null
10% OFF First Order With WELCOME10 (T&Cs apply)*   

Privacy Policy

INTRODUCTION

Welcome to victoriahealth.com (the “Site”), operated by victoriahealth.com Ltd, a company incorporated in England and Wales with company registration number 3755987, VAT number 739900802, whose registered office is at Unit 5, Atlantic Business Centre, Stirling Way, Borehamwood, WD6 2FQ (“Victoria Health”, “we”, “us” or “our”).

This Privacy Policy explains what personal data we collect about you when you interact with our website or contact our team, how we store and handle that data, how we protect it, and what your rights are. It should be read alongside our Terms and Conditions and Cookie Policy, both of which are available on our website.

This policy is governed by and construed in accordance with the laws of England and Wales, consistent with our Terms and Conditions. By using our website or services, you agree to the practices described in this Privacy Policy.

This notice was last updated: June 2026.

DATA CONTROLLER AND DATA PROTECTION CONTACT

victoriahealth.com Ltd is the data controller for personal data collected through this website, except where GlobalE acts as Merchant of Record for international orders (see the International Orders section below).

For all data protection queries, requests to exercise your rights, or concerns about how we handle your personal data, please contact our data protection lead:

Data Protection Contact

Victoria Health

Unit 5, Atlantic Business Centre, Stirling Way, Borehamwood, WD6 2FQ

Email: dpo@victoriahealth.com 

Tel: +44 208 951 4144

We are registered with the Information Commissioner’s Office (ICO) as a data controller under the name victoriahealth.com Limited. Our ICO registration number is Z9622887, first registered on 4th October 2006. If you have a concern about how we handle your data that we have not resolved to your satisfaction, you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.

WHEN DO WE COLLECT YOUR DATA?

We collect personal data about you in the following circumstances:

  • When you visit our website.
  • When you purchase a product or service.
  • When you create an account or sign up to our email list.
  • When you engage with us on social media.
  • When you contact us via any means with queries, complaints or otherwise.
  • When you comment on or review products on our site.
  • When you click on a link that contains an affiliate tracking component.
  • When you have given a third party permission to share with us the information they hold about you.
  • When our partners share information with us about a service or product you have purchased.

This Privacy Policy does not cover information you submit on other websites, even if we communicate with you on those platforms. For example, if you post on Facebook, Instagram, TikTok, or YouTube, that information is governed by those platforms’ own privacy policies.

WHAT DATA DO WE COLLECT?

Depending on how you interact with us, we may collect and process the following categories of personal data:

  • Identity data: your name and, where provided, date of birth.
  • Contact data: billing and delivery address, email address, and telephone number.
  • Transaction data: details of products and services you have purchased from us, order history, and payment type.
  • Account data: your account login credentials (passwords are stored in encrypted form and never visible to us).
  • Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system, and platform.
  • Usage data: pages visited, clickstream data, products viewed or searched, page response times, session duration, and interaction data such as scrolling and clicks.
  • Search data: search queries entered on our website, processed by Klevu to deliver relevant search results and product recommendations.
  • Marketing and communications data: your preferences for receiving marketing from us and your communication preferences.
  • Social media data: your social media username if you interact with us via those channels.
  • Cookie and consent data: data gathered through cookies placed on your browser, and your cookie consent preferences as recorded by Cookiebot (see our Cookie Policy).

LAWFUL BASIS FOR PROCESSING

UK GDPR requires us to have a lawful basis for processing your personal data. The following sets out the main purposes for which we process your data and the lawful basis we rely on for each:

