to comply with anti-money laundering regulations).
  • Where required by regulators, law enforcement agencies, or to comply with legal obligations.

Other than in the specific circumstances set out above, we will never share your Medical Data without your express consent.

International Transfers

Where data is transferred outside the UK/EEA, we ensure safeguards are in place (e.g. adequacy decisions, Standard Contractual Clauses).

Your Rights

Under data protection law, you have rights including to:

  • Access your data.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal obligations).
  • Object to or restrict processing.
  • Request transfer of your data.
  • Withdraw consent at any time.

To exercise your rights, contact info@zapmeds.co.uk.

Contacting Us

If you have any questions about this Policy, please contact:

ZapMeds Limited
Email: info@zapmeds.co.uk
17 Beresford Way, Chesterfield, S41 9FG
02035358993