Privacy Policy
Last updated: 08/09/2025
Contents
- Our Commitment to Protecting Your Personal Data
- About Us
- Our Data Protection Officer and How to Contact Us
- Changes to This Privacy Notice
- Our Lawful Bases for Processing Your Data
- Personal Data We May Collect About You
- How We Collect Your Information
- The Purposes for Which We Use Your Data
- Third Parties with Whom We Share Your Data
- International Data Transfers
- How Long We Keep Your Information For
- Your Rights in Relation to Your Personal Data
- Data Security
- Other Important Information
1. Our Commitment to Protecting Your Personal Data
At Harley Weight Loss Clinic, we are strongly committed to respecting and protecting your privacy. Part of our commitment is being transparent with you about how we process your personal data. This Privacy Policy explains who we are and how to contact us, what personal data we collect about you and how we collect it, why we process your personal data and the lawful bases for doing so, who we share your data with and how long we keep it, and what rights you have in relation to how we use your data.
We implement and maintain the highest standards regarding data protection. As a healthcare platform operating in the United States, we comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), applicable federal privacy regulations, and Florida state privacy laws governing the handling of your personal and health information.
When we use the term personal data, we mean any information that can be used to identify you as an individual, directly or indirectly.
2. About Us
We are Harley Weight Loss Clinic LLC, trading as Harley Weight Loss Clinic. We are a Florida limited liability company (Document No. L26000219649, effective April 16, 2026).
Our registered address is: Harley Weight Loss Clinic LLC 2045 Calais Dr, Apt 5 Miami Beach, FL 33141 United States
Our Services
When you become a patient of Harley Weight Loss Clinic, you are likely to use one or more of the following services, each designed to ensure that you enjoy your experience with us:
- Our website at www.harleyweightlossclinic.com
- Our online clinical assessment and weight management consultation
- Our prescription services for FDA-approved GLP-1 weight loss medications, facilitated through our licensed clinical and pharmacy partner network
- Our health coaching and ongoing lifestyle support services
- Our nutrition and exercise planning services
- Our metabolic blood testing and wellness screening services
3. Our Privacy Officer and How to Contact Us
We have appointed a Privacy Officer to govern how we use your data and how we protect it. Because we handle protected health information (PHI) as defined under HIPAA, our Privacy Officer also serves as our HIPAA Privacy Officer.
If you need to contact our Privacy Officer, they can be reached at:
Email: support@harleyweightlossclinic.com Phone: [US PHONE NUMBER] Address: Harley Weight Loss Clinic LLC, 2045 Calais Dr, Apt 5, Miami Beach, FL 33141
If you have any concerns regarding how we process your personal data, we would like the opportunity to address them in the first instance. Please contact us at support@harleyweightlossclinic.com.
If you believe your HIPAA privacy rights have been violated, you have the right to file a complaint with the US Department of Health and Human Services, Office for Civil Rights (OCR) at hhs.gov/ocr. You may also contact the Florida Department of Health for matters relating to state health privacy laws. Filing a complaint with any regulatory body will not affect your access to our services.
4. Changes to This Privacy Notice
This Privacy Policy was last updated on [DATE]. Historical versions can be provided by contacting us at support@harleyweightlossclinic.com.
To make sure we can provide you with the best service, it is important that we keep your personal details accurate and up to date. If any of your information changes, please let us know by emailing us at support@harleyweightlossclinic.com.
We may update this Privacy Policy from time to time. Updates will be posted on our website with a revised effective date, and your continued use of our services implies acknowledgement of any changes. We will notify you of significant changes by email where appropriate.
5. Our Lawful Bases for Processing Your Data
When we process your personal data, we do so in a lawful manner. Under applicable US federal and Florida state privacy law, this means we use one or more of the following lawful bases:
Your consent, where you have given us clear permission to process your data for a specific purpose.
Contract, where processing is necessary to fulfill a contract with you or to take steps at your request before entering into a contract.
Legal obligation, where processing is necessary to comply with a legal requirement such as HIPAA, applicable federal pharmacy regulations, or Florida state law.
Legitimate interest, where we process information to provide a service or improve our business, provided this does not override your rights and freedoms.
In rare cases, vital interests, where we need to process your information to protect life.
