Privacy notice

At Zava, we believe in giving our patients the best possible care. And a big part of that means taking care of their privacy. Our privacy notice tells you what personal data we collect and why. It also explains your rights and the types of data we might share about you. So, first things first, here’s a little bit about us.

Contents of this article

Welcome to Zava

https://www.zavamed.com/ is a website and service managed by HEALTH BRIDGE LIMITED ("We"/"Us"). We are registered in England and Wales under company number 07392646 and our head office and trading address is: Health Bridge Ltd (t/a Zava), 3 Angel Square, 4th Floor, 1 Torrens Street, London, EC1V 1NY.  

We are what’s known as a ‘data controller’. In terms of the Data Protection Act 2018, that means we are trusted to look after and deal with your personal information in accordance with the present policy defining what data we’re processing and for what purpose.

To help you understand how we treat your personal data, please read the following policy information carefully. If you have any questions about our service, you can email us at: [email protected] and we will get back to you as soon as possible. 

Please don’t use Zava until you are completely happy with the service we offer and the management of your data under this privacy notice.

Now we’ve met, let’s get to the heart of our matter.

What is personal data?

It’s any information that are related to a person that can be either directly or indirectly identified. For our concern, this is then any information related to you such as your name, surname or address. We will call this type of information “data”.

When do we collect your data?

We collect it when you…

  • Fill in forms and medical questionnaires on our website
  • Create your account or order products or services from us
  • Report a problem with our site
  • Contact our customer support team (we make a record of this)
  • Take part in a voluntary research survey
  • Enter in a competition or promotion we could propose.
  • Subscribe to a specific newsletter
  • Write a review about our service 

Data we collect from your computer, mobile phone or other device 

When you use Zava, (and our advertisers and/or other similar services described in the paragraph “who do we share your data with”) we may collect information about how you use our website. This lets us improve our site to give you an even better experience. Types of information we collect include:

  • Technical device information
  • The device you use (e.g. Apple, Samsung, Asus etc)
  • Your device’s unique identifier (e.g. your device's IMEI number or the MAC address of the device's wireless network interface)
  • Network information (e.g 3 network, BT Broadband etc)
  • Your operating system (e.g Windows, Mac OS, Linux, )
  • Your IP address and HTTP referrer information
  • Your location (UK or outside?)
  • Your login information (this only concerns your patient account, once you have created it)
  • The browser type you are using (e.g. Chrome , Safari, IE)
  • Your time zone (e.g. GMT, EST?)

Information about your visit to our website

  • The sites you visit before and after our site, including the date and time. This type of data analysis is called ‘clickstream’ 
  • Services you looked at or searched for
  • How long it took for content to load and download, the length of time you spent on certain pages, how you browse away from the page, and how you interact with our site (scrolling, clicks, and mouse-overs)
  • The phone number you dialled to contact our customer support team

Data we receive from other sources

We are working with third parties such as pharmacies and sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies which may give us information about you.

If you use our test kits service, we will be sent your test results by the laboratory we are working with.

Cookies, pixels and other similar technologies

Cookies are small pieces of information that are stored on your computer, mobile phone or other device. We use them to get to know you better and to improve our service.

You can read all about cookies and your rights in our Cookie Notice.

How we use your data

We take your privacy seriously and will never ever sell your data to anyone.

We use your personal information to:

  • Deliver our service to you 
  • Monitor and improve our service
  • Send you marketing information and promotions we think you’ll be interest in
  • Research purposes
  • Legal, compliance and regulatory reasons

 And we use your data in different ways, which we’ll look at here:

Delivering our service(s) and your medicine(s) to you: 

We use your personal information notably to:

  • Make the consultation and check your suitability to your preferred treatment.
  • Recommend a treatment if you haven’t chosen one or based on the information you’re giving our doctors in the medical questionnaire.
  • Deliver your prescription and medicine(s) to your chosen address (if applicable).
  • Provide laboratory testing services to you.
  • Check your identity and access your medical data and account (if necessary) when you call our customer support team.
  • Offer advice and useful information about the condition you’re looking to treat 

Monitor and improve our service

We use your personal information notably to:

  • Make improvements to our website, tailoring the content to suit your interests and to adapt it to the phone, computer or other device you are using. 
  • Make improvements to our services (range of medicines etc). 
  • Please note that when you are making reviews on our service on Trustpilot, the reviews including your name as you include on Trustpilot might show on our website.

