Effective as of: 15/07/2025

Privacy Statement

Introduction

Anassa Ltd (trading as Deia Health) isa company registered in England and Wales (company number 07177458) witha registered address of 133 Chase Side, London, England, N14 5HD (‘we’,‘our’, ‘us’ in this privacy statement).

Anassa Ltd is responsible forcollecting, processing, storing and safe-keeping personal and other informationas part of providing a service and carrying out our regular businessactivities. We manage personal information in accordance with data protectionlegislation including the Data Protection Act 2018 [and we are registered as a Data Controller withthe InformationCommissioner’s Office Registration Number ZB023805.

Any questions regarding our processingof personal data should be directed to us via hello@deiahealth.com.

Data processing principles

We take protecting online privacy anddata security seriously. Please read the whole of this statement carefully asit sets out our approach to processing personal data including what informationwe may collect from you, how we may use it, store it and protect it, and yourrights as a data subject.

Our Privacy Statement outlines ourapproach to any kind of data processing where we are acting as a datacontroller or co-controller (including collection, use, transfer, storage anddeletion) of personally identifiable information (any information that may beused to identify a physical person, and any other information associatedtherewith) about natural persons. This statement applies to our processing ofdata collected through any means, actively as well as passively, from personslocated anywhere in the world.

We are guided by the followingprinciples when processing data:

1.       We willonly collect data for specific and specified purposes;

2.       We willnot collect data beyond what is necessary to accomplish those purposes; we willminimise the amount of information we collect from you to what we need todeliver the services required;

3.       We willcollect and use your personal information only if we have sensible businessreasons for doing so, such as making available to you our services andproducts;

4.       We willnot use your data for purposes other than those for which it was collected,accepted as stated within our policy, or with your prior consent;

5.       We willseek to verify and/or update your data periodically and we will accept requestsfrom you for amendment of the data held;

6.       We willapply high technical standards to make our processing of data secure;

7.       Exceptotherwise stated, we will not store data in identifiable form longer than isnecessary to accomplish its purpose or as required by law.

What information we collect

In accordance with Data ProtectionLegislation we only collect and process information which we require to meetthe specific purposes as stated above. The information we may collect about youcould include, but is not limited to:

1.      Contactdetails;

2.      Personaldetails and identifiers;

3.      Bankdetails and financial information;

4.      Detailsabout your health, lifestyle and social circumstances;

5.      Personalhealth and wellbeing goals and targets;

6.       Details about how you use our website includingtechnical data such as IP address.

Occasionally we may ask for specialcategory data if necessary for delivery of a particular service or product,such as medical information. Any such special category data will only becollected with your express consent and will be handled in line with ICO bestpractice guidelines for special category data. As per our Data ProcessingPrinciples we will only ask for information that is necessary to deliver ourservices, and therefore we encourage you not to provide us with personal dataor special category data which we do not ask for.

How we collect, use and share personaldata

Most personal information is provideddirectly and voluntarily by you when you engage with us in order to enquireabout, or purchase, our services or products. We will collect information from youwhen:

1.      Yousign up to our newsletter or mailing list;

2.      Youdownload an opt-in;

3.      You booka medical consult, event or membership programme we are running;

4.      Youcontact us for information via our website or social media channels, by phoneor email;

5.      Youpost on our social media channels, website or blog;

6.       You work with us in a commercial capacity.

We may also collect personalinformation about you from third party sources, such as when you choose toconnect your social media accounts with our Site or log in through a socialmedia platform such as Facebook or Instagram. However, we will only use thisinformation where these third parties either have your consent or are otherwiselegally permitted or required to share your personal information with us.