When we need to process special category data such as health information, biometric information, or other sensitive personal data, we will only do so where we have a further lawful basis to do so, such as your explicit consent or where processing is necessary for the provision of healthcare services.
When we rely on legitimate interest as a lawful basis, our legitimate interests include:
- Operating, providing, and improving our platform and services
- Communicating with you and responding to your questions
- Improving our website and using insights to improve and develop our services
- Detecting or preventing illegal activities such as fraud and managing the security of our platform
6. Personal Data We May Collect About You
As a patient or user of our services, we may collect and process the following information:
Personal Data
- Identity information: Full name, date of birth, gender
- Contact information: Email address, telephone number, shipping and billing address
- Financial information: Payment card details and billing information, processed securely by our authorized payment partner
- Technical information: IP address, browser type and version, device information, operating system
- Usage data: How you use our website, pages visited, time spent on pages, links clicked
- Marketing data: Your preferences in receiving communications from us
Protected Health Information (PHI)
Because we provide clinical weight management services and facilitate access to prescription medications, some information we collect constitutes Protected Health Information under HIPAA. This includes:
- Health information provided during your clinical assessment, including medical history, current medications, existing health conditions, weight history, and lifestyle information
- Prescription details and treatment information
- Responses to health questionnaires
- Body weight, height, and composition data
- Blood test results and metabolic screening data
- Treatment progress and clinical outcomes
We collect only the minimum PHI necessary to provide your care and comply with applicable legal and regulatory requirements.
You must be at least 18 years old to use our services and provide us with your data. We do not knowingly collect information from anyone under 18.
7. How We Collect Your Information
We collect information about you in the following ways:
Directly from you when you:
- Register for an account on our website
- Complete our online clinical assessment questionnaire
- Attend online consultations
- Contact us by email, phone, or chat
- Purchase services or programmes through our website
- Participate in surveys or provide feedback
- Subscribe to our communications or marketing
From our website automatically, including:
- Technical data such as IP address and browser information
- Usage data such as pages visited and time on site
- Cookie and tracking data, subject to your cookie preferences
From third parties, including:
- Our licensed clinical and pharmacy partner network, who may share information relevant to your prescription and treatment
- Our payment partner, who may share transaction confirmation data
- Identity verification providers where applicable
Some information must be provided to us so that we can fulfil your request, such as completing a clinical assessment or processing a prescription order. We make this clear to you at the point of collecting the data.
8. The Purposes for Which We Use Your Data
When you use our website:
| Activity | Purpose of Processing | Data We Collect | Lawful Basis |
| When you register with us or book a consultation | To create your account and manage your booking | Email address, phone number, contact address, name | Legitimate Interest, Contract |
| When you use our website (marketing) | To market our weight management services | Email address, phone number, contact address | Consent (soft opt-in exemption) |
| When you use our website (analytics) | To improve our website and services | Pages visited, time spent, user behavior | Consent |
| Website functionality | To ensure effective customer service and technical support | IP address, browser type, operating system, pages visited | Legitimate Interest |
| Identity verification | For patient safety, accuracy and fraud prevention | Date of birth, contact details, formal identification | Legal Obligation |
When you answer our health questionnaire or take part in consultations:
Activity | Purpose of Processing | Data We Collect | Lawful Basis |
Health questionnaire | To assess your suitability for weight management treatment | Weight, height, existing health conditions, medication history, lifestyle factors | Legal Obligation, Explicit Consent |
Medical consultations | To provide appropriate medical care and treatment | Health information, medical history, current medications, treatment responses | Legal Obligation, Explicit Consent, Provision of health and social care |
Weight monitoring | To track treatment progress and effectiveness | Weight measurements, body composition data, progress photos | Contract, Explicit Consent, Provision of health and social care |
Laboratory tests | To undertake diagnostics when clinically necessary | Blood samples, test results, contact details | Contract, Explicit Consent, Provision of health and social care |
When you subscribe or make transactions:
Activity | Purpose of Processing | Data We Collect | Lawful Basis |
Account setup | To provide you with our services | Email, name, phone number, postal address | Consent, Legitimate Interest |
Payment processing | To complete transactions for services | Payment card information, bank account details | Contract, Legitimate Interest, Legal Obligation |
Service communications | To provide important information about your treatment | Email, name, phone number, postal address | Contract, Legitimate Interest |
Marketing communications | To inform you about our services and offers | Email, name, phone number, postal address | Consent (soft opt-in exemption) |
Feedback requests | To improve our services | Email, name, feedback responses | Legitimate Interest |
When you contact our Patient Care team:
Activity | Purpose of Processing | Data We Collect | Lawful Basis |
Queries and complaints | To manage and resolve issues and improve services | Email, name, contact details, call recordings | Contract, Legitimate Interest |
Identity verification | To ensure accuracy and prevent fraud | Date of birth, contact details, formal identification | Legitimate Interest, Legal Obligation |
9. Third Parties with Whom We Share Your Data
All patient data, including Protected Health Information, is stored and processed within the United States on HIPAA-compliant infrastructure. We do not transfer PHI outside of the United States.
