Privacy Policy

Last updated:
13 October 2025

Introduction

Blume (“Blume”, “we”, “us”, “our”) is a digital healthcare platform offering personalised treatments, wellness products, and related health services. Your trust is central to what we do, and we are committed to protecting your privacy and safeguarding your personal information.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (www.blume-health.com), use our mobile or web applications (together, the “Platforms”), or interact with our services. It also sets out your rights and how you can manage the information we hold about you.

We comply with the EU General Data Protection Regulation (“GDPR”), the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”), and any other applicable privacy and health information laws. As some of the information we collect may be considered special category health data, we handle it with an additional level of care and, in some cases, are legally required to retain it even if you request its deletion.

At Blume, we:

  • Provide evidence-based health information, guidance and resources.
  • Facilitate secure consultations between our customers and:
    • Licensed medical professionals 
    • Qualified healthcare support staff, such as nurses, dietitians, and health coaches 
    • Other regulated health service providers as necessary to deliver your treatment plan 

“Personal information” means any data relating to you that could identify you directly or indirectly — whether that information is factual (such as your date of birth or address) or an opinion about you.

How We Collect Your Personal Information

We collect and process your personal information in a lawful, fair, and transparent manner, and only to the extent necessary for the purposes outlined in this Privacy Policy. We will never collect information in a way that is unduly intrusive.

Where possible, we collect information directly from you. This may happen when you:

  • Visit our website and sign up for updates, content, or services.
  • Complete a health self-screening questionnaire or other intake forms on our Platforms.
  • Proceed to checkout and make a purchase through our website or app.
  • Take part in a virtual or telephone consultation with our medical personnel, nurses, or other Partner Providers.
  • Contact us by email, phone, webchat, or social media.
  • Input details into any mobile or web applications we operate.
  • Participate in community forums, social groups, or online programs operated by Blume (in doing so, you control what information you choose to share with others in those spaces).
  • Complete feedback forms, surveys, or market research.
  • Engage with any of our services in person or online.

We may also collect information about you from other sources where permitted by law, including:

  • Partner pharmacies, or diagnostic providers involved in your treatment.
  • Other healthcare professionals or service providers who are assisting in delivering your care.
  • Our group companies and service partners who help us operate and provide our services.
  • Your devices and any connected applications or services you authorise.
  • Publicly available sources or trusted third parties, such as suppliers, recruitment agencies, contractors, or business partners.
  • Government databases or systems relevant to healthcare delivery (where applicable and lawful).

If we receive your personal information from a third party, we will, where reasonably possible, ensure you are informed that we hold this data, the purposes for which it will be used, and how you can exercise your rights in relation to it.

Types of Personal Information We Collect

The personal information we collect depends on how you interact with Blume and the services you use. This may include, but is not limited to:

  • Your full name, postal address, email address, and telephone number(s).
  • Date of birth and proof of identity
  • Billing and shipping addresses, payment details, and transaction history.
  • Device identifiers, IP address, browser type, statistics on page views, traffic data, and standard web log information.
  • Information about the services you enquire about or use, and the Partner Providers involved in your care.
  • Records of your consent for services, treatments, or data processing.
  • Employment or demographic details where relevant to a service you request.

Health Information

We only collect health information with your consent, or as otherwise permitted under applicable privacy laws. This may include:

  • Medical history, current health conditions, symptoms, and treatment plans.
  • Prescriptions, medical records, and results from diagnostic tests.
  • Height, weight, lifestyle habits, and health goals.
  • Any other health or sensitive information necessary for your treatment or related healthcare services.

Photographs and Recordings

  • To verify your identity or assess your suitability for treatment, our clinicians may request photographs of you and/or your ID. 
  • Telehealth consultations or phone calls with Blume’s clinicians or support team may be recorded for quality assurance, monitoring, or training purposes. You may request that a call or consultation not be recorded.
  • Any photographs, videos, or recordings collected in connection with your treatment may form part of your health record and will be retained in accordance with our legal and regulatory obligations.

Connected Devices and Wearables

If you use a device that integrates with our app or services — such as a connected scale, wearable tracker, or health monitoring tool — we may collect information including serial numbers, Bluetooth or network identifiers, and device usage data to ensure accurate service delivery.

Important: If you choose not to provide certain personal or health information, we may be unable to deliver some or all of the services you request.

Our Purposes for Handling Your Personal Information

We collect, store, use, and disclose personal information so that we can provide safe, effective, and personalised healthcare services to you. This includes:

  • Providing our products and services — including conducting initial health screenings, verifying your identity, registering you for treatment, maintaining your health records, arranging clinical reviews, issuing prescriptions, dispatching medication, and providing treatment support and advice.
  • Facilitating payments — processing and verifying payments via secure third-party payment gateways.
  • Communicating with you about your treatment and orders — such as updates on your care plan, appointment reminders, prescription renewals, delivery tracking, returns or exchanges, and any follow-ups requested by our clinicians.
  • Providing important updates — including service announcements, security alerts, technical notices, support responses, and administrative messages.
  • Sending marketing and promotional content — including:
    • Information about Blume products, services, promotions, rewards programs, or events that may interest you.
    • Recommendations tailored to your health profile, which may appear in our app, on our website, or via SMS, email, push notifications, or in-app messaging.
  • Supporting relevant third-party communications — where you have consented to be contacted by a Partner Provider or another trusted third party in connection with your treatment.
  • Improving our services — by analysing user behaviour, conducting training, performing research and development, and enhancing our digital platforms and care processes.
  • Meeting legal and regulatory obligations — including compliance with healthcare reporting requirements, responding to lawful requests from authorities, preventing fraud or other unlawful activity, and resolving complaints or disputes.
  • Managing organisational changes — such as mergers, acquisitions, restructures, financing, or the transfer of services to another provider.\
  • General business operations — including insurance purposes, quality assurance, and secure data management.

