null

Privacy notice

Last updated: 17 February 2026

Last reviewed: February 2026
Next scheduled review: February 2027

This Privacy Notice explains how MSAGYA Ltd (trading as Withaid) collects, uses, shares and protects your personal data when you use our website and services.

We only use personal data where necessary to provide our services, meet legal obligations, protect customer safety, and improve your experience with our website and services.

We process personal data in accordance with the UK GDPR, the Data Protection Act 2018, and, where relevant, the Privacy and Electronic Communications Regulations (PECR).

For independent verification of our regulated pharmacy details, please see: Pharmacy Registration and Responsible Pharmacist.

If you need this notice in another format or need help understanding it, please contact us.

Quick answers

  • Do we sell your data? No.
  • Do we store full card details? No.
  • Why do we ask for health information? Only where relevant to pharmacy or healthcare-related services.
  • Can you request your data? Yes.
  • How can you contact us? By email, phone, or our contact page.

For most customers: we collect what we need to process orders and support you, we only use health information when relevant, we do not sell your data, and you can contact us or exercise your rights at any time.

Privacy contact

Questions about privacy or your personal data?

Email: contact@withaid.com
Telephone: 0330 0430 537
Contact page: Contact Withaid

You can contact us if you want to ask a question, exercise your rights, update preferences, or raise a concern about how your data is used.

What we do not do

  • We do not sell your personal data.
  • We do not store full payment card details.
  • We do not ask for health information unless it is relevant to the service being provided.
  • We do not share your personal data unless there is a valid business, legal, regulatory, or service-related reason to do so.

Need to do something?

Jump to a section

1) Who we are (Data Controller)

MSAGYA Ltd (trading as Withaid) is the data controller responsible for your personal data.

Registered address:
54 Drake Street, Basement
Rochdale
OL16 1NZ
United Kingdom

Company number: 09295459
ICO registration number: ZA212462

Email: contact@withaid.com
Telephone: 0330 0430 537
Contact page: Contact Withaid

2) Privacy at a glance

If you only read one section, read this one. Here is a quick summary of the most important points:

  • What we collect: your contact details, order details, account information, technical usage data, and, where relevant, health-related information you choose to provide.
  • Why we use it: to process orders, provide support, keep our website secure, meet legal obligations, and improve our services.
  • Who we share it with: trusted providers such as payment processors, delivery partners, website service providers, and support tools, only where necessary.
  • How long we keep it: only for as long as needed for the reasons explained in this notice, including legal, accounting, and regulatory requirements.
  • Your choices: you can ask to access, correct, delete, restrict, or object to certain uses of your data, depending on the circumstances.
  • How to contact us: use the email, phone number, or contact page listed above.

3) What data we collect

Depending on how you use our website and services, we may collect the following types of personal data:

  • Identity and contact data: name, billing address, delivery address, email address, and phone number.
  • Order and account data: products purchased, delivery information, order history, account details, and support messages.
  • Payment data: we do not store full card details. Payments are processed by our payment service providers.
  • Technical and usage data: IP address, browser and device information, cookie identifiers, pages viewed, and website interactions.
  • Health-related data: if you provide information that may reveal health conditions, medicines, symptoms, or treatment details.

4) How we use your data

We use personal data to run our website and services safely and effectively.

In summary: we use your data to provide the service you ask for, support you, protect the website, comply with legal obligations, and improve the experience we offer.

  • Creating and managing your account, if you choose to register.
  • Processing orders, taking payment, arranging delivery, and managing returns or refunds.
  • Providing customer support and responding to enquiries.
  • Sending service communications, such as order confirmations, delivery updates, and account or security messages.
  • Keeping our website secure, preventing fraud, and protecting our customers and business.
  • Complying with legal and regulatory obligations.
  • Improving our website, products, and services, including analytics where enabled.
  • Sending marketing communications where permitted and in line with your preferences.

5) Summary table

This table gives a quick overview of the main types of data we use, why we use them, the typical lawful basis, and how long we usually keep them.

Data type Why we use it Typical lawful basis Typical retention
Identity and contact data To manage accounts, communicate with you, and fulfil orders Contract / legitimate interests / legal obligation Varies by purpose; order-related records may be kept up to 6 years
Order and account data To process purchases, deliveries, returns, support, and record keeping Contract / legal obligation Typically up to 6 years for order and accounting records
Payment data To process payments securely through payment providers Contract / legitimate interests We do not store full card details
Technical and usage data To secure the website, improve performance, and understand usage Legitimate interests / consent where required In line with cookie settings and provider retention periods
Health-related data To support pharmacy or healthcare-related services where relevant Explicit consent where required and/or healthcare-related legal conditions Only as long as necessary for the service and any legal or regulatory obligations
Customer support records To answer questions, resolve issues, and maintain service records Contract / legitimate interests Typically up to 24 months after resolution unless longer retention is required

Back to top

6) Our lawful bases for processing (UK GDPR)

We process personal data under one or more of the following lawful bases:

  • Contract: where processing is necessary to provide products or services you request, such as fulfilling an order.
  • Legal obligation: where we must process data to comply with the law, including tax, accounting, and regulatory requirements.
  • Legitimate interests: where processing is necessary for website security, fraud prevention, service improvement, and business administration, provided your rights do not override those interests.
  • Consent: where required, such as for certain cookies and some marketing. You can withdraw consent at any time.

7) Special category data (health information)

Health-related information can be treated as special category data under UK GDPR.

This means: the law gives this type of information extra protection, and we only process it where necessary and where the law allows us to do so.

  • with your explicit consent, where required;
  • where necessary for healthcare or pharmacy purposes with appropriate safeguards; and/or
  • to establish, exercise, or defend legal claims, where applicable.

