UK based and regulated pharmacy

Fast, free delivery on order over £20

Sent Royal Mail in discreet packaging

Health Condition

Privacy Notice

Last updated: 17 February 2026

This Privacy Notice explains how MSAGYA Ltd (trading as Withaid) collects, uses, shares and protects your personal data when you use our website and services.

We process personal data in accordance with the UK GDPR, the Data Protection Act 2018, and (where relevant) the Privacy and Electronic Communications Regulations (PECR).

For independent verification of our regulated pharmacy details, please see: Pharmacy Registration and Responsible Pharmacist.

1) Who we are (Data Controller)

MSAGYA Ltd (trading as Withaid) is the data controller responsible for your personal data.

Registered address:
54 Drake Street, Basement
Rochdale
OL16 1NZ
United Kingdom

Company number: 09295459
ICO registration number: ZA212462

Email: contact@withaid.com
Telephone: 0330 0430 537
Contact page: Contact Withaid

2) What data we collect

  • Identity & contact data: name, billing/delivery address, email address, phone number.
  • Order & account data: products purchased, delivery information, order history, account details, support messages.
  • Payment data: we do not store full card details. Payments are processed by our payment service providers.
  • Technical & usage data: IP address, browser/device information, cookie identifiers, pages viewed, interactions.
  • Health-related data (special category): if you provide information that may reveal health conditions, medicines, symptoms, or treatment details.

3) How we use your data (purposes)

  • To create and manage your account (if you choose to register).
  • To process orders, take payment, deliver products, and manage returns/refunds.
  • To provide customer support and respond to enquiries.
  • To send service communications (e.g., order confirmations, delivery updates, account/security messages).
  • To keep our website secure, prevent fraud, and protect our customers and business.
  • To comply with legal and regulatory obligations.
  • To improve our website, products, and services (including analytics where enabled).
  • To send marketing communications where permitted and in line with your preferences.

4) Our lawful bases for processing (UK GDPR)

We process personal data under one or more of the following lawful bases:

  • Contract: where processing is necessary to provide products/services you request (e.g., fulfilling orders).
  • Legal obligation: where we must process data to comply with law (e.g., tax/accounting, regulatory requirements).
  • Legitimate interests: for website security, fraud prevention, service improvement, and business administration (balanced against your rights).
  • Consent: where required (e.g., certain cookies and some marketing). You can withdraw consent at any time.

5) Special category data (health information)

Health-related information may be considered special category data under UK GDPR. We only process special category data where necessary and with an appropriate condition under data protection law, for example:

  • Explicit consent (where required), and/or
  • where necessary for healthcare/pharmacy purposes with appropriate safeguards, and/or
  • to establish, exercise or defend legal claims (where applicable).

Please avoid sharing unnecessary medical information by email. If we need additional information, we will explain why and how it will be used.

6) Who we share your data with

We share personal data only where necessary and with trusted providers who support our operations. These providers may act as data processors (processing data on our instructions) or as independent controllers (for example, certain payment providers).

  • Ecommerce platform: BigCommerce (storefront and order management).
  • Payment providers: payment processors used at checkout (we do not store full card details).
  • Delivery & logistics: Royal Mail and other couriers (to deliver orders and provide tracking where applicable).
  • Customer communications: email/telephony providers and support tools (to respond to you and send service messages).
  • Analytics & performance: tools to help us understand website usage and improve performance (subject to cookie settings where applicable).

We may also disclose information if required by law, regulation, court order, or to protect our rights, customers, and business.

7) International transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place (such as UK adequacy regulations, approved contractual terms, and security measures).

8) Data retention

We keep personal data only as long as necessary for the purposes described in this notice, including legal, accounting, and regulatory requirements.

  • Order and accounting records: typically retained for up to 6 years to meet tax/accounting obligations.
  • Customer support records: typically retained for up to 24 months after resolution (unless a longer period is required for legal/regulatory reasons).
  • Cookies and analytics identifiers: retained according to cookie settings and provider retention periods.

Retention may be longer if required to comply with legal obligations, resolve disputes, enforce agreements, or protect our legal rights.

9) Your rights

Under UK GDPR you may have the right to:

  • Request access to your personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (in certain circumstances)
  • Request restriction of processing (in certain circumstances)
  • Object to processing (including direct marketing)
  • Request data portability (in certain circumstances)
  • Withdraw consent (where processing is based on consent)

To exercise your rights, contact us at contact@withaid.com or via our Contact page. We may need to verify your identity before responding.

10) Marketing & preferences

We may send marketing communications where permitted by law and in line with your preferences. You can opt out at any time using the unsubscribe link in emails or by contacting us.

Service messages (such as order confirmations and delivery updates) are not marketing and will still be sent where necessary.

11) Cookies

We use cookies and similar technologies to make our website work, improve performance, and (where enabled) understand usage. You can manage cookie preferences through our cookie banner/settings (where available) and/or your browser settings.

12) Security

We use appropriate technical and organisational measures to protect personal data, including access controls and secure systems. However, no online service can be guaranteed to be completely secure; please keep your account details safe.

13) Complaints

If you have concerns, please contact us first and we will do our best to resolve them. You also have the right to complain to the UK Information Commissioner’s Office (ICO):

ICO website: https://ico.org.uk/
Telephone: 0303 123 1113

14) Changes to this Privacy Notice

We may update this notice from time to time. Any changes will be posted on this page with an updated “Last updated” date.

This Privacy Notice is governed by the laws of England and Wales.