Marketing purposes

We use your personal information notably to:

  • Give you information to help you manage the condition you are seeking treatment for.
  • Tell you about our company.
  • Let you know about our latest products and/or services that we’re think are interesting for you based on the information given in the medical assessment– again, we’ll only do this if you’ve asked us to.
  • Send you offers and promotions.
  • Send you newsletters: you may subscribe to our notifications on our website, whether you registered with us or not. In both cases, the information provided in this context will only be used to send the selected notifications (e.g.information on a medical condition or discounts and offers). 

We will only send you marketing information you will find useful or interesting, and even then, that’s only if you’ve asked us to. And you can ask to stop receiving all or part of this information at any time.

If you do receive marketing materials from us, we’d love to know what you think of them. Good or bad, please feel free to contact us anytime. 

Research purposes

We use your personal information notably to:

  • Analyse individual and collective data.
  • Carry out market research.
  • Identify and make improvements to our services
  • Offer you interactive tools and services on our site
  • Send you surveys
  • We will always ask for your consent, unless the information we are using could in no way identify you (e.g a woman, living in London between 25-30 years old). 

Legal, compliance and regulatory reasons

We use your personal information notably to:

  • detect and prevent fraud. We need to make sure that you are you you say you are to deliver our services to you safely and we also need to ensure that no fraud is happening on our website such as payment with a stolen payment card etc. 
  • comply with any applicable law, regulation, legal process or public authorities request.
  • defend our rights, property and safety, as required or permitted by law.

Who do we share your data with?

At Zava, we work with trusted professionals to bring you safe, convenient healthcare. 

This means sharing your personal and medical data with doctors and a limited number of persons at Health Bridge Limited. For instance, our customer support team needs to access your data to assist you. Our pharmacy also need access to your details to provide your treatment or test kits. 

It also means sharing your data with third parties to deliver our service to you such as hospitals laboratories or payment providers or for other purposes described below.

Rest assured, we only share information that is absolutely necessary and we go to great lengths to make sure everyone we work with takes your privacy as seriously as we do.

To deliver our service to you, we’re working with third parties notably to:

  • send the medicine or good to you
  • send you emails and SMS about your order
  • have your test kits analysed
  • process payment
  • store your data securely

To help us improve our services and for marketing reasons, we use third party products and services to:

  • collect & analyse information about the use of our website
  • send marketing emails to you,
  • collects reviews of our products & services 

If you’d rather we didn’t use your data for marketing reasons, you can unsubscribe under the “Details” tab in your account, or by clicking the unsubscribe link at the bottom of our emails. 

Please note that for the subscriptions to notifications (e.g. newsletters, discounts and offers) made directly on a product page of our website, the unsubscription will only be possible via the unsubscribe link enclosed in the email.

So that we can get your order to you safely and securely, you won’t be able to unsubscribe from our service emails (e.g. emails relating to your order). 

Finally we may need to share your information for legal reasons:

  • Should we sell or buy any business or assets, we may need to share your data with the future seller or buyer. 
  • If we are asked to share your personal data as a result of a court order, legal processing or any other legal obligation.
  • To protect the rights, property, or safety of Health Bridge Limited, our patients, suppliers and partners, or others. This includes exchanging information for fraud protection, reducing credit risk and verifying your identity by a third party provider. 

From time-to-time, our website may contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link, please be aware that every website has its own privacy notice, which Zava has no responsibility or liability for. Please check their privacy notice before you send any personal data to these websites.

How long do we hold your data for?

We only hold your personal data for as long as is necessary. We have an internal retention policy in place which sets out how we use your data (delivery of service, marketing, improvement of our service etc), which includes the associated retention periods. For example, for marketing purposes, we only keep your data while you give your consent to receive communications from us. For medical purposes, we are legally required to keep your medical data for the forseeable future.

We keep anonymous data or general data about our customers for an indefinite period of time. Neither type contains personal information that could be used to identify you.

Where is your data stored and what about security?

