LOHA Health Ltd

18 Old Quarry Lane

Lancaster LA1 5WH

Registered Company No: 14872159

Email: Info@LOHA-community.com

Tel. +44 7928434178

LOHA Health Ltd Privacy Policy

This privacy policy applies between you, the User of LOHA Health Ltd (also known as 'LOHA'), the owner and provider of the website, platform and its products.

LOHA Health Ltd takes the privacy of your information and the data you provide, and that we collect very seriously.

Please read this privacy policy carefully. 

The following definitions are used in this privacy policy:

1. Definitions

Data

Refers collectively to all information you submit or share with LOHA Health Ltd via the website and platform or through any of the communication channels LOHA Health Ltd provides. 

Data Protection Laws

Applicable law relating to the processing of personal data, including but not limited to GDPR and any supplementary laws, regulations and secondary legislation. 

LOHA Health Ltd, "we" or "us" or "LOHA"

LOHA Health Ltd, an incorporated company in England and Wales. Company No. 14872159 Registered office: 18 Old Quarry Lane, Lancaster LA1 5WH.

User or you

Any third party that accesses the website, platform or services and is not i) employed by LOHA Health Ltd or acting in the course of their employment or ii) engaged as a consultant or similar providing services to LOHA Health Ltd and accessing the website and products in connection with the provision of such services. 

Website

The website and platform that you are currently using (i.e., www.LOHA-community.com and https://digital-systemic-therapy.loha-community.com/) or any sub-domain of these sites. 

Products or Services

Any products or services that LOHA Health Ltd provides while delivering its business.

2. Interpretation

2.1 – the singular includes the plural and vice versa 

2.2 – a reference to a person includes companies, businesses, government entities, trusts, and partnerships

2.3 Including means ‘including without limitation. 

2.4 Reference to any statutory provision including any modification or amendment.

3. Scope

This privacy policy applies only to the actions of LOHA Health Ltd and Users with respect to the website, platform and the services and products LOHA Health Ltd provides. It does not extend to any websites that can be accessed from this website or platform, including but not limited to any links with social media websites. 

For the purposes of Data Protection Laws, LOHA Health Ltd is the data controller. This means LOHA Health Ltd determine the purposes for which, and the way your Data is processed. 

LOHA is fully compliant with the General Data Protection Regulation (GDPR 2018).
While we do not currently certify to ISO 27001 or similar international standards, we follow best practices for data security and privacy.

4. Data Collected in each case in accordance with this privacy policy: 

LOHA Health Ltd only collects the minimum data necessary to provide our services and support your wellbeing.

We collect the following categories of personal data:

Account Access Data:

When registering to use the LOHA platform, users must provide an email address and password. This data is required to create and maintain a secure user account.

Payment Information (via Stripe):

When users subscribe to paid services, they are directed to Stripe, a secure third-party payment processor. LOHA Health Ltd does not store any payment details (e.g. card numbers). Stripe processes these details independently in accordance with their own privacy policy.

User Feedback:

Users may be invited to answer feedback questions relating to their experience on the platform. This information is stored anonymously unless otherwise stated.

Evaluation and Research (Optional):

From time to time, users may be invited to participate in separate evaluations or research studies. Participation is entirely optional and requires explicit opt-in consent. These may involve the collection of additional data (e.g., age, location, or qualitative responses), which will be explained in detail at the point of consent.

We do not collect personal data unless it is strictly required to deliver or improve our services.

5. How we collect data?

Data may be provided to us directly by you or collected automatically during your interaction with our website and platform.

LOHA Health Ltd collects your data in the following ways:

Directly from you, when you:

- Contact us through our website, telephone, email, post, or other means.
- Register for and use our platform.
- Provide feedback or complete evaluation forms.
- Make a payment for services via Stripe (payment details are handled by Stripe directly; LOHA does not store card information).

Automatically, when you interact with our website or platform.
(e.g. user activity data, usage logs, and technical analytics).

Via third-party tools, such as:

- HubSpot, which tracks website usage and marketing analytics.
- Stripe, which confirms payment transactions.

 

We do not share your data with third parties unless it is necessary to provide our services, you have given explicit consent, or we are legally required to do so.

6. Data Collected Automatically

When you access our website or platform, we collect certain types of data automatically. This helps us monitor usage patterns, improve user experience, and ensure our services meet your needs.

We may collect the following data automatically:

Website and Marketing Data (HubSpot):

Our website is built using HubSpot, which uses cookies and analytics tools to collect data such as:

  • Pages visited
  • Time spent on each page
  • Click behaviour
  • Device type, browser, and IP address
  • Referral source (e.g. if you arrived via a link or ad)

This helps us improve the design and performance of our website, track user journeys, and understand how visitors interact with our content.

Platform Usage and Engagement Data:

When using the LOHA platform, we also collect anonymised interaction data such as:

  • Date of registration
  • Start and end time of each activity
  • Programmes and activities accessed

This allows us to assess engagement, analyse whether time recommendations for each activity are appropriate, and continuously improve the delivery of our content.

All automatically collected data are processed in accordance with GDPR and used solely for service improvement and performance analysis. We do not use this data to make automated decisions about users.

7. Our Use of Data 

Any or all of the above data may be used to:

  • Deliver our platform and services effectively
  • Improve the quality, structure, and timing of our programmes
  • Analyse engagement and user behaviour (anonymously) to enhance the platform experience
  • Monitor and maintain the performance and security of our systems
  • Keep internal records and comply with legal or financial obligations

We may request explicit permission to use any user feedback in promotional materials, and such feedback will be anonymised.

