Discount Banner

Weight loss service from £23.22/week

Get Started

Privacy Policy

How ZapMeds Limited (T/A Totiva Health) collects, uses, and protects your personal data in accordance with UK GDPR.

Effective 1 April 2026 · Version v2

Key Points

Introduction

At ZapMeds Limited (T/A Totiva Health) we are committed to safeguarding and preserving the privacy of our patients, customers and visitors. These "key points" summarise some of the most important provisions in our privacy policy. We also recommend that you read the full privacy policy below.

Information we collect

When you visit our website, we may automatically collect your IP address. An IP address is a unique number assigned to your device by your Internet Service Provider, acting like a digital return address. We may also collect your browsing data (device details, pages visited and analytics) in accordance with our Cookies Policy.

Where you provide information to us (for example, by filling in an online form to use our services), we may also collect, store and use other types of data which are considered personal data. "Personal data" is defined in the UK General Data Protection Regulation (UK GDPR) as any information relating to an identified or identifiable natural person, known as a "data subject".

Data that we may collect about you includes:

  • Identity data, including
    • full name
    • data of birth
    • sex/gender
    • racial and ethnic origin
    • any uploaded identity verification images, liveness or documents (e.g. passport, driver's licence, identity card)
  • Contact data, including
    • email address
    • phone number
    • delivery address
  • Medical and health data, including
    • consultation answers
    • medical history
    • symptoms
    • allergies
    • current medications
    • treatment suitability answers
    • BMI (height and weight)
    • GP information
    • patient and clinical notes
    • prescriptions
    • medicines ordered
  • Payment data, including
    • payment/card details
    • billing address
    • payment records
  • Marketing and communications data, including
    • messages with us which may contain personal data
    • your preferences in receiving marketing and your communication preferences

Use of your information

We may use your personal data for the following purposes:

  • to provide our services (including medical consultations and prescriptions) and to comply with legal and regulatory requirements;
  • to confirm your identity and take payment;
  • to communicate with you about your orders or consultations;
  • to send you details of our goods, services or other marketing activity, but only if you give us permission to do so; and
  • as necessary to meet the purpose for which you provided the relevant personal data.

Sharing your information

We may share your personal data as follows:

  • with healthcare professionals and third parties where we deem this necessary to deliver the services (for example, to contact your GP/doctor);
  • with trusted third party providers (for example, payment processors, delivery companies and couriers) who help us deliver our services; and
  • for marketing and promotional purposes but only with your consent to do so.

Patient confidentiality and special category data

Some of the information that we collect is medical/health data and data relating to race/ethnic origin. We collect this data to enable us to provide our services safely including consultations and prescriptions. These types of personal data are considered "special category data" under the UK GDPR. Special category data refers to personal data that requires more protection because of its sensitive nature.

Special category data is always treated confidentially. We will not disclose it unless legally required or permitted to do so. We will not use such data for marketing without your express permission. We have in place appropriate safeguards to protect special category data.

Privacy Policy

Introduction

ZapMeds Limited (company number 16665533) T/A Totiva Health, whose registered office is 17 Beresford Way, Chesterfield, UK, S41 9FG ("Totiva Health", "we", "us" or "our"), respects your privacy and is committed to protecting your personal data ("your data").

This Privacy Policy, including our Cookies Policy (together the "Policy") forms part of our website terms and conditions. It explains what happens to any personal data and information that you provide to us or that we collect from you when you use our website and services.

We may update this Policy from time to time, so please review it regularly. If you do not wish to accept this Policy please do not use our website or services.

Important Information About Who We Are

Under the UK GDPR Totiva Health is the controller responsible for your data.

We have appointed a Data Protection Officer ("DPO") who is responsible for overseeing questions in relation to this Policy.

Contact details:

  • Full name of legal entity: ZapMeds Limited (T/A Totiva Health)
  • Name/title of DPO: Callum Armstrong
  • Email address: hello@totiva.co.uk
  • Postal address: 17 Beresford Way, Chesterfield, S41 9FG
  • Telephone number: 02035358993

If you have any queries, concerns or complaints about this Policy, please contact the DPO using the details above.

You have the right to make a complaint at any time to the Information Commissioner's Office ("ICO"), the UK regulator, for data protection issues. We would, however, appreciate the chance to resolve your concerns before you approach the ICO.

Information We Collect

We may collect the following types of data:

  • Identity Data - first name, last name, date of birth, sex/gender, racial and ethnic origin, any uploaded identity verification images, liveness or documents (e.g. passport, driver's licence, identity card);
  • Contact Data - address, email address, phone number;
  • Financial Data - payment records, payment/card details, billing address;
  • Medical Data - consultation answers, medical history, symptoms, allergies, current medications, treatment suitability answers, BMI (height and weight), GP information, patient and clinical notes, prescriptions, medicines ordered;
  • Marketing and Communications Data - messages with us which may contain personal data, your preferences in receiving marketing and your communication preferences; and
  • Aggregated Data - anonymised statistical or demographic data for internal purposes (not identifying you).

