Privacy Policy

Limitless Health UK

Privacy Policy

Version 1.0

Last updated: 14 April 2026

This Privacy Policy explains how Limitless Health UK collects, uses, stores, and protects your personal data. Please read it carefully. By using our Services, you confirm that you have read and understood this Policy.

1. Who We Are and How to Contact Us

Limitless Health UK is a wellness, lifestyle, and performance consultancy. For the purposes of UK data protection law, Limitless Health UK is a trading name of Biovance Group Ltd, which acts as the Data Controller in respect of your personal data.

Registered address: 22 Acorn Lane, Cuffley, EN6 4JQ

Contact: limitlesshealthuk@gmail.com | instagram.com/limitlesshealthuk

If you have any questions about how we handle your personal data, or wish to exercise any of your rights under UK GDPR, please contact us using the details above.

2. Our Data Protection Registration

Biovance Group Ltd is registered with the Information Commissioner’s Office (ICO) as a Data Controller. Our registration number is ZC123584.

You have the right to lodge a complaint with the ICO at any time. The ICO can be contacted at www.ico.org.uk or by telephone on 0303 123 1113.

3. What Personal Data We Collect

We collect and process the following categories of personal data depending on the Services you purchase:

3.1 Personal Identification Data

  • Full name
  • Email address
  • Delivery address (for test kit dispatch)
  • Telephone number (if provided)
  • Date of birth and age
  • Gender

3.2 Financial Data

  • Payment information — processed securely by our third-party payment provider. We do not store your full payment card details.

3.3 Special Category Data — Health and Biological Data

The following data types constitute special category personal data under Article 9 of UK GDPR. We treat this data with the highest level of care and process it only with your explicit consent.

  • Blood test results (including but not limited to testosterone levels, cholesterol profile, and HbA1c) as provided by our independent third-party laboratory partner
  • Biological age and longevity report data, where purchased
  • Rapid test results (self-reported by you)
  • Weight monitoring data (self-reported at specified points during fight camp, where applicable)
  • Urine dipstick test results (self-reported by you, where applicable)
  • Symptoms questionnaire responses (where applicable)
  • Any health background information you voluntarily share during a consultation
  • Lifestyle information voluntarily shared during consultations or coaching sessions where it relates to health, including sleep habits, dietary patterns, stress levels, and exercise history
  • Notes made during wellness consultations

3.4 Fitness and Coaching Data

  • Training plans and programmes created as part of personal training services
  • Nutrition guidance and dietary plans
  • Progress and check-in notes from PT sessions

3.5 Communications Data

  • Records of communications between you and Limitless Health UK, including emails and booking correspondence

3.6 Technical Data

  • Basic website usage data (where applicable), including IP address, browser type, and pages visited, collected via cookies or analytics tools

4. How We Collect Your Data

We collect your personal data in the following ways:

  • Directly from you when you purchase a Service, complete a form, or contact us
  • From our independent third-party laboratory partner, when your test results report is generated and made available to us
  • From you directly during your wellness consultation, weight cut check-in, or PT session, where you may voluntarily share personal or health-related information
  • From forms and questionnaires you complete as part of our Services, including the symptoms questionnaire used in the weight cut monitoring service
  • Automatically via our website, where cookies or analytics tools are in use

5. Our Lawful Basis for Processing Your Data

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

5.1 Contract Performance (Article 6(1)(b))

We process your name, contact details, delivery address, payment information, and fitness/coaching data in order to fulfil our contract with you — that is, to deliver your test kit, send your results report, provide your wellness consultation, and deliver your PT and nutrition coaching service.

5.2 Explicit Consent (Article 6(1)(a) and Article 9(2)(a))

We process your special category data — including blood test results, biological age data, rapid test results, weight monitoring data, urine test results, symptoms responses, and consultation notes — solely on the basis of your explicit consent. You will be asked to provide this consent separately before your Service commences. You may withdraw your consent at any time. Please note that if you withdraw consent for the processing of your health-related data, we may be unable to continue providing some or all of the Services.