  • Processing your order and fulfilling our contract with you — Lawful basis: Performance of a contract.
  • Managing your customer account — Lawful basis: Performance of a contract.
  • Processing payments and preventing fraud — Lawful basis: Performance of a contract / Legitimate interests.
  • Sending order confirmations and delivery updates — Lawful basis: Performance of a contract.
  • Responding to your queries and complaints — Lawful basis: Legitimate interests.
  • Sending marketing emails and SMS (where opted in) — Lawful basis: Consent.
  • Personalising your experience and communications via Klaviyo — Lawful basis: Consent / Legitimate interests.
  • Powering on-site search and product recommendations via Klevu — Lawful basis: Legitimate interests.
  • Website analytics via Google Analytics 4 (GA4) — Lawful basis: Legitimate interests (with cookie consent where required by PECR).
  • Google Shopping Ads and remarketing — Lawful basis: Consent (via Cookiebot).
  • Sending post-purchase review request emails via Reviews.io — Lawful basis: Legitimate interests.
  • Back in stock notifications via Hypa — Lawful basis: Consent.
  • Gift card management via 99minds — Lawful basis: Performance of a contract.
  • Order fulfilment and warehouse management via Veeqo — Lawful basis: Performance of a contract.
  • Complying with legal and regulatory obligations — Lawful basis: Legal obligation.
  • Affiliate marketing and commission tracking via AWIN and Skimlinks — Lawful basis: Legitimate interests.
  • Freshdesk (Freshworks Inc.) — customer service and helpdesk platform. When you contact us with a query or complaint, your name, email address, and correspondence are processed via Freshdesk to manage and respond to your ticket. freshworks.com/privacy
  • Cookie consent management via Cookiebot — Lawful basis: Legal obligation / Legitimate interests.

Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests at any time — please see the Your Rights section below.

HOW WE USE YOUR DATA

We use your personal data for the following purposes:

  • To process and fulfil your orders, including acknowledging orders, managing fulfilment via Veeqo, and handling returns and refunds.
  • To manage and maintain your customer account.
  • To send you order confirmations, delivery updates, and service-related communications. These are transactional messages and are not subject to marketing opt-out.
  • To respond to your queries, complaints, and customer service requests.
  • To send you marketing communications by email or SMS where you have given your consent to receive them. You may withdraw consent at any time.
  • To personalise your shopping experience and the marketing communications you receive, using purchase history and browsing behaviour via Klaviyo (see Profiling and Personalisation below).
  • To power on-site search functionality and personalised product recommendations via Klevu.
  • To analyse website usage and improve our site using Google Analytics 4 (GA4).
  • To serve relevant Google Shopping Ads and remarketing campaigns to users who have consented to marketing cookies.
  • To send post-purchase review request emails via Reviews.io.
  • To send back in stock notifications via Hypa, where you have opted in to receive them.
  • To manage gift card transactions via 99minds.
  • To reply to customer emails vis Freshdesk
  • To process and respond to the VH Addicts service and membership.
  • To prevent and detect fraud and other unlawful activity.
  • To manage affiliate partner commissions via AWIN and Skimlinks.
  • To comply with our legal and regulatory obligations.
  • To develop, test, and improve our systems, services, and products, including working with our appointed website development agency.
  • To send you communications required by law or necessary to inform you of changes to our services, such as updates to this Privacy Policy or product recall notices. These service messages do not require marketing consent.

PROFILING AND PERSONALISATION

We use Klaviyo to analyse your purchasing behaviour, email engagement, and browsing activity in order to send you personalised marketing communications. This may include segmenting customers by purchase history, product preferences, or engagement levels, and using that information to tailor the emails and offers you receive from us.

We use Klevu to process your on-site search queries and browsing behaviour to deliver relevant search results and personalised product recommendations. Klevu analyses search terms and interactions to improve the relevance of results shown to you.

We use Google Analytics 4 (GA4) to understand how visitors use our website, including which pages are visited, how long visitors stay, and which products are viewed. We also use Google Shopping Ads for paid search advertising and remarketing to users who have consented to marketing cookies. Both services are subject to Google’s own privacy terms, available at policies.google.com/privacy. You can manage your Google ad personalisation preferences at adssettings.google.com.