Our technology infrastructure is US-based and operates under HIPAA-compliant Business Associate Agreements with our hosting and technology providers.
10. International Data Transfers
Almost all data we collect about you is stored and processed in the UK or EEA. However, from time to time, it may be necessary to transfer your data outside of these areas to deliver our services.
Where your data is transferred outside the UK or the EEA, it will only be transferred where adequate safeguards can be applied, including:
- For transfers between the UK, EEA and countries with adequacy decisions: We safeguard transfers through implementing Standard Contractual Clauses (“SCCs”)
- For transfers between the UK and US: We safeguard transfers through implementing the UK-US Privacy Framework, or SCCs
- For third country transfers: We use SCCs with the UK International Data Transfer Addendum (“IDTA”)
Further information on SCCs + IDTA can be found at: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/
Further information on the UK-US Privacy Framework can be found at: https://www.gov.uk/government/publications/uk-us-data-bridge-supporting-documents/
When you contact our Patient Care team, some data may be hosted in the United States through service providers who are signatories to appropriate privacy frameworks.
If you would like to receive a copy of the safeguards we have in place in relation to international transfers, please email support@harleyweightlossclinic.co.uk.
11. How Long We Keep Your Information For
We keep your personal data only for as long as is necessary to provide our services and comply with our legal obligations.
Retention periods are as follows:
- Health and clinical records: Retained for the minimum period required by HIPAA and applicable Florida state law governing medical records
- Prescription records: Retained in compliance with applicable federal DEA and state pharmacy board regulations
- Financial records: 7 years for tax and accounting purposes
- Marketing data: Until you withdraw consent or as permitted by applicable law, whichever is sooner
- Website analytics data: 26 months from collection
Once retention periods are met, we securely destroy, anonymize, or archive data in accordance with our data retention schedule. Exceptions apply where there is an unresolved matter relating to your account, an outstanding legal or regulatory obligation, or where retention is otherwise required by law.
12. Your Rights in Relation to Your Personal Data
You have the following rights under applicable US federal and Florida state privacy law:
Right of Access: You have the right to ask us for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process.
Right to Rectification: You have the right to ask us to correct information you believe is inaccurate, or to complete information you believe is incomplete.
Right to Erasure: You have the right to ask us to erase your personal information in certain circumstances. This is not an absolute right and we may need to retain certain information to comply with legal obligations.
Right to Restrict Processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
Right to Object: You have the right to object to the processing of your personal information for marketing purposes at any time.
Right to Data Portability: You may request that we transfer your data to another service provider where technically feasible.
California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to delete your personal information subject to certain exceptions, the right to opt out of the sale of your personal information (we do not sell personal information), and the right to non-discrimination for exercising your CCPA rights. To exercise your CCPA rights, contact us at support@harleyweightlossclinic.com.
How to Exercise Your Rights
Please contact us at support@harleyweightlossclinic.com, by phone, or by post if you wish to make a request. We will respond without undue delay and always endeavor to complete requests within 30 calendar days. We will not charge for exercising your rights in standard circumstances.
13. Data Security
We implement physical, technical, and administrative safeguards to protect your information against unauthorized access, disclosure, alteration, and destruction, in compliance with HIPAA Security Rule requirements.