Please avoid sharing unnecessary medical information by email. If we need more information, we will explain why we need it and how it will be used.

8) Why we ask for health information

We only ask for health-related information where it is necessary for pharmacy or healthcare-related purposes, to help make sure products and services are appropriate, supplied responsibly, and used safely.

We do not ask for health information unless there is a valid reason for doing so, and we aim to keep this limited to what is relevant for the service being provided.

9) How we protect health-related information

We recognise that health-related information is especially sensitive.

For example: we limit access, apply appropriate safeguards, and only use this information where it is relevant to the service or required by law or regulation.

  • Limited access: access to health-related information is restricted to authorised team members and service providers who need it for legitimate healthcare, pharmacy, support, legal, or operational reasons.
  • Appropriate safeguards: we use technical and organisational measures designed to help protect sensitive information against unauthorised access, loss, misuse, or disclosure.
  • Need-to-know basis: we only ask for or use health-related information where relevant to the services we provide or where required by law or regulation.
  • Email caution: because email may not always be the most secure way to share sensitive medical details, please do not send more health information than is necessary.

10) Who may see your information

Only people or organisations who need access for a valid reason may see your information.

  • Authorised team members: where access is needed to provide support, manage orders, maintain records, or deliver pharmacy or healthcare-related services.
  • Payment providers: where needed to process payments securely.
  • Delivery partners: where needed to deliver your order and provide tracking or delivery updates.
  • Support and technology providers: where needed to operate the website, communications, analytics, and customer support systems.
  • Regulators, authorities, or legal advisers: where disclosure is required by law, regulation, court order, or to protect rights, customers, and business operations.

11) Who we share your data with

We share personal data only where necessary and only with trusted providers who help us operate our website and services.

In summary: these providers may process data on our instructions or, in some cases, act as independent controllers for their own services.

  • Ecommerce platform: BigCommerce, for storefront and order management.
  • Payment providers: payment processors used at checkout. We do not store full card details.
  • Delivery and logistics: Royal Mail and other couriers, to deliver orders and provide tracking where applicable.
  • Customer communications: email, telephony, and support tools, so we can respond to you and send service messages.
  • Analytics and performance: tools that help us understand website usage and improve performance, subject to cookie settings where applicable.

We may also disclose information if required by law, regulation, court order, or where necessary to protect our rights, customers, and business.

12) International transfers

Some of our service providers may process personal data outside the UK.

This means: where this happens, we put appropriate safeguards in place, such as UK adequacy regulations, approved contractual protections, and suitable security measures.

13) Data retention

We keep personal data only for as long as necessary for the purposes described in this notice, including legal, accounting, and regulatory requirements.

Type of data Typical retention period
Order and accounting records Up to 6 years
Customer support records Up to 24 months after resolution, unless a longer period is needed for legal or regulatory reasons
Cookies and analytics identifiers In line with cookie settings and provider retention periods

We may keep data for longer where needed to comply with legal obligations, resolve disputes, enforce agreements, or protect our legal rights.

Back to top

14) Your rights

Under UK GDPR, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to processing, including direct marketing;
  • request data portability in certain circumstances; and
  • withdraw consent where processing is based on consent.

To exercise your rights, contact us at contact@withaid.com or use our Contact page. We may need to verify your identity before responding.

What happens next? Once we receive your request, we will review it, confirm any information we need to verify your identity, and respond in line with applicable data protection law.

Response timing: we aim to acknowledge privacy requests promptly and respond within the time required by applicable data protection law.

Back to top

15) How to submit a privacy request

If you would like to make a privacy request, you can follow these steps:

  1. Email contact@withaid.com or use our Contact page.
  2. Tell us what you would like to request, for example access, correction, deletion, restriction, objection, or withdrawal of consent.
  3. Please include enough information for us to identify your account or enquiry.
  4. We may ask for proof of identity before completing your request. This helps us protect your information from unauthorised access.
  5. We will respond within the time required by applicable data protection law.

16) Marketing & preferences

We may send marketing communications where permitted by law and in line with your preferences.

In summary: you can opt out at any time by using the unsubscribe link in our emails or by contacting us.

Service messages, such as order confirmations and delivery updates, are not marketing and will still be sent where necessary.

17) Cookies

We use cookies and similar technologies to make our website work, improve performance, and, where enabled, understand how people use our site.

Types of cookies we may use:

  • Essential cookies: required for core website functions such as security, account access, and checkout-related features.
  • Performance cookies: help us understand how visitors use our website so we can improve performance and usability.
  • Functionality cookies: remember choices and preferences to improve your experience.
  • Marketing cookies: may be used where permitted to support relevant communications and measure campaign effectiveness.

Your choices: you can update your cookie preferences through our cookie banner or cookie settings tool where available, and you can also control cookies through your browser settings. Disabling some cookies may affect how parts of the website work.

Back to top

18) Security

We use appropriate technical and organisational measures to help protect personal data, including access controls and secure systems.

This means: we take steps designed to reduce the risk of unauthorised access, loss, misuse, or disclosure.

However, no online service can be guaranteed to be completely secure, so please keep your account details safe and do not share your password with anyone.

19) Complaints

If you have any concerns about how we use your data, please contact us first and we will do our best to resolve them.

You also have the right to complain to the UK Information Commissioner’s Office (ICO):

ICO website: https://ico.org.uk/
Telephone: 0303 123 1113

Back to top

20) Changes to this Privacy Notice

We may update this notice from time to time. Any changes will be posted on this page with an updated Last updated date.

This Privacy Notice is governed by the laws of England and Wales.

Back to top