None of these tools make automated decisions that have a legal or similarly significant effect on you. They are used solely to improve our communications, search experience, and website. Where automated tools are used for fraud screening (for example by Stripe), any decision that materially affects you — such as an order being declined — is reviewed by a human member of our team. You have the right to request human review of any such decision by contacting customercare@victoriahealth.com 

You can opt out of Klaviyo marketing communications at any time by unsubscribing via the link in any email or SMS message. You can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout. You can manage your Google advertising preferences at adssettings.google.com.

SMS AND EMAIL MARKETING

What we collect

We collect your mobile number (if opted in), email address (if opted in), and where provided, your name. This information is used solely to send you messages related to updates, offers, service reminders, and other marketing content you have explicitly opted in to receive. This is separate from transactional service messages related to your order.

How we use your information

Your information will only be used for the purposes you have consented to. This may include:

  • Promotional content, exclusive offers, and product updates via SMS and/or email.
  • Service-related notifications such as order confirmations, shipping updates, or customer service responses.
  • Occasional communications, typically no more than 2–4 SMS messages per month and regular email newsletters or alerts, depending on your subscription preferences.

You will not receive messages from third parties or unrelated services. We use Klaviyo, a trusted third-party provider, to deliver our SMS and email messages. Klaviyo acts as a data processor on our behalf and processes your data securely and in full compliance with UK data protection law. You can find Klaviyo’s privacy policy at klaviyo.com/legal/privacy-notice.

Opting out

You can withdraw your consent at any time:

  • For SMS: reply STOP to any message.
  • For email: click the “unsubscribe” link at the bottom of any marketing email.
  • Alternatively, email customercare@victoriahealth.com or call +44 208 951 4144 during office hours.

Opting out of marketing messages will not affect your receipt of transactional communications relating to your orders.

COOKIES AND TRACKING

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse site traffic, and personalise content. We use Cookiebot (a service provided by Cybot A/S) to manage cookie consent on our website. When you first visit victoriahealth.com, Cookiebot will present you with a consent banner allowing you to choose which categories of cookies you accept. Only strictly necessary cookies are placed before you give your consent. Cookiebot logs your consent preferences securely as evidence of compliance with PECR and UK GDPR.

You can update your cookie preferences at any time by clicking the cookie settings link in our website footer. Disabling certain cookies may affect the functionality of parts of our website. Please see our Cookie Policy for a full list of the cookies we use, their purpose, duration, and the third parties that set them.

We use Google Tag Manager to manage the tags and tracking scripts on our website. We use Google Analytics 4 (GA4) to analyse website usage and Google Shopping Ads for paid advertising and remarketing. All Google services are subject to Google’s privacy terms at policies.google.com/privacy.

We use Klevu to power on-site search. Klevu may place cookies to track search behaviour and improve search result relevance. Klevu’s privacy policy is available at klevu.com/privacy-policy.

AFFILIATES

Our website participates in affiliate marketing. We embed tracking links into the site, and if you click on an affiliate link, a cookie will be placed on your browser to track any sales for the purposes of commission attribution. We use AWIN (awin.com) and Skimlinks (skimlinks.com) as our affiliate platforms.

When you interact with an affiliate link, we may collect information about the transaction you complete, such as the items purchased and the purchase value. This data is used to manage our affiliate relationships and ensure commissions are properly attributed. Data shared with affiliates will not include personally identifiable information unless you have explicitly consented to this.

You can opt out of cookie tracking at any time by adjusting your cookie preferences via our Cookiebot consent tool, your browser settings, or by using private browsing mode.

DATA RETENTION

We will only keep your personal data for as long as is necessary for the purpose for which it was collected, or as required by law. At the end of the applicable retention period, your data will be securely deleted or anonymised.