Disclosure of Personal Information

We only share your personal information where it is lawful, necessary, and relevant to delivering our services, or where you have provided your consent.

We may disclose your personal information, for the purposes outlined in this Privacy Policy, to:

  • Blume’s Partner Practitioners – registered medical practitioners, nurses, and other licensed healthcare professionals involved in your care.
  • Partner Providers – including pharmacies, diagnostic services, and other regulated healthcare providers assisting in the delivery of your treatment.
  • Blume employees, contractors, and group companies – where access is necessary to provide services or operational support.
  • Regulatory bodies or government authorities – where required by law or necessary for the provision of healthcare services.
  • Cloud service providers – for secure storage, hosting, and processing of data.
  • Payment processors – such as Stripe, to facilitate secure transactions.
  • Authorised third-party service providers – including IT support, professional advisers, marketing agencies, and social media partners we use to operate our business.
  • Other healthcare providers – where you have instructed or consented for us to share your information.
  • Emergency services – if a clinician believes you may be at risk of serious or imminent harm, in line with their professional and ethical duties.

We will not use or disclose your personal information for any purpose other than those described in this Privacy Policy, unless:

  • you have given us explicit consent; or
  • we are required or permitted to do so by applicable law or regulation.

Protection of Personal Information

We store personal information securely in a combination of electronic systems, secure cloud storage, and, where necessary, physical records. Some of these storage systems may be operated by third-party service providers and may be located outside your country of residence, in accordance with applicable data protection laws.

We maintain appropriate technical, organisational, and physical safeguards to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. This includes:

  • restricting access to personal information to authorised personnel only, on a “need-to-know” basis;
  • secure encryption of data where appropriate;
  • regular monitoring and testing of our systems; and
  • safe disposal or permanent anonymisation of personal information when no longer required for legal, contractual, or operational purposes.

Health records and other regulated medical information are retained in line with applicable laws and professional guidelines.

Direct Marketing

We may use your personal information, including health-related information where you have provided explicit consent, to send you marketing communications about Blume’s products, services, promotions, or events that we think may interest you.

From time to time, we may also share your personal information with trusted service providers who assist us in delivering marketing content. These communications may be sent by email, SMS, push notification, in-app messages, or other permitted digital channels.

You can opt out of marketing at any time by:

  • following the unsubscribe or opt-out instructions included in the message;
  • adjusting your preferences in the Blume app or web portal; or
  • contacting us directly using the details in the “Contact Us” section of this policy.

Opting out will not affect your access to treatment or services from Blume.

Cookies, Device IDs, and Tracking Technologies

Cookies are small files placed on your device that help us improve our services, enhance security, and personalise your experience. Cookies do not directly identify you, but they do help recognise your device.

We use cookies and similar technologies to:

  • analyse site and app usage;
  • remember your preferences;
  • improve website and app performance; and
  • deliver relevant advertisements and recommendations.

Our app may also collect device identifiers, such as advertising IDs or push notification tokens, to enable app features, monitor performance, and provide tailored content or marketing.

You can manage or disable cookies and device tracking in your browser or device settings. Please note that disabling certain cookies may affect functionality or performance.

Accessing and Correcting Your Personal Information

You have the right to request access to the personal information we hold about you and to request corrections if you believe the information is inaccurate, incomplete, or out of date.

You can make a request at any time by contacting us using the details in the “Contact Us” section below. We may need to verify your identity before processing your request and may ask you to specify the information you require.

If we are unable to provide access or make a correction, we will inform you in writing of the reasons, unless prohibited by law. We will respond to all requests within a reasonable time, in line with applicable data protection laws.

International Transfers of Personal Information

Blume operates internationally and may store or process your personal information in countries outside your country of residence, including locations outside the UK and European Economic Area (EEA).

Whenever we transfer your personal information internationally, we will ensure that appropriate safeguards are in place to protect it, such as:

  • ensuring the country has been recognised as providing an adequate level of data protection; or
  • using standard contractual clauses approved by the European Commission or UK authorities; or
  • ensuring other legally recognised safeguards are implemented.

By using our services, you acknowledge that your personal information may be transferred and processed in countries with different data protection standards from those in your home jurisdiction.

Resolving Concerns

If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal information — including if you wish to withdraw your consent — you can contact our Data Protection Officer (DPO):

Data Protection Officer (DPO)
 Blume Health
[Business Address]
Email: privacy@blume-health.com

We aim to respond to all complaints within a reasonable period and work with you to resolve your concerns.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction:

  • UK: Information Commissioner’s Office (ICO) – www.ico.org.uk
  • EU: Contact your national Data Protection Authority (DPA) – List of DPAs

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The most current version will always be available on our website. We encourage you to review it regularly to stay informed about how we handle your personal information.