5.3 Legal Obligation (Article 6(1)(c))

We are required to retain certain financial records, including payment transaction data, for a minimum of 7 years in accordance with HMRC requirements.

5.4 Legitimate Interests (Article 6(1)(f))

We may process certain communications data and basic technical data on the basis of our legitimate interests in operating and improving our Service, provided that those interests are not overridden by your rights and freedoms.

We do not use your personal data for automated decision-making or profiling as defined under Article 22 of UK GDPR. No decision that produces a legal or similarly significant effect on you will be made solely by automated means.

6. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process your order and arrange dispatch of your test kit
  • To receive your results report from our laboratory partner and forward it to you securely
  • To contact you to arrange and conduct your wellness consultation or PT session
  • To prepare for and deliver your consultation, including reviewing your report, questionnaire responses, or weight monitoring data
  • To create, deliver, and review your personal training and nutrition plans
  • To send you service-related communications, including confirmation emails and consultation details
  • To maintain records of our interactions with you for the purposes of service continuity and follow-up
  • To improve our Services and user experience, on the basis of our legitimate interests
  • To comply with our legal and regulatory obligations

7. Special Category Data — Additional Safeguards

As your health-related and biological data constitutes special category data under UK GDPR, we apply the following additional safeguards:

  • We collect and process special category data only with your explicit, informed, and freely given consent
  • Access to special category data is strictly limited to the wellness consultants and personal trainer directly involved in delivering your Service
  • Special category data is not shared with third parties except where necessary to deliver the Service (including our independent third-party laboratory partner and our secure communication providers)
  • We aim to minimise the collection and storage of special category data wherever possible. We only collect and process the minimum amount of special category data necessary to deliver the Services.
  • Special category data is deleted in accordance with the retention schedule set out in Section 9 of this Policy

8. Who We Share Your Data With

We do not sell your personal data to any third party. We may share your data with the following categories of recipients, strictly for the purposes set out in this Policy:

8.1 Independent Third-Party Laboratory Partner

Your name and delivery address are shared with our laboratory partner for the purposes of dispatching your test kit. Our laboratory partner independently processes your blood sample or biological sample in their laboratory facility. They act as an independent Data Controller in respect of your sample and results. Their own Privacy Policy governs how they handle your data at the laboratory stage, and we encourage you to read it.

8.2 Payment Processor

Your payment information is processed by our third-party payment provider. We do not have access to or store your full card details. Our payment provider acts as a Data Processor on our behalf and is bound by appropriate data processing agreements.

8.3 Website, Hosting & Service Providers

We use a professional, business-grade email service to communicate with you and to send your results securely. We may also use third-party providers for website hosting, data storage, and online booking systems. All such providers act as Data Processors on our behalf and are bound by appropriate data processing agreements. They may process your contact details or booking information solely for the purpose of delivering these services.

8.4 Legal and Regulatory Authorities

We may disclose your personal data to regulatory authorities, law enforcement bodies, or professional regulatory bodies where required to do so by law, or where we are otherwise legally permitted to do so.

8.5 No Other Third-Party Sharing

We do not share your personal data with any other third parties, including advertisers, data brokers, or research organisations, without your explicit consent.

9. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. Our retention schedule is as follows:

Data TypeRetention PeriodReason
Name & contact detailsDuration of service + 12 monthsService delivery and follow-up
Date of birth, age & genderDuration of service + 12 monthsService delivery
Delivery addressUntil service is fulfilledKit dispatch only
Blood test resultsUntil deletion requested or 12 months post-consultationService delivery
Biological age resultsUntil deletion requested or 12 months post-consultationService delivery
Rapid test results (self-reported)12 months from date of testService delivery and follow-up
Weight monitoring data12 months from fight camp end dateFollow-up and service continuity
Urine dip results (self-reported)12 months from fight camp end dateFollow-up and service continuity
Symptoms questionnaire responses12 months from completionService delivery
Consultation & coaching notes12 months from last sessionFollow-up and plan review
PT & nutrition plans12 months from last sessionService continuity
Payment records7 yearsLegal/HMRC requirement

Where you request deletion of your data before the end of the applicable retention period, we will action your request promptly, except where we are required by law to retain it (for example, financial records). Data is securely deleted or anonymised once the applicable retention period has passed.

