Version 6.0  |  19 February 2026

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING OUR SERVICES.

‍

You must be 18 years old or older to use our Services.

‍

At Plan Your Baby Ltd. ("Plan Your Baby", "us", "our" or "we") we are passionate about privacy. Ourprivacy policy (the "Privacy Policy") together with our Terms and Conditions, our Cookies Policy andany other documents referred to therein, is an opportunity for us to be transparent with you about ourprivacy practices when you use our website (planyourbaby.co.uk, hereinafter the "Website") or ourhealthcare services including without limitation our telehealth consultations, diagnostic testing andprescription services (together the "Healthcare Services") or any of our related products and services(together the "Services").

‍

We invite you to spend a few moments to read this Privacy Policy carefully to understand the type ofpersonal data (as defined under the UK General Data Protection Regulation (UK GDPR) asimplemented by the Data Protection Act 2018, hereinafter the "Personal Data") we collect from youwhen you use our Services, how we use it, why we use it, how we protect it, and what are your rightsin relation to it.

‍

By requesting access to or using our Services you are agreeing to this Privacy Policy. If you do notagree with this Privacy Policy, please do not use our Services. If after reading this Privacy Policy youstill have questions, please do not hesitate to get in touch by contacting our Data Protection Officer:Marija Skujina at mskujina@planyourbaby.co.uk.

‍

1. Who We Are

The company in charge of your Personal Data (also known as the data controller, as defined under the UK General Data Protection Regulation (UK GDPR) as implemented by the Data Protection Act 2018, hereinafter the "Data Controller") is Plan Your Baby Limited, a company registered in England and Wales (number 13669100), with an address at 411 Oxford Street, W1C 2PE, London, United Kingdom, and registered with the UK Information Commissioner's Office (ICO) under the number ZB394674.

Our appointed Data Protection Officer is Marija Skujina, who can be contacted at mskujina@planyourbaby.co.uk.

‍

2. What Personal Data We Collect, How We Collect It, For What Purpose and How Long We Retain It

We collect Personal Data from you either automatically, when you give it to us directly, or when we receive it from other sources. We do this to operate effectively and provide you with the best experience when using our Services. You have choices about the Personal Data we collect from you. When you are asked to provide us with your Personal Data, you always have the right not to do so. If you choose not to provide us with your Personal Data when prompted, you may not be able to fully use our Services.

The Personal Data we collect depends on the context of your interactions with our Services and the choices you make, and includes the following:

‍

2.1 When You Access Our Website

Types of Personal Data:

• Device and technical information: unique device identifiers, device ID, browser type and version, operating system and platform, hardware used, browser plug-in types and versions.
• Location and usage information: IP address, country, URLs, Referrer URL, date and time of access, information about page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), information about your visit including products and services you viewed or used, error reports and performance data.

‍

Purpose:

We collect this Personal Data to provide you with access to our Website and ensure the proper use, functioning, maintenance and improvement of our Website.

How we collect it:

We collect this Personal Data automatically when you access our Website.

Legal basis:

Legitimate interest (Article 6(1)(f) UK GDPR).

Storage duration:

We store your Personal Data for fifteen (15) days. After fifteen (15) days your Personal Data is deleted, unless a security event which requires us to keep your Personal Data occurs. In such a case, your Personal Data will be deleted once the security event is remediated.

‍

2.2 When You Use Our Services

Types of Personal Data:

• Contact and identification information: When you book a consultation with us via our Website we will in the first instance collect your first name, last name, date of birth, e-mail address and phone number. Thereafter, and to effectively provide you with our Services, we will also collect your gender, marital status, ethnicity, physical address, photo identification and health insurance information where applicable.
• Health information: To effectively provide you with our Services you will be asked to provide us with general information regarding your health including without limitation your drinking and smoking habits, your allergies, the medications you take, your menstrual cycle, and your general medical history including any genetic or hereditary illness. While providing you with our Services we will also collect information supplied by you during our medical assessments and telehealth consultations including without limitation consultation notes, symptoms, information about your treatment plan and services provided, as well as your diagnostic test results and treatment outcomes, including your pregnancy status. Please rest assured that we do not collect or store any of your blood samples.
• Payment information: If you make any payments while using our Services, we will retain details of your transactions but not your credit or debit card information. Payment card data is processed directly and securely by our authorised third-party payment processors in accordance with PCI-DSS standards.