Any medical data you give us is stored safely on a private database. This database is only used by our doctors, customer support team, pharmacy team, and a small number of other employees on a need-to-know basis, such as IT support. This platform is hosted on our servers or third parties server (AWS and Rackspace), based in the EU. These providers are both ISO 27001 certified which is the international standard that describes best practice for information security management. 

Any data that doesn’t concern your health may be transferred and stored outside of the European Economic Area ("EEA"). Some countries may not offer the same level of personal data protection as in the EEA in which case we will have a specific agreement with our suppliers to ensure adequate safeguards are in place.  

Your data may be seen by staff from outside the EEA who work for us in which case the data they accessed to is encrypted and only available via a private network (VPN).

Our promise

  • Our security measures protect you against unauthorised access, changes, disclosure or destruction of your data. 
  • We regularly review our security measures, including how we collect, process and store data. Part of this means encrypting data and putting in place physical security measures to protect our storage systems. 
  • Your payment transaction and your personal data are encrypted using SSL technology. 
  • Every member of our staff signs and agrees to a confidentiality agreement when they start working for us and are trained on data protection regulations.
  • Access to your data is only given to employees on a need-to-know basis.
  • All Zava suppliers have to abide to privacy undertakings, in accordance with the applicable data protection laws and regulations.
  • For suppliers based in the USA, we will always try to work with companies that are part of the Privacy Shield. If not, we will agree terms for transferring data that meet the standards of the EU model.

What you can do: To keep your data secure, please do not share you account password with anyone. We also advise you to use a strong, unique password that isn’t used for any other site.

A strong password must include at least eight characters combining upper and lower case letters, numbers and keyboard symbols. 

You can find out about protecting your information, strong passwords and staying safe online here.

Although we do everything we can to protect your personal data, sending information over the internet is never completely secure. 

If you know of any security problem, please tell us as soon as possible.

What are your rights?

Object to the processing of your data. You have the right to ask us not to use your personal data for marketing purposes. We will inform you before collecting your data for this purpose and if we intend to disclose your information to any third party. You can deny this use of data from the time you register with us and you can also change your mind later by changing your preferences in your patient account under the tab “Details” or click the unsubscribe link that you will find at the bottom of every email we send to you. Note that you do not have the option to unsubscribe to the emails regarding your order as this is necessary to provide you with the service. These emails will not contain information concerning the medicine or service you have used, only information concerning the acceptance or rejection of your order and address of the pharmacy in case you are collecting your medicine(s) from a pharmacy.

You can also exercise the right at any time by contacting us. Our contact details are at the end of this notice. 

Correcting your data. With Zava, you’re in charge of your personal information, so if we’ve got something wrong, you can update it quickly and easily. If there’s something you want to change but you can’t, you can contact us anytime. 

Deleting your data. We will delete your data if you ask us to, unless it’s a legal requirement or we have a valid business reason not to delete it. For medico legal reasons, we need to store your medical data as well as your identity and any communications about your treatments for the forseeable future. Such data cannot therefore be deleted but, if you want to stop using our services, you can ask us to suspend your electronic patient account by clicking on the suspend button in your electronic patient account. Your account will stop working immediately and you will no longer be able to access your electronic patient account. Once your account’s closed, it can’t be reopened. 

Accessing your data. You have the right to see any information we hold about you at anytime. Just send your request to Health Bridge Ltd (t/a Zava), 3 Angel Square, 4th Floor, 1 Torrens Street, London, EC1V 1NY or email ([email protected]). You can also request it by calling us, although you’ll need to confirm your request in writing. Please tell us what information you wish to see and send it along with two types of approved identification (a passport or driving license and any official document showing your name and address of less than 3 months old;e.g utility bill).

Changes to our privacy notice

Any changes we may make to this privacy notice in the future will be posted on this page, and for any major changes, we’ll notify you by e-mail.

Contact details

We have a privacy officer who is responsible for enforcing our policy and making sure everyone at Zava respects it. If you have any questions, comments or suggestions, they will be happy to hear from you. You can email them at: [email protected] 

If you have any complaints, you can also contact the ICO (Information Commissioner’s Officer). Our ICO reference number is Z2715245.

Thank you for reading our Zava privacy notice and we’re looking forward helping you soon!



Authorised and regulated by