Here at NuVina, we are strongly committed to respecting and protecting your privacy. Part of our commitment is being transparent with you about how we process your personal data. This Privacy Notice (the "Notice") aims to do just that.
Within this notice we explain:
We endeavour to implement and maintain the highest standards regarding data protection and adopt policies in line with the highest level of compliance. As such, we align to the Data Protection Act ("DPA 2018"), the UK General Data Protection Regulation ("UK GDPR"), and the Privacy in Electronic Communication Regulations ("PECR 2003") to handle your personal data in certain ways.
When we use the term "personal data" we mean, any information that can be used to identify you as an individual, directly, or indirectly.
We are Vir Health Limited ("we"/"us"), trading as NuVina.co.uk.
Our services
When you become a customer or patient of NuVina, you are likely to use one of our services, each designed to ensure that you enjoy your experience with us. These include, for example:
We have appointed a Data Protection Officer ("DPO") to govern how we use your data and how to protect it.
If you need to contact the DPO, they can be reached directly via email at Nuvina@NorthParkPharmacy.onmicrosoft.com.
They can also be reached by post. If you wish to contact the DPO in this way, please label correspondence 'for the attention of the Data Protection Officer' using the postal address above.
If you have any concerns regarding how we process your personal data we'd like the opportunity to address them in the first instance. If this is the case, please contact us via Nuvina@NorthParkPharmacy.onmicrosoft.com
Where you feel we cannot address your concerns, you have a legal right to contact the ICO should you wish to obtain further information or raise concerns. The ICO is the regulator in the United Kingdom and can be contacted at https://ico.org.uk/make-a-complaint/.
If you are based outside of the United Kingdom, please contact your local regulatory authority responsible for data protection.
This privacy notice was last updated on May of 2025.
We aim to keep accurate and up-to-date information about you so we can provide an effective service. Please inform us by emailing Nuvina@NorthParkPharmacy.onmicrosoft.com, should your personal details change during your relationship with us.
When we process your data, we do it in a lawful manner. Under the UK GDPR, this means we use one or more of the following lawful bases:
When we need to process special category data e.g., health information, biometric information, or data revealing racial or ethnic origin, we will only do so if we have a further lawful basis to do so, such as your explicit consent ("Explicit Consent").
When we use Legitimate Interests as a lawful basis, this means we weigh privacy rights against the Legitimate Interests of the business for a particular activity. If we rely on our (or a third party's) Legitimate Interests, these interests will normally be to:
Where we require your data to pursue our legitimate interests or the legitimate interests of a third party, it will be in a way which is reasonable for you to expect as part of the running of our business and which does not materially affect your rights and freedoms.
As a customer or patient of NuVina and NuVina.co.uk, we may collect and use ("process") certain information; your "personal data", and what is called "special category" data.
Personal data is any information that can be used to identify you, this includes your:
When you enter into a contract with us we may use 'Legal Obligation" as a lawful basis. When we use Legal Obligation, we mean that in order to provide healthcare services, we require certain personal data, for example to:
Our Legal Obligations in relation to the above, include but are not limited to requirements set by the Care Quality Commission (CQC), Medicines and Healthcare Products Regulatory Agency (MHRA), the Health and Social Care Act 2008, or the Human Medicines Regulations 2012 (HMR 2012). Unfortunately, if you do not provide this information you may not be able to use our services.
We also process technical and marketing information when you visit our website or use our app. This information is also classified as personal data and includes:
Special category data is information about you that is more sensitive. We have further protections in place for this category of personal data.
Special category data we process about you may include:
We do not knowingly collect the data of children. Please do not access our services, or provide data to us unless you are at least 18 years old.
As a user of our services or as a patient, we may collect information about you in a number of ways, including:
Directly from you when you:
From our website, such as your:
We process all such data in accordance with this notice. Certain data must be provided to us so that we can fulfil your request (for example, to purchase services or products on our website), and we make this clear to you at the point of collecting the data.
Some information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why we use them, and how you can control them, please see our Cookies Policy.
We work with third party identification verification providers to confirm your identity, who in turn may use for example credit reference agencies, and the electoral register, to verify identity.
We may also receive data about you from our third party service providers, including our payment service provider and our analytic service providers.
As our business relies on collaboration with third parties such as our prescribers, pharmacies, doctors we may also receive information about you from them.
We process data based on two broad categories via the NuVina Digital Healthcare App for subscribers:
We ask for certain customer account data, such as your contact details, when you sign up for an account with us through our application.
When you download our application various categories of data will be requested – further detail regarding this is available at:
We use app usage data to provide services to you and to carry out necessary functions of our business.