10. Your Rights Under UK GDPR

As a data subject, you have the following rights under UK GDPR. You may exercise any of these rights by contacting us at the details provided in Section 1.

Right to Access

You have the right to request a copy of the personal data we hold about you. We will respond within one calendar month.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data, subject to any legal obligations that require us to retain it.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. Please note that withdrawing consent for the processing of your special category data may affect our ability to provide the Service.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time if you believe your data has been handled unlawfully. The ICO can be reached at www.ico.org.uk.

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:

  • Use of a business-grade, professional email service with appropriate security controls
  • Password protection and access controls on all devices used to access your data
  • Limiting access to your personal data to those directly involved in delivering your Service
  • Secure deletion of data at the end of the applicable retention period
  • Where appropriate, use of secure cloud-based systems and encrypted platforms to store and manage your data

Please be aware that the transmission of information via email carries inherent security risks, including the risk of unauthorised access or data interception. By using our Services, you acknowledge that such risks exist. We will always take reasonable steps to minimise these risks. However, no system of transmission or storage can be guaranteed to be 100% secure, and we cannot guarantee the absolute security of your data.

12. International Data Transfers

We aim to keep your personal data within the United Kingdom wherever possible. Where our laboratory partner or any other service provider operates outside the UK, we will ensure appropriate safeguards are in place in accordance with UK GDPR, including the use of UK-approved standard contractual clauses or adequacy decisions.

If you would like further information about the safeguards we apply to international transfers, please contact us.

13. Cookies and Website Tracking

Where our website uses cookies or similar tracking technologies, we will notify you and seek your consent in accordance with applicable law via a cookie banner or consent tool. You may manage or withdraw your cookie consent at any time through your browser settings or our consent management tool.

We will publish a separate Cookie Policy on our website setting out full details of the cookies we use, their purpose, and how to manage them.

14. Marketing Communications

Limitless Health UK does not currently send marketing communications of any kind. We will only ever contact you for the purposes of delivering your Service, including sending your results report, consultation details, and service-related updates.

If we introduce marketing communications in the future, we will update this Privacy Policy accordingly and will seek your explicit, separate opt-in consent before contacting you for marketing purposes. We will never send marketing communications without your prior consent, and we will never pre-tick any consent box on your behalf.

15. Children’s Data

Our Services are not directed at or intended for persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly. If you believe a minor has submitted data to us, please contact us immediately.

16. Third-Party Links

Our website or service communications may contain links to third-party websites, including our laboratory partner and other relevant providers. We are not responsible for the content, privacy practices, or data handling of any third-party websites. We encourage you to read the privacy policy of any third-party website you visit. This Privacy Policy applies solely to data collected and processed by Limitless Health UK.

17. Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time. Any changes will be posted on our website with an updated effective date. Where changes are material, we will notify you by email where we hold your contact details. Your continued use of our Services following any update constitutes your acceptance of the revised Policy.

18. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

Limitless Health UK

A trading name of Biovance Group Ltd

Email: limitlesshealthuk@gmail.com

Website: limitlesshealthuk.com

Instagram: limitlesshealthuk

ICO Registration Number: ZC123584.

19. Complaints

If you are unhappy with how we have handled your personal data, we ask that you contact us in the first instance so we can attempt to resolve your concern. Please use the contact details provided in Section 18.

You also have the right at any time to lodge a complaint directly with the Information Commissioner’s Office (ICO), the UK’s independent data protection authority:

Information Commissioner’s Office

Website: www.ico.org.uk

Telephone: 0303 123 1113

Limitless Health UK   |   Know Your Body. Own Your Health.