Our standard retention periods are as follows:

  • Order and transaction records — 7 years. Required for HMRC tax and accounting obligations.
  • Customer account data — Duration of account plus 2 years after last activity. Retained for legitimate interest and contract purposes.
  • Marketing consent records — Until consent is withdrawn, plus 1 year. Retained as evidence of consent.
  • Cookie consent records (Cookiebot) — 12 months from the date consent was given or last updated.
  • Email and SMS marketing data — Until unsubscribe, plus 30 days for processing.
  • Fraud and security logs — 2 years. Retained for fraud prevention and legitimate interests.
  • Customer service correspondence — 7 years. Retained in line with potential claims under the Limitation Act 1980.
  • Website analytics data (Google Analytics 4) — 14 months. Google’s standard default retention period.
  • Back in stock notification data (Hypa) — Until the notification has been sent and until you withdraw consent.
  • VH Addicts membership data — Duration of membership plus 7 years after expiry, unless you request earlier deletion.

When you place an order, we will keep the personal data you provide for at least the minimum period required to comply with our legal and contractual obligations. Sales figures and anonymised data may be retained indefinitely for business analysis purposes but will not contain personally identifiable information.

WHO DO WE SHARE YOUR DATA WITH?

We do not sell your personal data to third parties. We may share your data with carefully selected third-party service providers who assist us in operating our business and delivering our services to you. These third parties are only permitted to use your data for the specific purposes we instruct, and all are subject to appropriate data processing agreements.

Our third-party service providers include:

  • BigCommerce — website hosting and e-commerce platform. bigcommerce.com/privacy
  • AWS (Amazon Web Services) — cloud infrastructure and data storage. aws.amazon.com/privacy
  • Veeqo — warehouse management and order fulfilment system. Veeqo processes your name, address, and order details to manage picking, packing, and dispatch. veeqo.com/privacy-policy
  • Klaviyo — email and SMS marketing platform, acting as data processor on our behalf. klaviyo.com/legal/privacy-notice
  • Klevu — on-site search and product recommendation engine. Klevu processes search query data and browsing behaviour to personalise search results. klevu.com/privacy-policy
  • Stripe — payment processing. If you use Stripe’s Link feature, Stripe will store your payment details as a separate data controller under their own terms. To delete your Stripe data, contact privacy@stripe.com. stripe.com/gb/privacy
  • 99minds — gift card and loyalty management. 99minds processes your email address and transaction data to manage gift card issuance and redemption. 99minds.io/privacy-policy
  • GlobalE — cross-border fulfilment and Merchant of Record for international orders (see International Orders section below).
  • DPD and Royal Mail — delivery and postal services. Your name, address, and order reference are shared for the purpose of delivering your order.
  • reviews.io — product review platform. Following your purchase, Reviews.io may receive your name and email address to send a review request on our behalf. You can opt out of review emails at any time. reviews.io/privacy-policy
  • Hypa — back in stock notification service. Hypa processes your email address solely to notify you when a product you have requested becomes available. Consent is collected at the point of sign-up and can be withdrawn at any time.
  • Google (Tag Manager, Analytics 4, Shopping Ads) — website analytics, tag management, and paid advertising. policies.google.com/privacy
  • Cookiebot (Cybot A/S) — cookie consent management. Cookiebot stores your consent preferences and provides an auditable consent record. Cybot A/S is based in Denmark (EU), which has UK adequacy status. cookiebot.com/en/privacy-policy
  • AWIN — affiliate marketing platform. awin.com/gb/privacy
  • Skimlinks — affiliate content monetisation platform. skimlinks.com/privacy-policy
  • Freshdesk (Freshworks Inc.) — customer service and helpdesk platform. When you contact us with a query or complaint, your name, email address, and correspondence are processed via Freshdesk to manage and respond to your ticket. freshworks.com/privacy
  • Our appointed website development agency — we work with an external development agency to maintain and improve our website. They may access personal data only as strictly necessary to perform their services and are bound by a Data Processing Agreement with Victoria Health. They may not use your data for any other purpose.

We may also disclose your personal data to law enforcement or regulatory authorities where required by law, or in connection with the investigation of fraudulent activity. In the event of a sale or acquisition of our business, your data may be transferred to the relevant buyer or seller as part of that transaction.

