Changing Health Website Privacy Policy

Changing Health Website Privacy Policy

Healthier you participants, please click here for:

Terms and Conditions

Privacy Note

At Changing Health, we are committed to protecting and respecting your privacy.

This Policy (together with our Terms of Use and other documents referred to in it)  explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure. For the purposes of data protection legislation, we are the controller of this personal information.  This means that we determine the purposes and means of the processing of this personal information. Please read the following information carefully to understand how we collect and use your personal data.  

We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to Changing Health’s Data Protection Officer  – 

Contact Details

Our full details are:

Changing Health Limited (CRN: 9922269)

Nicky Northway – Contract Manager

Email address:

Postal address: The Catalyst, Newcastle Helix, 3 Science Square, Newcastle upon Tyne, NE4 5TG

You have the right to make a complaint about how we collect or use your personal data at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.  

The website and App

This website, the app and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website and the app comply with all UK national laws and requirements for user privacy.

Personal information

What Is Personal Information?

We consider the following to be personal information which we will collect about you (should you choose to submit it, during your use of our site: your name, e-mail address, date of birth, weight and certain aspects of your medical history/condition (namely that you suffer from type II diabetes).  It may also include less obvious information or information which you have not provided directly to us but which may be ascertained through other means such as the name of your doctor, your levels of physical activity or diet, weight loss, location data, an online identifier or one or more factors specific to the physical, physiological, cultural or social identity of a natural person.

In some instances, the referral may have come directly from your healthcare provider, they will share your name, DOB, email and telephone number.  They will have gained your consent to do this prior to sharing your personal data with Changing Health

All your Personal information is treated confidentially by us, kept to a minimum and only used in accordance with applicable law.

Applications and Services

Whilst using our website, software applications or services, you may be required to provide the following personal information full name, address, email address, telephone number, weight and date of birth.  We will use this information to administer our website, applications, Service User databases and to provide you with Services. We will ensure that all personal information supplied is held securely in accordance with the General Data Protection Regulation (EU) 2016/679, as adopted into law of the United Kingdom in the Data Protection Act 2018. Further, by providing telephone and email details, you consent to Changing Health Limited contacting you using that method for the purpose of providing you with our services and information. The lawful basis for most of what we do with your personal data is performance or preparation to perform a contract with you, in the form of providing you with the health counselling and advice services offered via our website and our app. Further information on the lawful grounds and special conditions for our processing of your personal data is set out in the table below.

You have the right at any time to request a copy of the personal information we hold on you. Should you wish to receive a copy of this, or would like to be removed from our database, please contact us at   For more information about your rights in relation to the personal data we hold about you please see the section below on Your Legal Rights

Information collection and use

How do we collect information?

Changing Health Limited collects information in two possible ways:

  1. When you directly give it to us (“Directly Provided Data”)

When you sign up for our site, app or services or communicate with us, you may choose to voluntarily give us certain information – for example, by filling in text boxes or completing registration forms. All this information requires a direct action by you at that time in order for us to receive it. Where you fail to give us timely and accurate information required for use of our services, we may not be able to provide you with those services in full or at all.

  1. When you give us permission to obtain from other accounts (“User Authorised Data”)

Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services. For example, this can be via social media or by choosing to send us your location data when accessing our website from your smartphone.

Other information we collect about you

Each time you visit our site we may automatically collect information including:

  • technical information, comprising the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, GPS location data, operating system and platform;
  • information about your visit, comprising the full Uniform Resource Locators (URL), clickstream to, through and from our site, products you viewed or searched for, length of visits to certain pages, page interaction information, total number of visits to our site.

None of this last category of information we collect about you is personally identifiable as the analytics platform and cookies we use to administer our site do not store personally identifiable data (please see the ‘Use of Cookies’ section above).

How do we process your data?

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data on the basis of more than one lawful ground depending on the specific purpose for which we are using your data. Please Contact us  if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

If you are referred to the Service by your GP,  Changing Health will notify your referring GP about your status within the programme (declined, ineligible, did not attend education, attended education, did not complete education, completed education) within 1 month of your referral  Changing Health will update any changes to your status with your referring GP as required. This information will be updated by your GP on your electronic health record. Changing Health will also provide your referring GP with your referral date to enable them to invite you for appropriate tests at the correct time. These tests will include measurement of blood pressure, Hba1c and your lipid profile. If you have any questions or concerns about your data please contact us to discuss  

Once all Changing Health users in your area (CCG) have completed the programme, Changing Health will prepare a report detailing programme uptake and changes in various health markers as measured in your GP surgery. This report will only provide aggregate anonymized data, individual data will not be shared so this activity will not affect your privacy or impact any of your rights under the Data Protection Act 2018.

If we are to ever use your data for another purpose we will contact you prior to this.

