Menu
Sign in
Logo

Sign in

My cart

0

Privacy Policy

Effective date: 13 August 2025

Wellness Marketplace ("we", "us", "our") provides an online marketplace where patients can discover wellness products and services, schedule appointments with providers, and manage orders. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and services.

1. Information We Collect

  • Account and profile: name, email, phone number, password, and addresses you provide.
  • Orders and payments: order details, transaction IDs, payment method metadata (processed by our payment providers; we do not store full card numbers).
  • Appointments and prescriptions: appointment requests, scheduling information, prescription items, and refills as necessary to fulfill your order or coordinate care with providers.
  • Questionnaires and forms: wellness/health-related answers you voluntarily provide to match services or products. These may be health-related and are handled with extra care.
  • Communications: support requests and messaging metadata/content you exchange with us, including via WhatsApp Cloud API (e.g., your phone number, the message content you send to us, message IDs, timestamps, delivery/read status, and related technical metadata).
  • Device and usage: IP address, device/browser information, pages viewed, and cookies or similar technologies.

2. How We Use Information

  • Provide and improve our services, including processing orders, coordinating appointments, and managing prescriptions/refills where applicable.
  • Operate your account, personalise content, and provide customer support.
  • WhatsApp service messages: send transactional updates you requested/consented to (e.g., order status, appointment reminders). We do not use WhatsApp message content for advertising.
  • Communicate with you about orders, appointments, security alerts, and service updates (including via WhatsApp where you contact us or consent to receive updates).
  • Maintain safety and integrity, prevent fraud/abuse, and comply with legal obligations.
  • Analytics and product improvement, including aggregated reporting.
  • Marketing (including via WhatsApp): with your consent where required, send marketing communications you can opt out of at any time (see STOP/UNSUBSCRIBE below).

3. Legal Bases (EEA/UK users)

Where GDPR or similar laws apply, we process personal data based on one or more of: contract (to provide the services), legitimate interests (e.g. security, improvement, communications), consent (e.g., marketing, certain WhatsApp messaging, and where needed for wellness questionnaires), and legal obligations.

Special-category data (health):

  • Article 9(2)(a) explicit consent for wellness questionnaires or other health-related information you provide directly.
  • Where applicable, Article 9(2)(h) health or social care provision by or under the responsibility of a professional bound by confidentiality (e.g. prescription/refill coordination).

4. Sharing and Disclosure

  • Service providers: hosting, analytics, communications (including Meta’s WhatsApp Business Cloud API), payment processing, email/SMS, and customer support providers under contract.
  • Vendors/Practitioners: where needed to fulfill your order, schedule or provide services, or verify prescriptions/refills.
  • Compliance and protection: to comply with law, enforce terms, prevent fraud, or protect rights, safety, and property.
  • Business transfers: in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.

5. Cookies and Tracking

We use cookies and similar technologies to operate the site, keep you signed in, remember preferences, and perform analytics. You can control cookies via your browser settings; disabling some cookies may affect site functionality. Where required, we get your consent for non-essential cookies and honour your preferences.

6. Retention

We retain personal data for as long as necessary to provide the services and meet legal, tax, and accounting requirements. Order and prescription records may be retained for required statutory periods. We delete or anonymise data when it is no longer necessary.

7. Security

We use administrative, technical, and organisational measures designed to protect personal information. These include, for example, access controls, encryption in transit, verification of WhatsApp webhook signatures, and rotation of access tokens/secrets. No method of transmission or storage is 100% secure.

8. International Transfers

Your information may be processed outside your country. Where personal data is transferred outside the UK/EEA (e.g. to Meta Platforms entities or other vendors), we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs), and the EU SCCs where applicable.

9. Your Rights

Depending on your location, you may have rights to access, correct, update, or delete your personal information, request portability, or object to/limit processing. You may withdraw consent at any time (which does not affect processing that occurred before withdrawal). To exercise these rights, contact us at the email below.

10. Children

Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16.

11. Data Deletion

You can request deletion of your account and associated personal data by emailing privacy@wellnessmarketplace.com from the email address associated with your account. We will verify your request and delete or anonymise data unless we must retain certain information to comply with legal obligations or resolve disputes.

You can opt out of WhatsApp messages at any time by replying STOP (or “UNSUBSCRIBE”) in the WhatsApp thread; we will cease sending new WhatsApp messages after your opt-out.

11A. Retention for WhatsApp Conversations

Unless a longer period is required by law (e.g. pharmacy/prescription recordkeeping), we retain WhatsApp conversation content and metadata for up to 24 months to support customer service, audit, and security, after which we delete or anonymise it.

12. WhatsApp (Meta) Cloud API

How it works. If you contact us on WhatsApp or opt in to receive WhatsApp updates, we process your phone number, the message content you send to us, and delivery/read metadata so we can respond and provide support/notifications (e.g. order and appointment updates). Messages are protected using Signal-protocol encryption between the user and the business endpoint; we receive messages via Meta’s WhatsApp Business Cloud API.

Controller/processor roles. We are the controller of your personal data. For the Cloud API service, Meta acts as our processor under WhatsApp’s business data-processing terms.

Opt-in / Opt-out. We send WhatsApp messages only after you opt in to receive messages from us. You can withdraw consent or opt out at any time by replying STOP (or “UNSUBSCRIBE”) in WhatsApp. We honour requests to stop receiving a given category of WhatsApp messages.

Message types and timing. Outside the user-initiated 24-hour session window, we only send approved template messages (e.g. order updates, reminders) as allowed by WhatsApp policies.

No restricted sales on WhatsApp. We do not complete purchases of prescription drugs, medical devices, peptide-based or other restricted healthcare items on WhatsApp. WhatsApp is used for permitted notifications and support; purchases occur on our website/app under our terms.

Policies. Your use of WhatsApp is also subject to WhatsApp’s and Meta’s terms and policies for the Business Platform.

13. Changes to This Policy

We may update this policy from time to time. We will post the updated version on this page and update the effective date above. Significant changes may be communicated through the service or by email.

14. Contact Us

If you have questions or requests regarding this policy or your personal information, please email privacy@wellnessmarketplace.com.