‍

Purpose:

We use your Personal Data to provide you with our Services.

How we collect it:

When you directly give it to us by using our Services.

Legal basis:

Contract performance (Article 6(1)(b) UK GDPR) and, for health data, your explicit consent (Article 9(2)(a) UK GDPR).

Storage duration:

Clinical health records are retained for a minimum of 8 years from the date of your last treatment, in accordance with UK healthcare records management requirements and NHS Records Management Code of Practice, or longer where required by applicable law. Other personal data will only be retained for as long as needed to fulfil the aforementioned purposes. Please note that withdrawing your consent does not affect the lawfulness of processing based on consent before withdrawal, and we may retain certain data where required by law, including clinical records retention obligations. You may revoke your consent to processing at any time by writing to us at info@planyourbaby.co.uk.

‍

2.3 To Regulate the Quality and Safety of Our Services

Types of Personal Data:

• Identification information: Age, gender, ethnicity, place of birth (country).
• Health information: General information regarding your health including without limitation your drinking and smoking habits, allergies, the medications you take, your menstrual cycles, your general medical history including any genetic or hereditary illness, information supplied during our medical assessments and telehealth consultations including without limitation consultation notes, symptoms, information about your treatment plan and services provided, as well as your diagnostic test results, and treatment outcome including pregnancy status.

‍

Purpose:

We use your Personal Data to guarantee high quality and safety standards of our Services.

How we collect it:

Automatically when you use our Services.

Legal basis:

The processing is required to comply with our legal obligations to ensure the necessary standards of quality and safety of our Services as provided in Article 9(2)(i) UK GDPR.

Storage duration:

The storage duration of your Personal Data for this purpose corresponds with our legal obligation to comply with the necessary standards of quality and safety.

‍

2.4 For Marketing Purposes and to Optimise Our Marketing Initiatives

Types of Personal Data:

• Contact information: First name, last name, e-mail address.
• Device and technical information: Device ID, operating system and browser type.
• Location and usage information: Length of visits to certain pages, page interaction information such as scrolling, finger gestures, clicks, and mouse-overs, geographic location, date and time of access.

‍

Purpose:

We use your Personal Data to send you marketing communications that we believe will be of interest to you, and to optimise our marketing initiatives.

How we collect it:

When you explicitly give it to us by subscribing to our marketing communications. You can always change your marketing preferences at any time by unsubscribing via the link at the bottom of each marketing email.

Legal basis:

Consent (Article 6(1)(a) UK GDPR) and, where applicable under PECR, your prior consent to electronic marketing.

Storage duration:

We store your Personal Data until you revoke your consent.

‍

2.5 For Important Communication Purposes

Types of Personal Data:

• Contact information: First name, last name, e-mail address.

‍

Purpose:

We use your Personal Data to send you important communications about our Services, for example to update you about changes to our Terms and Conditions. Please note that you cannot unsubscribe from these types of communications as they contain important information about our Services. We will not send you marketing content as part of these communications.

How we collect it:

When you directly give it to us by using our Services.

Legal basis:

Legitimate interest (Article 6(1)(f) UK GDPR).

Storage duration:

We store your Personal Data until you no longer use our Services.

‍

2.6 For Public Health Purposes

Types of Personal Data:

• Identification information: Age, gender, ethnicity, place of birth (country).
• Health information: General information regarding your health including without limitation your drinking and smoking habits, allergies, the medications you take, your menstrual cycles, your general medical history including any genetic or hereditary illness, information supplied during our medical assessments and telehealth consultations including without limitation consultation notes, symptoms, information about your treatment plan and services provided, as well as your diagnostic test results, and treatment outcome including pregnancy status.

‍

Purpose:

We use your Personal Data to conduct research on women's health with partner organisations such as universities or other academic institutions and publish our findings in peer-reviewed journals. Please rest assured that we will only use your Personal Data in anonymised and aggregated form.