INTERNATIONAL ORDERS AND GLOBAL-E

For orders delivered outside the United Kingdom, GlobalE acts as the Merchant of Record. This means that for international transactions, GlobalE — not Victoria Health — is the data controller in respect of your transaction data. GlobalE collects and processes your personal data, including your name, delivery address, payment information, and order details, in order to complete your purchase, handle customs declarations and duties, and comply with local regulations in your country of delivery.

Victoria Health shares your data with GlobalE solely for the purpose of fulfilling your international order. GlobalE’s Privacy Policy governs the processing of your data for those transactions and can be found at victoriahealth.com/content/Global-e_Privacy_Policy.pdf. If you have questions about how GlobalE handles your personal data, you should contact GlobalE directly.

This arrangement is consistent with our Terms and Conditions, which also identify GlobalE as Merchant of Record for international orders.

INTERNATIONAL DATA TRANSFERS

Some of our third-party service providers are based or process data outside the United Kingdom, including in the United States. When we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including:

  • Transfers to countries with a UK adequacy decision, meaning the UK government has determined that the country provides an equivalent level of data protection. For example, Cookiebot is operated by Cybot A/S, based in Denmark, which benefits from UK adequacy status as a former EU member state.
  • Where no adequacy decision exists (for example, transfers to the USA for services such as Klaviyo, Google, Stripe, and AWS), we rely on International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) adopted under UK GDPR to ensure your data is protected to UK standards.

By using our services or providing your personal data to us, you consent to the transfer, processing, and storage of your data outside the UK where necessary for the purposes described in this policy. We will always take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.

HOW DO WE PROTECT YOUR DATA?

  • We secure access to all transactional areas of our site using HTTPS technology.
  • Access to your personal data is password protected. Sensitive data such as payment card information is secured by our payment gateway (Stripe) and is not stored on our own systems.
  • All order information is held on offsite servers protected by dedicated firewalls and subject to up-to-date security policies.
  • Some data processed via email is held on our cloud-based Microsoft 365 account on dedicated distribution addresses.
  • We receive immediate security updates from our hosted site provider regarding possible vulnerabilities.
  • We use strong encryption technology to protect all transactional information, including card details, personal contact information, and purchasing history.
  • We maintain a Record of Processing Activities (RoPA) as required by UK GDPR Article 30, documenting all categories of personal data we process, the purposes for processing, retention periods, and third-party processors.
  • All third-party processors who access personal data on our behalf are required to have a signed Data Processing Agreement in place with Victoria Health.

CHILDREN

Our website and services are intended for adults aged 18 and over. We do not knowingly collect or process personal data from children under the age of 18. Our site does not contain content directed at children (other than to be purchased by an adult on their behalf).  We have assessed our site against the ICO’s Children’s Code (Age Appropriate Design Code) and are satisfied that our website is not likely to be accessed by children as a primary audience.

If we become aware that we have inadvertently collected personal data from a person under 18, we will delete that information from our records promptly. If you believe we may have collected data from a child, please contact us at dpo@victoriahealth.com.

We do not use behavioural advertising targeted at users who may be under 18.

AUTOMATED DECISION-MAKING

We do not make any decisions about you that are based solely on automated processing and that have a legal or similarly significant effect on you. Where automated tools are used — for example, fraud screening carried out by Stripe — any decision that materially affects you (such as an order being declined) is subject to human review by a member of our team. You have the right to request human review of any such decision by contacting customercare@victoriahealth.com.

YOUR RIGHTS

Under UK GDPR, you have the following rights in relation to your personal data:

  • The right to access the personal data we hold about you, free of charge in most cases.
  • The right to rectification — to have incorrect, incomplete, or out-of-date data corrected.
  • The right to erasure (the ‘right to be forgotten’) — to request that we delete your personal data where there is no legitimate reason for us to continue processing it.
  • The right to restrict processing — to ask us to suspend processing of your data in certain circumstances.
  • The right to data portability — to receive your data in a structured, commonly used format.
  • The right to object — to object to processing based on legitimate interests or for direct marketing purposes.
  • The right to withdraw consent — where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • The right not to be subject to automated decision-making — see the Automated Decision-Making section above.