We collect this information in orderto make available to you our services or products and to communicate with youin relation to our services or products. We may use the information collectedto:

1.      Allow usto process a booking for a product or service which you purchase from us;

2.      Createa profile for you on our client database;

3.      Sendyou our newsletters and/or provide you with information, products or servicesthat you request from us or which we feel may interest you, where you haveconsented to be contacted for such purposes;

4.      Respondto enquiries you make about our services or products;

5.      Ask youto take part in surveys or quiz events;

6.      Ensurethat content from our site is presented to you in the most effective manner foryou and your computer or device;

7.      Allow youto access and utilise the service or product you have purchased from us;

8.      Notify youabout changes to our services or products;

9.       Provide personalised content and advertising thatis targeted to your interests;

10.   Get feedback from you regarding the quality of ourservices or products.

Wewill not sell or lend your personal data to third parties, or share yourpersonal data for marketing purposes without your express consent. We willonly share your personal data with third party service providers where it isnecessary for the delivery of our products or services, and only where we areconfident that and such third party service providers have appropriate dataprotection systems and measures in place that are compliant with UK DataProtection Legislation.

Wewill not give consent to third party service providers or platforms to use yourinformation, including audio and video recordings, for purposes other thanthose for which the information was collected and which are necessary for thedelivery of our products and services. We will not give consent for yourinformation to be used by third party service providers for the training anddevelopment of AI modelling software, or similar purposes.

How we store and transfer yourinformation

We have in place appropriate technicaland organisational measures to ensure the security, confidentiality, integrityand availability of personal data we control. Your information is securelystored on our company cloudstorage database which is not publicly accessible or stored in anypublic domain – it is accessible to our employees only, and is passwordprotected. Yourinformation may also be stored on our third party email marketing platform,e.g. Active Campaign, Flodesk, our third party payment platform, e.g. Stripe,and other authorised third party consultants who support our business.  Our third-party providers have their ownprivacy policies which you can view on their websites. 

We may store or process your data oncloud based platforms or service providers whose servers are based outside ofthe UK/EEA which may constitute a transfer of data under GDPR. We will only usesuch third party service providers where we are confident that appropriatesafeguards are in place to ensure that any personal data transferred outside ofthe UK/EEA is subject to an equivalent level of security and protection asrequired under UK Data Protection Legislation, such as the UK Extension to theEU-U.S. Data Privacy Framework. To learn more about the EU-U.S. Data PrivacyFramework, visit the U.S Department of Commerce’s website at: Home (dataprivacyframework.gov)

We also have in place appropriateprocedures to handle any potential Personal Data Breaches, in accordance withData Protection Legislation. Any such breaches will be reported to the relevantsupervisory authority and notified to the affected data subjects where we arelegally required to do so.

We willonly keep your personal data for as long as is necessary to meet therequirements for which it was collected. This will vary depending on the natureof the requirements and the processing, but apart from in exceptionalcircumstances where longer retention is necessary we will only retain yourpersonal data for 10 years. After this period of timewe will delete your personal data unless there is a legitimate business reasonto retain all or parts of the data we hold.

Legal basis for processing your data

TheGeneral Data Protection Regulation (GDPR) provides that processing of your datashall only be lawful if and to the extent that at least one of the followingapplies:

1.      You have consented;

2.      For the performance of a contract;

3.      For compliance with a legal obligation which wemust perform;

4.      To protect the vital interests of your oranother person;

5.      It is in the public interest;

6.      It is in the legitimate interests pursued by usor a third party.

We collectdata for the purposes set out above. All personal data is managed to ensurethat it is either erased from our system when it is no longer required for thepurpose for which it was collected, retained for legal reasons or minimised andretained.

Any specialcategory data collected from you has special protection and is limited to thatpermissible by law. In all instances where special category data is collectedwe will obtain your express consent.

