For Individuals For Practitioners Login

Beyond Migraine Privacy Policy

Effective Date: 2 October 2025

Your privacy is important to us and we are committed to ensuring that your personal information is managed in accordance with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

What is a Privacy Policy?

This Privacy Policy sets out how Beyond Migraine Ltd ("we", "us", or "our") collects, stores, uses, discloses, manages and protects your personal information in order to carry out our services and functions. In this Privacy Policy "you" or "your" refers to you as an individual user of our services.

If you are a resident of a foreign jurisdiction, there may be additional provisions that apply to you. In those cases, the law that will apply (in addition to UK law) will be:

  • For EU & EMEA Residents: The European General Data Protection Regulation (GDPR)
  • For United Kingdom residents: Data Protection Act 2018 (UK GDPR)
  • For U.S. Residents: relevant U.S. privacy laws, and for California Residents: California Consumer Privacy Act of 2018 (CCPA)
  • For Canadian Residents: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • For Australian/New Zealand Residents: Respective Privacy Acts

By using our services, accessing our website, or providing us with your personal information, you acknowledge and consent to the collection, use, storage and disclosure of your personal information in accordance with this Policy.

What is Personal Information?

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. Personal Information may include "Sensitive Information" such as health information, medical history, and wellness data relevant to migraine management and lifestyle coaching.

What kinds of Personal Information might we collect and hold?

The Personal Information we may collect, hold, use and disclose about you depends upon your relationship with us and the services you have requested. This information may include but is not limited to:

  • Personal Information: Contact details, demographic information, billing/payment information, and identifiers
  • Health and Wellness Information: Health questionnaires, assessments, program responses, wellness tracking data, and medical history relevant to our services
  • Technical Information: Device information, usage data, website analytics, system logs, IP addresses, and browser details
  • Communication Data: Customer service interactions, program feedback, correspondence records, and survey responses
  • Transaction Information: Purchase history, subscription details, payment processing data, and financial records
  • Content and Engagement Data: Course progress, module completions, testimonials, reviews, and program participation records

We may also collect technical information including but not limited to:

  • Data relating to your activity on our website via tracking technologies such as analytics and cookies
  • The identity of your internet browser and type of operating system you use
  • Your IP address, mobile device type and unique ID
  • The domain name of your internet service provider and pages accessed on our site

How do we collect Personal Information?

We collect Personal Information directly from you when:

  • We contact you or you contact us
  • Information is uploaded into our systems by you
  • Through applications, forms, surveys, or assessments you complete
  • When you attend events we organize or sponsor
  • When we communicate with you, including recording information you provide
  • When you post about us on social media platforms
  • Any other means by which you directly communicate or provide information to us

We only collect Personal Information that is necessary for us to perform the services you are seeking and when it is reasonably necessary and directly related to our services and functions.

How do we hold and secure your Personal Information?

We maintain reasonable commercial standards of technology and operational security to protect all Personal Information from misuse, interference, loss, unauthorized access, modification or disclosure. We take steps to protect your information by regularly assessing risk and implementing appropriate security measures.

We store your Personal Information digitally using password protected computers and databases. We primarily use global data storage providers with servers located worldwide, including in the United States. We have agreements with our storage providers requiring them to keep all Personal Information secure using appropriate security methods.

We destroy or de-identify Personal Information in a secure manner when we no longer need it, subject to any legal requirement to maintain information for specific periods.

Why do we collect, hold, use and disclose Personal Information?

We collect, hold, use and disclose your Personal Information where it is reasonably necessary to:

  • Provide or offer you relevant products and services
  • Respond to your requests or inquiries
  • Establish, manage and maintain your programs and services
  • Process payments and manage subscriptions
  • Personalize your program recommendations
  • Improve our services and website functionality
  • Maintain clinical records in accordance with professional standards
  • Conduct program effectiveness analysis and research
  • Send you service-related communications and support
  • Provide marketing communications (with consent)
  • Comply with legal obligations and professional requirements

Who do we share your Personal Information with?

We may share your Personal Information with third parties including:

  • Platform Hosting Providers: For website and program delivery infrastructure
  • Payment Processors: For secure transaction processing (we do not store full payment card details)
  • Laboratory Partners: For processing and delivering test results when you purchase testing services
  • Email and Communication Services: For sending service-related communications and support
  • Analytics and Performance Tools: For website improvement and service optimization
  • Professional Service Providers: Including accountants, legal advisors, IT support, and clinical supervision
  • Courts, tribunals and dispute resolution bodies in the course of legal proceedings
  • Law enforcement agencies and regulatory authorities where required by law

All third-party providers are carefully selected, contractually bound to protect your data, and only receive information necessary for their specific services.

Do we use your Personal Information for Direct Marketing purposes?

We may use your Personal Information to communicate directly with you about our programs, services and activities that we believe may interest you. If you receive marketing material from us and do not wish to continue receiving it, please contact us at [email protected] to be removed from future marketing programs.

Do we send your information overseas?

We may disclose your Personal Information to servers, service providers, and other third parties located overseas, including in the United States. We use our best endeavors to ensure that overseas recipients keep all Personal Information secure using appropriate security methods.

We will only do so with your consent or otherwise in compliance with applicable privacy laws. We will inform you of the countries where overseas recipients are likely to be located.

How long do we keep your Personal Information?

We retain your personal data for different periods depending on the type of information:

  • Account and transaction data: Duration of relationship plus 6 years for financial records
  • Clinical and health records: Duration of relationship plus 7 years in accordance with professional standards
  • Marketing communications: Until you unsubscribe or object
  • Technical and analytics data: Up to 2 years for website improvement purposes

How can you access and/or correct your Personal Information?

You may request access to your Personal Information or seek correction of inaccurate information by contacting us at [email protected]. We will respond to all requests within a reasonable period. An administrative fee may be charged to cover our costs in providing access.

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Limit how we use your personal data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests or for marketing
  • Right to Withdraw Consent: Withdraw consent for marketing communications

What about International Compliance?

For residents outside the UK, additional privacy rights may apply under local laws including:

  • EU/EMEA Residents: European General Data Protection Regulation (GDPR)
  • US Residents: Relevant state privacy laws including California Consumer Privacy Act (CCPA)
  • Canadian Residents: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Australian/New Zealand Residents: Respective Privacy Acts

Where local laws provide greater privacy rights, those laws shall prevail. Contact [email protected] to exercise any additional rights under your local jurisdiction.

What happens if there's a data breach?

In the event of a data breach affecting your personal information, we will notify relevant authorities within 72 hours where required by law and inform affected individuals without undue delay, providing details of the breach and steps being taken to address it.

What about Cookies and analytics?

Our website uses cookies and similar technologies to:

  • Essential Cookies: Enable core website functionality (cannot be disabled)
  • Analytics Cookies: Understand website usage (can be disabled)
  • Marketing Cookies: Deliver relevant advertising (requires consent)

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

How to make a complaint

You may contact us at [email protected] if you have questions or concerns about this Policy or our handling of your Personal Information. We will generally respond within a week and investigate complaints within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Contact us

For any data protection queries, to exercise your rights, or report concerns:

Email: [email protected]
Post: Beyond Migraine Ltd, 39 Heckworth Cl, Highwoods, Colchester, England CO4 9TB

Does this Policy ever change?

We may update this Policy from time to time. We will notify you of significant changes via email or website notice. We recommend visiting our website regularly to stay informed of any changes.

This policy was last reviewed on 2 October 2025.