How We Collect Your Data

  • Direct interactions - when you complete forms, medical questionnaires, payments, consultations, feedback, or contact us; and
  • Automated technologies - when you browse our site, including IP address, device details, browsing data, and cookies (see our Cookie Policy).

Confidentiality

Your medical/health and racial/ethnic data is treated with the strictest confidentiality. Only qualified healthcare professionals (or those under an equivalent level of confidentiality obligations) may access it.

We will not disclose medical/health or ethnic/racial data without your consent unless legally required or permitted to do so. It will not be used for marketing or promotional purposes without your express permission.

Use of Your Information

We use your data to:

  • Provide healthcare services, consultations, and prescriptions;
  • Comply with legal and regulatory obligations;
  • Communicate with you about your order or treatment;
  • Improve and monitor our website and services; and
  • Send marketing material and promote our services, but only where you have given express consent.

Marketing

We will only send you marketing communications if you have opted to receive these. You may withdraw consent at any time by contacting us at hello@totiva.co.uk.

We will not use your medical/health or racial/ethnic data for marketing or promotional purposes unless you give express consent.

Data Storage and Retention

We implement strong security measures to protect your data. Access is limited to those who need it for healthcare and business purposes and who are under confidentiality obligations.

We will retain your data only for as long as necessary to fulfil the purposes we collected it for, and as required by law (for example, retention of medical records).

Disclosing Your Data

We may disclose your data to third parties, in accordance with this Policy, in the following circumstances:

  • Your GP/doctor - where we deem this clinically necessary to provide treatment;
  • In-house prescribers and personnel - prescriptions, clinical assessments and dispensing of items are completed by prescribers and personnel employed by or contracted directly with Totiva Health;
  • External prescribers and personnel (if required) - occasionally we may require use of external prescriber networks who work with us to prescribe, clinically assess and dispense items on our behalf. External prescribers, if used, will be subject to the same level of confidentiality obligations as our in-house team; and
  • Another third party, where you have provided your express consent for us to share your data with them.

We may also share your data with other trusted service providers ("External Third Parties") who carry out processing activities, for example:

  • Cloud database and backend infrastructure providers (e.g. Supabase) - for secure hosting, data storage, authentication, and database management;
  • Payment processing providers (e.g. Stripe) - to process your online payments securely;
  • Third party review and feedback providers (e.g. Trustpilot) - to send you review invitations and collect feedback about your experience (please note, reviews are entirely optional and may be shared online via third party providers and/or on our site in order to enable prospective patients/customers to make informed decisions about their products and/or care - you are advised to read any privacy terms provided to you by these third party sites before leaving a review);
  • Email and communication providers (transactional email servers and support systems) - (e.g. Resend) - to send order confirmations, prescription updates, and/or other service messages; and
  • Couriers and delivery partners (e.g. Royal Mail) - to deliver your medicines to the name and address you provide.
  • Identity verification providers (e.g. Didit) - to verify your identity as part of our prescribing process to ensure safe and accurate clinical decision making.
  • AI Scribe providers - (e.g. Heidi Health) - may be used during consultations to enable us to keep accurate and thorough consultation notes. If you would prefer for our pharmacists to not use AI scribes, please let them know during your consultation. Please note, we will only use medical-grade AI scribes that meet MHRA standards and maintain confidentiality of your data.

We may also share your data where permitted by law:

  • in the event of a joint venture, financing, sale, merger or reorganisation of the company. If a change happens to our business, then the new owners may use your data in the same way as set out in this Policy or in accordance with a new or updated privacy policy;
  • to further fraud prevention and reduce the risk of fraud (for example, to comply with anti-money laundering regulations); and
  • where otherwise required by regulators, law enforcement agencies, or to comply with legal obligations.

Other than in the specific circumstances set out above, we will not share your data without your express consent.

International Transfers

If your data is transferred outside the UK/EEA, we will ensure safeguards are in place (e.g. adequacy decisions, Standard Contractual Clauses).

Your Rights

Under data protection laws, you have certain rights, including to:

  • Access your data.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal obligations).
  • Object to or restrict processing.
  • Request transfer of your data.
  • Withdraw consent at any time.

To exercise your rights, please contact hello@totiva.co.uk.

Contacting Us

If you have any questions about this Policy, please contact:

ZapMeds Limited (T/A Totiva Health)
Email: hello@totiva.co.uk
17 Beresford Way, Chesterfield, S41 9FG
02035358993