How we collect it:

When you directly give it to us by using our Services.

Legal basis:

The processing is necessary for reasons of public interest in the area of public health (Article 9(2)(i) UK GDPR). You may object to such processing at any time by writing to us.

Storage duration:

We will store your Personal Data until it is no longer required for the purposes for which it was collected.

‍

2.7 For Feedback Purposes

Types of Personal Data:

• Feedback provided via surveys. Depending on the survey this may contain some Personal Data and Personal Health Data. Please rest assured that we will only use your Personal Health Data with your explicit consent.

‍

Purpose:

To improve our Services.

How we collect it:

When you directly provide it to us via a survey.

Legal basis:

Consent and, where applicable, our legitimate interest to improve our Services.

Storage duration:

Your Personal Data will be stored until it is no longer required for the survey for which it was collected.

‍

2.8 For Job Application Purposes

Types of Personal Data:

• Contact information: First name, last name, e-mail address, phone number.
• Location information: Geographic location.
• Social media information: LinkedIn profile.

‍

Purpose:

We use your Personal Data to check your suitability for the position and to conduct the application process.

How we collect it:

When you directly give it to us when applying for a job at Plan Your Baby.

Legal basis:

Consent (Article 6(1)(a) UK GDPR).

Storage duration:

In the event of a rejection, your Personal Data will be deleted after six (6) months. If you have agreed for us to keep your Personal Data, we will add it to our applicant pool. If you are offered a job, your Personal Data will be transferred to our human resources function.

‍

3. Who We Share Your Personal Data With

Please rest assured that we do not use or share your Personal Data with others except as described in this Privacy Policy, nor do we ever sell your Personal Data. We may however disclose your Personal Data in the following circumstances:

• When the disclosure is requested by you, with your consent, or to perform a contract with you.
• When working with our business partners that help us provide our Services.
• When working with our service providers, who act as our processors under Data Processing Agreements or UK International Data Transfer Agreements (IDTAs) as applicable.
• When we sell, merge, or change the control of Plan Your Baby or in preparation for any of these events, in which case the prospective buyer will have the right to continue to use your Personal Data, but only in the manner set out in this Privacy Policy unless you agree otherwise.
• When required by law, subpoenas, court orders, or other legal processes.

‍

4. Our Business Partners and Service Providers

We work with the following business partners and service providers to provide you with our Services:

‍

Healthcare Services Business Partners

• The Doctors Laboratories Ltd.
• The Doctors Laboratories Genetics Ltd.
• Randox Laboratories Ltd.
• Med Logistics Health Services Ltd.
• Ultrasound Direct Ltd.
• Viva Healthcare Ltd.
• Ovom Ltd.
• Aria Fertility Ltd.
• Kings Fertility Limited
• Heim Health Ltd.
• Stork Fertility Services Ltd.

‍

Healthcare Management Platform Service Provider

• Semble Technology Limited

‍

Infrastructure Service Provider

• Amazon Web Services, Inc. (AWS)
• Google cloud

‍

Web Hosting Service Provider

• Automattic, Inc. (WordPress)

‍

Payment Service Providers

• Worldpay, Inc.
• Stripe, Inc.

‍

Marketing and Customer Communication Service Providers

• Intuit, Inc. (Mailchimp)
• HighLevel Inc.

‍

5. Where We Store Your Personal Data

Your Personal Data is securely stored in the United Kingdom on servers hosted by Amazon Web Services (AWS, UK region) and managed through our healthcare management platform provider, Semble Technology Limited. Both providers maintain ISO 27001 certification and healthcare-grade security standards.

Please note that some of our business partners and service providers operate outside of the United Kingdom. In such cases, we use the UK International Data Transfer Agreement (IDTA), as published by the UK Information Commissioner's Office (ICO), or a UK Addendum to Standard Contractual Clauses to protect Personal Data transferred outside the United Kingdom. These mechanisms ensure that your data receives an equivalent level of protection to that which it enjoys in the UK.

For each international transfer we conduct, we assess the laws and practices of the destination country to ensure that your rights and freedoms are not undermined.