To exercise any of these rights, please contact us at dpo@victoriahealth.com or by post to Victoria Health, Unit 5, Atlantic Business Centre, Stirling Way, Borehamwood, WD6 2FQ. We will respond within one calendar month. If we are unable to fulfil your request, we will explain our reasons.

If you are unhappy with how we have handled your request or your personal data more generally, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or on 0303 123 1113.

THIRD-PARTY WEBSITES

Our site may contain links to third-party websites including partner networks, advertisers, and affiliates. These websites have their own privacy policies, and we do not accept any responsibility or liability for them. We encourage you to review the privacy policy of any website you visit before submitting personal data.

WHERE IS YOUR DATA PROCESSED?

Your data is held on cloud servers used by our third-party providers, including BigCommerce, AWS, Veeqo, Reviews.io, Klaviyo, Klevu, Stripe, 99minds, Hypa, and Cookiebot. The nature of our data protection obligations may require data to be moved between servers for security or operational reasons.

All companies processing data from the UK and European Economic Area (EEA) are required to adhere to applicable data protection laws. Any transfer of your personal data outside the UK or EEA will be carried out in accordance with UK GDPR and the safeguards described in the International Data Transfers section above.

HOW LONG WILL WE KEEP YOUR DATA?

We will only keep your personal data for as long as is necessary for the purpose for which it was collected, or as required by applicable law. Please refer to the Data Retention section above for our specific retention periods by data category. At the end of the applicable retention period, your data will be securely deleted or anonymised. Anonymised aggregate data (such as sales figures) may be retained indefinitely for business analysis purposes.

NON-WAIVER

No failure to exercise, and no delay on the part of victoriahealth.com Ltd in exercising, any right, remedy, power or privilege under this Privacy Policy shall be construed or operate as a waiver, nor shall any single or partial exercise of any right, remedy, power or privilege preclude any other or further exercise thereof.

GOVERNING LAW AND JURISDICTION

This Privacy Policy, the Site, and any contracts entered into as a result of usage of this Site are governed by and construed in accordance with the laws of England and Wales. The parties agree to submit to the exclusive jurisdiction of the courts of England and Wales. This is consistent with our Terms and Conditions. All contracts are concluded in English.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in the tools we use, the data we process, or for legal or regulatory reasons. Any changes will be posted on this page with an updated date. Where changes are significant, we will notify you by email or by a prominent notice on our website. Please check this page periodically to stay informed.

QUESTIONS AND CONTACT

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Data Protection Contact

Victoria Health

Unit 5, Atlantic Business Centre

Stirling Way

Borehamwood

WD6 2FQ

UK

Email: dpo@victoriahealth.com 

Tel: +44 208 951 4144

General enquiries: customercare@victoriahealth.com

Any changes we may make to our Privacy Policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Policy.

Last updated: June 2026

COOKIE POLICY

INTRODUCTION

This Cookie Policy explains what cookies are, how victoriahealth.com Ltd (“Victoria Health”, “we”, “us”, “our”) uses cookies and similar tracking technologies on victoriahealth.com, and what choices you have about how they are used.

This policy should be read alongside our Privacy Policy and Terms and Conditions, both of which are available on our website. It is governed by and construed in accordance with the laws of England and Wales.

We use Cookiebot, a service provided by Cybot A/S, to manage cookie consent on our website. When you first visit victoriahealth.com, a Cookiebot consent banner will appear allowing you to accept, decline, or customise which categories of cookies are placed on your device. Only strictly necessary cookies are placed before you give your consent. Cookiebot logs and stores your consent preferences as an auditable record in compliance with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR. You can update your preferences at any time via the cookie settings link in our website footer.

WHAT ARE COOKIES?

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently, remember your preferences, and provide information to website owners about how their site is being used.

Cookies can be ‘session’ cookies, deleted when you close your browser, or ‘persistent’ cookies, which remain on your device for a set period or until you delete them. They can be set by the website you are visiting (‘first-party cookies’) or by third-party services operating on that site (‘third-party cookies’).