As a subscriber to, or when you use the app, we collect some information automatically in order to help us analyse and report information on how you use our services in order to improve the functionality offered for users.
Our business relies on collaboration with third parties (e.g., outside companies) to provide our services to you. Each third party provides an element of our services, for example, IT and cloud services, prescription, delivery, diagnostics or marketing services.
For all third parties we use, we undertake data protection and information security due diligence prior to sharing any personal information. We also have in place contracts with specific data processing and sharing clauses to ensure that third parties process shared data strictly for the purposes we have instructed them to, or in lawful ways that we expect, such as privacy by design and default.
When it is necessary for us to transfer personal information to third parties outside of the UK, this is only done in accordance with the UK GDPR (please see below for international transfers).
Third parties we may share your personal information with include, for example:
Almost all data we collect about you is stored and processed in the UK or EEA. However, from time to time, it may be necessary to transfer your data outside of these areas to deliver our services.
Where your data is transferred outside the UK or the EEA, it will only be transferred where adequate safeguards can be applied, including:
Further information on SCCs + IDTA can be found at:
Further information on the UK-US Privacy Framework can be found at:
When you contact our Customer Care team, this data, including your name, email address and conversations are hosted in the United States. The third party that hosts this data (Intercom) is a signatory in the UK-US Data Privacy Framework.
If you would like to receive a copy of the safeguards we have in place in relation to international transfers, please email Nuvina@NorthParkPharmacy.onmicrosoft.com.
We keep your personal data only as long as:
We keep your personal data for a set amount of time, after a point where we first collect your data (or another trigger) - this is called a 'retention period'. Retention periods are set by our retention and records management policy and retention schedule.
Once retention periods are met, we destroy, anonymise or archive data according to our schedule. However, there are some exceptions to this, including:
We strongly believe in the fair and transparent processing of your personal data and as such, we need to make you aware that you have rights under data protection law. These are called your 'Individual Rights', and include:
You have the right to ask us for copies of your personal information. This right always applies. However, there are some exemptions, which means you may not always receive all the information we process, for example, other peoples' personal information, or information that is commercially sensitive
You have the right to ask us to rectify (i.e., correct) information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Sometimes we get it wrong and need to correct things, so please feel free to tell us. However, we would also love to hear from you if your circumstances change, such as when you move house, change your email or phone number, or when you change your name.
You have the right to ask us to erase your personal information in certain circumstances. Whilst we will do our best to erase your personal data where we can, the right to be forgotten is not an absolute right - this is because we may need to keep certain elements of your information for legal obligations or other legitimate purposes. However, we will tell you if this is the case.
You have the right to ask us to restrict the processing of your information in certain circumstances.
You have the right to object to the processing of your personal information, in certain circumstances if you believe our processing impacts on your rights and freedoms and where we use either consent or legitimate interests. If we are processing on the basis of consent you can also withdraw your consent at any time.
You can request that we transfer your data to another service provider, or to you. Your right applies if you initially provided consent for us to use the data, or were under, or in talks about entering into a contract - and that the processing is automated. Note that your right only applies to information you have given us.
At NuVina, we use interactive AI bots to help you interact with our services and provide you with general lifestyle advice which is non-clinical. These are automated decision-making systems and can sometimes make mistakes (called hallucinations). Our clinicians monitor conversations to help mitigate this, however, you are always able to reach out to a human when interacting with our AI bots, if you are unsure of the information provided.
You have a right not to be subject to automated decision-making, including profiling where:
Please contact us at Nuvina@NorthParkPharmacy.onmicrosoft.com, by post or over the phone if you wish to make a request. We will respond to your request without undue delay, and always endeavour to complete requests within one calendar month.
Please note that not all rights are absolute. For example, where we are required to process your data as part of a legal obligation, we may be required to maintain this information.
We won't charge for exercising your rights. However, we do reserve the right to charge an admin fee if your request is deemed to be manifestly unfounded or excessive.
For more information about your rights
To learn more about your Individual Rights, we encourage you to visit the ICO's relevant site at: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/.
If you click on a link external to our service, please understand that you are leaving our service and we cannot therefore control the privacy practices and content of those third parties.
Any personal data you provide will not be covered by this privacy notice and we strongly encourage you to read their privacy policies to understand how they collect and process your personal data.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our online services, you are responsible for keeping this password (and other personal details) safe.
We encourage you to avoid sharing your password with anyone, or to write it down. When you create a password, our tip is to use three random (but memorable) words, with numbers and symbols included.
For more information on keeping passwords safe, please visit:
https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words.
If any provision of this notice is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.