This may include information about activities, promotions of our associated companies goods and services or job application.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer, calculate relevant health data and provide you with content and services (a) Identity

(b) Contact

(c) Health condition (Diabetes)

(d) Weight

Performance of a contract with you we also rely on special conditions in processing your health data including for provision of health care services.
To manage our relationship with you which will include:

(a) Our health coaches contacting you regarding your goals

(b) Notifying you about changes to our terms or privacy policy

(c) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to partake in a prize draw, competition or complete a survey (a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To Inform your referring healthcare provider of your progress (a) Identity

(b) Usage

Performance of a contract with you we also rely on special conditions in processing your health data including for provision of health care services.
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

How long do we keep your data for?

Changing Health Limited will not retain your personal information longer than necessary. We will hold onto the information you provide either while your account is in existence, or as needed to be able to provide the Services to you, or (in the case of any contact you may have with our Customer Experience Manager or Coaches) for as long as is required by law or is necessary to provide support-related reporting and trend analysis only.

If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account or it is no longer needed to provide the Services to you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We review our retention periods for personal information on a regular basis and will only retain your personal data where it is appropriate and lawful to do so.

Registration forms

Changing Health Limited will not sell or rent your personally identifiable information, gathered as a result of filling out the site registration form, to anyone.

Third Parties

We may have to share your personal data with third parties at times for the purposes set out in the section “How do we process your data” above.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law, and in the unlikely event we appoint a third party processor we will enter into appropriate written contracts with such third parties prior to sharing your personal data with them. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our written instructions. We will always have in place a processing agreement with a third party which will require the third party to ensure your data is kept confidential and secure.

We do not transfer your personal data outside of the EEA. If it becomes necessary to do so, we will inform you in advance and will only make such transfers if we can ensure a similar degree of protection is afforded to your personal data outside the EEA by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. 
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Please Contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Choosing how we use your data

We understand that you trust us with your personal information and we are committed to ensuring you can manage the privacy and security of your personal information yourself.

With respect to the information relating to you that ends up in our possession, and recognising that it is your choice to provide us with your personally identifiable information, we commit to giving you the ability to do all of the following:

  • You can verify the details you have submitted to Changing Health by contacting our customer services team – Our security procedures mean that we may request proof of identity before we reveal information, including your e-mail address and possibly your address.
  • You can also contact us by the same method to change, correct, or delete your personal information controlled by Changing Health Limited regarding your profile at any time.  Please note though that, if you have shared any information with others through social media channels, that information may remain visible, even if your account is deleted.
  • You are also free to close your account through our account settings. If you do so, your account will be deactivated. However, we may retain archived copies of your information as required by law or for legitimate business purposes (including to help address fraud and spam).
  • You can always feel free to update us on your details at any point by contacting us by emailing us at
  • You can unsubscribe from receiving marketing emails from us by clicking the “unsubscribe” link at the bottom of any email. Once you do this, you will no longer receive any marketing emails from us.
  • You can request a readable copy of the personal data we hold on you at any time – and we are required by law to fulfil most subject access requests free of charge. To do this, please contact us 

Please note, we are constantly reviewing how we process and protect data. Therefore, changes to our policy may occur at any time. We will ensure that any changes to this privacy policy will be publicised on our website and other appropriate channels as soon as possible.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Legal Rights

You have rights under data protection laws in relation to your personal data including but not limited to:

  • Right to access to your personal data.
  • Right to correct your personal data.
  • Request erasure of your personal data.
  • Right to object to processing of your personal data.
  • Right to request the restriction of processing your personal data.
  • Right to request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us via the details at the top of this policy. As mentioned above, you have the right to complain to the information commissioner’s office at any time but we would appreciate the opportunity to answer any concerns you have regarding your privacy and our use of your personal data.

Any questions regarding this Policy and our privacy practices should be sent by email to our Customer Support Team –

Contact Details

Our full details are:

Changing Health Limited (CRN: 9922269)

Nicky Northway – Contract Manager

Email address:

Postal address: The Catalyst, Newcastle Helix, 3 Science Square, Newcastle upon Tyne, NE4 5TG


Use of cookies

Our website uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies. If you chose to block cookies in your web browser settings it may impact the usability of our site to you.

What are cookies?

Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.

What do we use cookies for?

-We may use cookies to remember personal settings you have chosen at our website. In no other context do we use cookies to collect information that identifies you personally. Most of the cookies we set are automatically deleted from your computer when you leave our website or shortly afterwards.-We use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website and make the most of the features. If you log into the website, application or a course as a registered user, your session cookie will also contain your user ID so that we can check which services you are allowed to access.-This website uses tracking software to monitor its visitors to better understand how they use the site. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.

Should users wish to deny the use and saving of cookies from this website onto their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors. Please note by blocking some cookies, you may experience a degraded service and we may not be able to provide full functionality of our applications.