Your legal rights as a data subject

You have a number of legal rights inrelation to the personal data that we hold about you and you can exercise yourrights by contacting us using the details at the end of this statement. Theserights include:

1. the     right to obtain information regarding the processing of your personal data     and access to the personal data which we hold about you. If you wish to     access your personal data please email us at the address provided in this     statement;
2. the     right to withdraw your consent to our processing of your personal data at     any time. Please note, however, that we may still be entitled to process     your personal data if we have another legitimate reason (other than     consent) to do so;
3. in     some circumstances, the right to receive some personal data in a     structured, commonly used and machine-readable format and/or request that     we transmit those data to a third party where this is technically     feasible. Please note that this right only applies to personal data that     you have provided to us;
4. the     right to request that we correct your personal data if it is inaccurate or     incomplete;
5. the     right to request that we erase your personal data in certain     circumstances. Please note that there may be circumstances where you ask     us to erase your personal data but we must retain it;
6. the     right to request that we restrict our processing of your personal data in     certain circumstances. Again, there may be circumstances where you ask us     to restrict our processing of your personal data but we must refuse that     request;
7. the     right to lodge a complaint with the applicable data protection regulator,     in the UK this is the Information Commissioner’s Office (ICO).
8. when     we are processing on the grounds of legitimate interest, you have the     right to object to the processing and we must stop unless we have an     overriding reason which will be communicated to you.

Links from our website

Our Site contains links to and fromother websites which are operated by individuals and companies over which wehave no direct control. If you follow a link to any of these websites, pleasenote that these websites have their own privacy and terms of use polices. We donot accept any responsibility or liability for these policies. We advise you tocheck the policies for third party sites before you submit any personal data tothe website.

Marketing emails

We may send you marketing emails andcommunications when you have opted in or otherwise given consent for us to doso. We will make it as easy as we can for you to opt out of unwantedprocessing, providing it does not restrict our ability to provide you with theprimary service you have requested.

Please note if youwish to unsubscribe from any marketing emails that you have signed up for, youcan do so by emailing hello@deiahealth.comor clicking onto the unsubscribe link on the marketing email that was sent toyou. Itmay take 24 hours for this to become effective.

Cookies and websiteanalytics

We use website analytics to provide thebest user experience and service to you and to evaluate and improve our site. Weutilise third party data analytics service providers to improve our visibilityand to monitor website browser behaviour and navigation across our site.

These third-party data analytics service providerscollect this information using cookies on our behalf in accordance with ourinstructions and in line with their own privacy policies. Our service providersmay collect the following data about the way you use our Site, which willalmost always be anonymised and aggregated before reporting back to us:

1. Number of visitors to our Site;
2. Pages visited whilst using the Site and time spent per page;
3. Page interaction information, such as scrolling, clicks and     browsing methods;
4. Source location and details about where users go when they leave     the Site;
5. Page response times and any download errors;
6. Technical information relating to end user devices, such as IP     address or browser plug-in.

From time to time we may use the information collectedabout you to present you with targeted advertisements using platforms such as Facebook,X (formerly known as Twitter), Google and/or Instagram.

If you wish to limit or reject cookies associatedwith our website you can do this in your browser settings. Please be aware thatby choosing to limit or reject cookies from our website may you may not be ableto use or benefit from certain features, particularly the features designed topersonalise your experience.

Changes to our policy& future processing

This Privacy Statementwas last updated on 15/07/2025 and is reviewed every 6 months, or upon changesto relevant Data Protection Legislation being published, whichever is sooner.

We do not intend toprocess your personal information except for the reasons stated within this PrivacyStatement. We reserve the right to update this Privacy Statement from time totime. Where appropriate, we shall contact you to notify you of any materialchanges to the Privacy Statement. You should also refer to our websiteperiodically so that you may access and view our updated Privacy Statement.This will ensure that you understand how we are using your personal data andyour legal rights around our usage of such personal data.

If you have anyquestions or concerns regarding our data protection or privacy policies, pleasecontact us at hello@deiahealth.com andwe will be happy to respond to any concerns.

Should you still haveconcerns about the way in which we manage your personal data then you shouldcontact the relevant supervisory authority, which in the UK is the InformationCommissioner’s Office: Contact us | ICO

‍