Privacy Policy

Privacy Policy

Healthy Weight 4 Children (healthyweight4children.org.uk) is committed to protecting your privacy. This policy explains how we collect, use and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data controller

The data controller for this website is Dr. Sarah Mitchell, contactable via the contact page.

Data we collect

We collect only the data you provide voluntarily:

  • Contact form: your name, email address, subject and message content
  • Technical cookies: session identifiers and display preferences required for the site to function

We do not collect sensitive data (health data, ethnic origin, political opinions) and we do not use any form of automated profiling or decision-making.

How we use your data

Your data is used exclusively to:

  • Respond to your enquiries via the contact form
  • Ensure the security and proper functioning of the website
  • Generate anonymous usage statistics to improve our content

Legal basis

We process your data on the basis of:

  • Consent: when you voluntarily submit the contact form
  • Legitimate interest: for website security and anonymous analytics

Data retention

  • Contact form data: retained for 12 months after our last exchange, then deleted
  • Technical cookies: session duration or 13 months maximum
  • Server logs: 12 months

Data sharing

Your data is never sold or shared with third parties for commercial purposes. The following service providers may process data as part of their technical role:

  • OVH SAS (hosting): servers located in France
  • Cloudflare Inc. (CDN and security): data transits through their network for DDoS protection

Cookies

This site uses only essential cookies required for its operation. We do not use advertising cookies, tracking pixels or third-party analytics scripts. Cloudflare may set functional cookies for security purposes.

You can manage cookie preferences through your browser settings.

Your rights under UK GDPR

You have the right to:

  • Access your personal data held by us
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing of your data
  • Object to processing
  • Data portability: receive your data in a structured, commonly used format

To exercise any of these rights, please contact us. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk.

Security

We implement appropriate technical and organisational measures to protect your data, including SSL/TLS encryption, application firewalls and regular software updates.

Changes to this policy

This policy may be updated from time to time. The date of the last update is indicated below.

Last updated: April 2026