‍

6. How Long We Retain Your Personal Data

We will hold your Personal Data for as long as it is necessary or required by law. Specific storage periods for the respective processing activities are detailed in section 2 above.

As a general guide: non-clinical personal data (such as website access logs) is deleted after 15 days; clinical health records are retained for a minimum of 8 years from the date of last treatment in accordance with UK healthcare records management requirements; marketing data is retained until you withdraw your consent; and job application data is deleted after 6 months in the event of a rejection.

‍

7. How We Protect Your Personal Data

Your security really matters to us, which is why we have comprehensive security systems in place to protect your Personal Data. Once we have received your Personal Data, we will use the following security measures to protect it:

• Use of secure, UK-hosted servers to store your Personal Data, hosted on Amazon Web Services (AWS) infrastructure.
• AES-256 encryption of your Personal Data at rest.
• TLS/HTTPS encryption of all data in transit — all web communications are encrypted in transit using TLS 1.2 or higher.
• Multi-Factor Authentication (MFA) required for all staff accounts with access to your Personal Data.
• Role-Based Access Control (RBAC) — access to your Personal Data is restricted to those of our employees who need it to do their job, on a strict need-to-know basis.
• Mandatory confidentiality agreements signed by all employees and contractors prior to accessing your Personal Data.
• Regular third-party vulnerability assessments and penetration testing.
• AWS GuardDuty intrusion detection and DDoS protection via AWS Shield.
• Comprehensive audit logging via AWS CloudTrail for all access to and changes of your Personal Data.
• Continuous monitoring of our systems for possible vulnerabilities and attacks.
• Regular review and update of our privacy controls and policy (at least annually).
• Mandatory privacy and security training for all staff at onboarding and at least annually thereafter.

‍

Personal Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 UK GDPR. Where required by law, we will also notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach.

Although we do our best to protect your Personal Data, we cannot guarantee its security during the transmission of information via the internet, as any such transmission is at your own risk.

‍

8. Your Rights Regarding Your Personal Data

The UK GDPR gives you the following rights in relation to your Personal Data:

• Right to withdraw consent: You have the right, at any time, to withdraw consent to the processing of your Personal Data. Withdrawal of consent does not affect the lawfulness of processing that took place before withdrawal.
• Right to object: You have the right, at any time, to object to the processing of your Personal Data based on legitimate interests or public interest.
• Right to be informed: You have the right to obtain, at any time, confirmation from us as to whether we are processing your Personal Data or not.
• Right to erasure ('right to be forgotten'): You have the right to obtain from us, at any time, the erasure of your Personal Data. Please note that this right may be subject to legal exceptions, for example where we are required to retain clinical records by law.
• Right to restriction of processing: You have the right to obtain from us, at any time, the restriction of processing of your Personal Data.
• Right to data portability: You have the right to receive, at any time and without charge, your Personal Data in a structured, commonly used and machine-readable format.
• Right to rectification: You have the right to obtain from us, at any time, the correction of inaccuracies in your Personal Data.
• Right to complain: You have the right, at any time, to lodge a complaint with the ICO (as set out in section 10 below).

‍

All of these rights can be exercised by contacting us at info@planyourbaby.co.uk or by writing to our Data Protection Officer, Marija Skujina, at mskujina@planyourbaby.co.uk. We will respond to requests to exercise these rights without undue delay and at latest within one (1) calendar month of receipt of your request.

‍

9. Cookies and Tracking When Using Our Website

We use cookies and other similar technologies to provide you with a user-friendly experience. Cookies are small text files which our Website may put on your device during your first visit. The cookie helps our Website to recognise your device the next time you visit it. There are many functions cookies serve. For example, they can help us remember your username and preferences, analyse how well the Website is performing, or even allow us to recommend content we believe will be most relevant to you. This processing is carried out on a legal basis and, where required by law (including PECR), based on your consent. For detailed information on the cookies we use, the purposes for which we use them, and to manage your cookie preferences, please see our Cookies Policy below.

‍

10. How You Can Make a Complaint

If you have a complaint about how we use your Personal Data, please do not hesitate to contact us at info@planyourbaby.co.uk or write to our Data Protection Officer: Marija Skujina at mskujina@planyourbaby.co.uk.