Technical safeguards include:
- Encryption of data in transit using TLS and at rest using industry-standard encryption
- Secure, US-based HIPAA-compliant hosting with signed Business Associate Agreements
- Multi-factor authentication for all staff access to systems containing PHI
- Regular security reviews and vulnerability assessments
- HIPAA-compliant audit logging of all access to PHI
Administrative safeguards include:
- Staff training on HIPAA and data protection requirements
- Strict role-based access controls limiting PHI access to those with a clinical or operational need
- Regular review of data processing activities
- Documented incident response procedures
In the event of a data breach affecting your Protected Health Information, we will notify you and the HHS Office for Civil Rights within the timeframes required by the HIPAA Breach Notification Rule, and will take immediate steps to mitigate any potential harm.
14. Other Important Information
Children’s Privacy
Harley Weight Loss Clinic is not intended for individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you are under 18, please do not use our services or provide us with any personal information. If we become aware that we have inadvertently collected data from someone under 18, we will delete it promptly.
External Links
If you click on a link from our website to a third-party site, you are leaving our service and we cannot control the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal information.
Password Security
Where you have chosen a password to access your account, you are responsible for keeping it confidential. We encourage you to use a strong, unique password and to change it regularly. Do not share your password with anyone.
Changes to Our Business
In the event of a merger, acquisition, or sale of all or part of our business, your personal information may be transferred to the new owner. We will notify you of any such change and ensure that your data continues to be protected to the same standard.
Cookies
Our website uses cookies and similar tracking technologies to improve your browsing experience, analyze site traffic, and support our services. You can manage your cookie preferences through your browser settings. We do not use cookies to collect or track Protected Health Information. For more information please see our Cookie Policy.
This Privacy Policy is effective from 01/09/2025.
15. HIPAA Notice of Privacy Practices
Because we handle Protected Health Information, we are required to provide you with this Notice of Privacy Practices as part of our HIPAA compliance obligations.
Your HIPAA Rights
You have the following rights regarding your Protected Health Information:
Right of access: You have the right to request and obtain a copy of your PHI that we hold.
Right to amend: You have the right to request that we correct inaccurate or incomplete PHI.
Right to restrict: You may request restrictions on certain uses and disclosures of your PHI, though we are not always required to agree to such restrictions.
Right to an accounting of disclosures: You may request a list of certain disclosures of your PHI that we have made.
Right to a paper copy of this notice: You may request a paper copy of this Privacy Policy and HIPAA Notice of Privacy Practices at any time.
How We May Use and Disclose PHI Without Your Authorization
Treatment: We may share your PHI with our licensed clinical and pharmacy partner network for the purpose of providing your care and facilitating your prescription.
Payment: We may use and share your PHI to process payment for your services.
Healthcare operations: We may use your PHI to manage and improve our services, conduct quality assurance, and support business operations related to your care.
Legal requirements: We may disclose your PHI when required to do so by applicable federal or state law, including to regulatory authorities such as the FDA, DEA, or applicable state pharmacy boards.
Business associates: Our clinical partner, pharmacy partner, and technology service providers who handle PHI operate under HIPAA-compliant Business Associate Agreements.
We will not use or disclose your PHI for marketing purposes without your explicit written authorization.
Contact Us
For questions or concerns regarding our privacy practices, please contact us:
Data Protection Officer Email: support@harleyweightlossclinic.co.uk
Phone: +44 (0)20 4513 2244
Post: Harley Street Specialist Hospital (London) Ltd
18-22 Queen Anne Street, London, W1G 8HU
General Enquiries Email: support@harleyweightlossclinic.co.uk Phone: +44 (0)20 4513 2244
This Privacy Policy is effective from 01/09/2025.
16. Governing Law
This Privacy Policy is governed by the laws of the State of Florida and applicable US federal law, including HIPAA and its implementing regulations. Any disputes relating to this Privacy Policy will be subject to the jurisdiction of the courts of the State of Florida, unless federal law provides otherwise.
Contact Us
For questions or concerns regarding our privacy practices, your rights, or this Privacy Policy:
Email: support@harleyweightlossclinic.com Phone: [US PHONE NUMBER] Address: Harley Weight Loss Clinic LLC, 2045 Calais Dr, Apt 5, Miami Beach, FL 33141
This Privacy Policy is effective from [DATE].
This Privacy Policy is effective from 01/09/2025.