Under PECR, we are required to obtain your prior consent before placing any cookies that are not strictly necessary for the operation of the site. Cookiebot manages this consent process on our behalf.

WHAT COOKIES DO WE USE?

The cookies on our website fall into four categories. You can choose which categories to accept via our Cookiebot consent tool.

  1. Strictly necessary cookies

These cookies are essential for the website to function and cannot be switched off in our systems. They are set in response to actions you take, such as logging in, adding items to your basket, or setting your privacy preferences. No consent is required for these cookies.

  • BigCommerce session cookie — maintains your shopping session, basket contents, and login state. Duration: session. Set by: victoriahealth.com (first party).
  • CSRF security token — prevents cross-site request forgery attacks. Duration: session. Set by: victoriahealth.com (first party).
  • Cookiebot consent cookie (CookieConsent) — stores your cookie consent preferences so we do not ask again on every visit. Duration: 12 months. Set by: Cookiebot / Cybot A/S (third party).
  1. Performance and analytics cookies

These cookies allow us to count visits and understand how visitors interact with our site, so we can measure and improve performance. All information collected is aggregated. These cookies will only be set if you accept this category.

  • Google Analytics 4 — _ga: distinguishes unique users and tracks sessions. Duration: 2 years. Set by: Google (third party).
  • Google Analytics 4 — _ga_[container-id]: maintains session state for GA4. Duration: 2 years. Set by: Google (third party).
  • Google Analytics 4 — _gid: distinguishes users within a 24-hour window. Duration: 24 hours. Set by: Google (third party).
  • Google Analytics 4 — _gat: throttles the request rate to Google Analytics servers. Duration: 1 minute. Set by: Google (third party).

You can opt out of Google Analytics tracking across all websites by installing the browser add-on at tools.google.com/dlpage/gaoptout.

  1. Functional cookies

These cookies enable enhanced functionality and personalisation, such as remembering your preferences, recently viewed products, or currency selection. These cookies will only be set if you accept this category.

Recently viewed products — remembers products you have recently viewed. Duration: 30 days. Set by: victoriahealth.com (first party).

Currency / language preference — remembers your selected currency or language. Duration: 30 days. Set by: victoriahealth.com (first party).

Klevu search — tracks search queries and interactions on our website to personalise search results and product recommendations. Duration: up to 12 months. Set by: Klevu (third party). Privacy policy: klevu.com/privacy-policy.

  1. Marketing and targeting cookies

These cookies are used to build a profile of your interests and show you relevant advertising on our site and other websites. They are set by our third-party marketing partners and will only be placed with your explicit consent.

  • Klaviyo — tracks email engagement and on-site browsing behaviour to enable personalised email and SMS marketing. Duration: up to 2 years. Set by: Klaviyo (third party). Privacy policy: klaviyo.com/legal/privacy-notice.
  • Google Tag Manager — manages and fires marketing, analytics, and tracking tags on our website. GTM itself does not collect personal data but loads other tags that may do so. Duration: session. Set by: Google (third party).
  • Google Shopping Ads / Google Ads remarketing — used to serve relevant product ads to users on Google Search, Google Shopping, and partner sites, and to remarket to users who have previously visited victoriahealth.com. Duration: up to 540 days. Set by: Google (third party). Manage preferences: adssettings.google.com. Privacy policy: policies.google.com/privacy.
  • AWIN affiliate tracking — tracks clicks on affiliate links and attributes sales for commission purposes. Duration: 30 days. Set by: AWIN (third party). Privacy policy: awin.com/gb/privacy.
  • Skimlinks affiliate tracking — tracks interactions with affiliate content links for commission attribution. Duration: up to 365 days. Set by: Skimlinks (third party). Privacy policy: skimlinks.com/privacy-policy.
  • Reviews.io — enables display of product reviews and supports post-purchase review request emails. Duration: session to 12 months. Set by: Reviews.io (third party). Privacy policy: reviews.io/privacy-policy.
  • Stripe — used for fraud detection and secure payment processing. Duration: session to 1 year. Set by: Stripe (third party). Privacy policy: stripe.com/gb/privacy.
  • 99minds — supports gift card and loyalty programme management. Duration: session. Set by: 99minds (third party). Privacy policy: 99minds.io/privacy-policy.
  • Hypa (back in stock) — enables back in stock notification sign-up and delivery. Duration: session. Set by: Hypa (third party).