If you are unhappy with the way that we have dealt with your complaint, you can refer your complaint to the UK's supervisory authority, the Information Commissioner's Office (ICO). For more information you can visit their website at ico.org.uk or call their helpline on 0303 123 1113.

‍

11. Changes to This Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on this page with an updated version number and date, and where appropriate, notified to you by email or via the Website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your Personal Data.

‍

‍

‍

‍

PLAN YOUR BABY LTD.

Cookies Policy

Version 6.0  |  19 February 2026

Plan Your Baby Ltd. ("Plan Your Baby", "us", "our" or "we") uses cookies and other similar technologies on its website planyourbaby.co.uk ("Website") to provide you with a user-friendly experience. For the purpose of any Personal Data we collect through cookies or other similar technologies, we are a Data Controller under the UK GDPR (Data Protection Act 2018) and the Privacy and Electronic Communications Regulations 2003 (PECR).

‍

1. What Are Cookies

Cookies are small text files which our Website may put on your device during your first visit. Cookies perform a range of tasks to ensure you enjoy your visit to our Website, like recognising your device, letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience. There are different categories of cookies: first-party cookies, which are served directly by us to your computer or device, and third-party cookies, which are served by a third party on our behalf for functionality, performance, analytics, and advertising purposes.

In addition to cookies, we also use similar technologies such as web beacons, flash cookies, and pixels to help us measure and improve our Services and personalise your experience. Web beacons are tiny graphics with a unique identifier, similar in function to cookies. Flash cookies are commonly used for advertisements and videos. Pixels or tags may be placed on our Website or within emails for the purposes of tracking your interactions with our Services or when emails are opened or accessed. Where required by PECR, we will obtain your consent before placing any non-essential cookies or similar technologies.

‍

2. How Long Do Cookies Stay on My Device?

Cookies are referred to as either "session" or "persistent" cookies, depending on how long they are used. Session cookies only last for the duration of your online session and disappear from your device when you close your browser. Persistent cookies are stored on the hard drive of your device after the browser has been closed and last until you delete them or they reach their expiry date.

‍

3. What Types of Cookies Do We Use and for What Purpose?

Generally, our cookies perform at least one of the following functions:

‍

Necessary for Essential Services

Necessary cookies are essential to provide you with our Services. They enable basic functions like page navigation and access to secure areas of the Services. These cookies do not require your consent as they are strictly necessary.

‍

Statistics and Performance

Statistics and performance cookies help us understand how you interact with our Website by collecting and reporting usage information. We will only place these cookies with your consent.

‍

Marketing

Marketing cookies are used to track you across our Website. The intention is to target advertising and measure the effectiveness of our campaigns. We will only place these cookies with your consent.

‍

4. Your Right to Object

When you visit our Website, we will provide you with a cookies notice that explains how to change your cookie preferences. Please note that some of the cookies we use are essential for the provision of our Website and you cannot turn them off. Other "optional cookies" will only be used with your consent, which you can choose to withdraw at any time. If you choose to turn off some optional cookies, you may not be able to use all of our Website properly.

You can change your cookie preferences at any time by clicking the cookie settings link on our Website, or by changing the settings in your browser. For more information on how to manage cookies in the most popular browsers, please see below:

• Cookie settings in Chrome for web: https://support.google.com/chrome/answer/95647
• Cookie settings for Android: https://support.google.com/chrome/answer/95647?co=GENIE.Platform=Android
• Cookie settings in Safari web: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Cookie settings for iOS: https://support.apple.com/en-gb/HT201265
• Cookie settings in Edge: https://support.microsoft.com/en-au/microsoft-edge/delete-cookies-in-microsoft-edge
• Cookie settings in Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

5. More Information

If you would like to find out more about cookies and their use on the Internet, you may find the following links useful:

• All About Cookies: https://allaboutcookies.org/
• Your Online Choices: https://www.youronlinechoices.com/uk/

‍

6. Changes to This Cookies Policy

Any changes we make to our Cookies Policy in the future will be posted on this page with an updated version number and date, and where appropriate, notified to you by email or via the Website.