We rely on legitimate interests as a lawful basis for processing data in cases where it supports our service delivery. If you are not satisfied with this arrangement, you have the right to object (see ‘Your Rights’ section).

We do not use your data for automated decision-making that produces legal or similarly significant effects without your consent.

You have the right to request not to be subject to decisions made solely through automated processing. We aim to respond to all rights-related requests within 2 months of receipt.

8. Who do we share data with? 

We may share your data with the following parties, only where necessary and in accordance with this privacy policy:

i) Employees, agents, and professional advisers of LOHA Health Ltd, for the purpose of delivering services and support.

 

ii) Trusted third-party service providers, solely for operational purposes. This includes:
  • Stripe (for secure payment processing)
  • HubSpot (for website analytics and contact management)

These providers only process data as instructed and in line with applicable data protection laws.

LOHA does not permit data sharing with or from third-party social or health tracking apps (e.g., Facebook, Fitbit).

9. Keeping Your Data Secure

All personal data is encrypted in transit using TLS 1.2 and at rest using Azure SQL’s Transparent Data Encryption (TDE). Data stored in Azure Storage uses 256-bit AES encryption. LOHA offers additional user security measures such as session timeouts, multi-factor authentication, unique login sessions (one device at a time), and remote logout (kickout) capabilities.

We will use organisational and technical measures to safeguard your data. We store your data on secure servers and provide only authorised access to those directly working with you to deliver services or products. 

Our Data Protection Officer is Richard Moore – richard.moore@loha-community.com.

If you suspect any misuse or loss or unauthorised access to your data, please let us know immediately by emailing our Data protection lead Richard.Moore@LOHA-community.com

If you require further information about safety online and how to protect data, please visit www.getsafeonline.org which is supported by the UK Government. 

10. Data retention 

We will only retain your data on our systems for the period necessary to fulfil the purposes outlined such as delivery of services or until you request the Data be deleted. Unless a longer retention period is required or permitted by law. 

If we delete your data, it may persist on back up or archival media for legal, tax or regulatory purposes. 

User data is securely deleted upon written request to support manual deletion on demand.

11. Your rights

You have the following rights in relation to your data: 

  1. Right to access where you can request copies of any information, we hold about you at any time or that we update, modify, or delete such information. We will not charge you for access to any information we hold about you unless your requests are excessive and unfounded. Where if manifestly unfounded requests are made, we may refuse your request, but we will explain the reason why. 
  2. You have the right to have your data corrected if it is inaccurate or incomplete.
  3. You have the right to request that we delete or remove your data from our systems. 
  4. You have the right to block or restrict us from using your data or limit the way we use it.
  5. You have the right to request that we move, copy, or transfer your data. 
  6. You have the right to object to our use of your data, including where we use it for legitimate interests. 

To make any enquiries about any of your rights about our use of your data or you withdraw your consent to the processing of your data please contact our Data Protection Officer: Richard.Moore@LOHA-community.com

If you are not satisfied with the way we manage a complaint about how your data is handled by us, you can make a compliant to the UK’s Information Commissioner’s Office whose details are obtained via https://ico.org.uk 

We want to keep all your data we hold accurate and current. Please inform us if your data changes during the period you are using our services or products.

12. Links to other websites

LOHA Health Ltd might provide you with links to other websites. We have no control over websites external to LOHA Health Ltd and as such we cannot be responsible for their content. Our privacy policy therefore does not include the use of such website, each of these sites should have their own privacy policy, which we advise you to read before using them.

13. Change of business

LOHA Health Ltd may expand or reduce our business and the services and products we offer. This may involve the sale of or the transfer of control of all or part of LOHA Health Ltd. Data provided by users will be transferred where relevant and the new owner or controlling party will, under the terms of this policy, be permitted to use the Data for the purposes for which it was originally supplied to LOHA Health Ltd. 

We may disclose anonymised data to a prospective purchaser of our business or any part of it. We will always take steps to ensure your privacy is protected.

14. Children and Safeguarding

If a child uses the app without parental consent, please contact us immediately, and we will delete their data.

15. Safety

Occasionally an activity may evoke strong emotions. If you or another family member might find yourself experiencing overwhelming feelings, please take a break. Return when you or they, feel ready. If it happens repeatedly, you should seek support from a mental health professional.

16. General information

You cannot transfer your rights under this privacy policy to any other person. We may transfer our rights where we reasonably believe your rights will not be affected, under this privacy policy. 

If any court or competent authority finds that any provision in this privacy policy is invalid, illegal, or unenforceable, that provision will to the extent required be deemed to be deleted however the validity and enforceability of the other provisions in this privacy policy will not be affected. No delay, act, or omission by any party in exercising any right or remedy will be deemed a waiver of that or any other right or remedy, unless otherwise agreed.

This agreement will be governed and interpreted according to the law of England and Wales. All disputes arising will be subject to the exclusive jurisdiction of the English and Welsh courts.

17. Future changes to the Privacy Policy

LOHA Health Ltd reserves the right to change this privacy policy as we deem necessary or as may be required by law. Any changes will be posted on the website, and you are deemed to have accepted the terms of this privacy policy on your first use of the website following the policy’s publication and following any alterations. 

If our data use purpose changes, we will notify users and, where appropriate, seek renewed consent.

This privacy policy was created on 25th July 2025. For further information please contact LOHA Health Ltd via richard.moore@loha-community.com