GOOGLE TAG MANAGER

We use Google Tag Manager (GTM) to manage the scripts and tracking tags that run on our website, including Google Analytics 4, Google Shopping Ads, and other third-party tools. GTM itself does not collect personal data directly, but it controls which other tags fire on the site based on your consent preferences as set in Cookiebot. Tags that require marketing consent will only fire if you have accepted the marketing cookie category. All tags loaded via GTM are subject to the relevant third party’s own privacy and cookie policies.

COOKIEBOT AND YOUR CONSENT

Cookiebot is our cookie consent management platform, provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cybot A/S is based in the EU (Denmark), which has UK adequacy status, meaning data transferred to Cookiebot is protected to UK GDPR standards.

Cookiebot scans our website regularly to detect and categorise all cookies in use, ensuring this Cookie Policy remains accurate and up to date. It records your consent decision (including the date, time, and scope of consent) and stores this as a log that we can access as evidence of compliance.

The consent record stored by Cookiebot includes: a anonymised token identifying your browser, the date and time consent was given, the URL of the page where consent was given, your consent choices by category, and the version of this Cookie Policy in force at the time. No personally identifiable information is stored in the consent record. Cookiebot’s privacy policy is available at cookiebot.com/en/privacy-policy.

You can withdraw or change your consent at any time by clicking the cookie settings link in our website footer. If you withdraw consent for a cookie category, those cookies will be removed from your browser and will not be set again until you change your preferences.

HOW TO MANAGE YOUR COOKIES

Via our Cookiebot consent tool

Click the cookie settings link in our website footer at any time to review and update your preferences by category: strictly necessary, performance, functional, and marketing.

Via your browser settings

Most browsers allow you to control cookies through their settings. You can refuse cookies, delete existing cookies, or be notified when cookies are being set. Please note that disabling cookies may affect the functionality of our website, including the ability to add items to your basket or complete a purchase.

Browser cookie settings guidance:

  • Google Chrome: Settings > Privacy and security > Cookies and other site data.
  • Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data.
  • Safari: Preferences > Privacy > Manage Website Data.
  • Microsoft Edge: Settings > Cookies and site permissions.

Opting out of specific third-party services

  • Google Analytics: tools.google.com/dlpage/gaoptout
  • Google advertising and Shopping Ads: adssettings.google.com
  • Klaviyo: unsubscribe via any marketing email or contact customercare@victoriahealth.com
  • AWIN: awin.com/gb/privacy
  • Skimlinks: skimlinks.com/privacy-policy
  • Klevu: klevu.com/privacy-policy

DO NOT TRACK

Some browsers include a “Do Not Track” signal. Our website does not currently respond to Do Not Track signals automatically, but you can use Cookiebot or your browser settings as described above to control all tracking on our site.

CHANGES TO THIS COOKIE POLICY

Cookiebot scans our website regularly and will flag any new cookies for review. We update this Cookie Policy whenever the cookies we use change. Any updates will be posted on this page with a revised date. If we make significant changes, we will reset the Cookiebot consent banner so that you are asked to review and re-confirm your preferences.

CONTACT US

If you have any questions about our use of cookies, please contact us:

Victoria Health

Unit 5, Atlantic Business Centre

Stirling Way

Borehamwood

WD6 2FQ

UK

Email: dpo@victoriahealth.com 

General enquiries: customercare@victoriahealth.com 

Tel: +44 208 951 4144

FOR THE LATEST NEWS AND OFFERS SIGN UP HERE