Data Subject Access Request
Last Updated: 24 Feb. 2026
Your Data Rights
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the right to access, correct, delete, or port the personal data we hold about you. This page explains how to exercise these rights.
What You Can Request
| Right | What It Means |
|---|---|
| Access (Article 15) | Request a copy of all personal data we hold about you, including blood test results, account information, order history, and health questionnaire data. |
| Rectification (Article 16) | Request correction of any inaccurate or incomplete personal data. |
| Erasure (Article 17) | Request deletion of your personal data ("right to be forgotten"). Note: we may need to retain certain data to comply with legal obligations (e.g., clinical records for 8 years, tax records for 7 years). |
| Restriction (Article 18) | Request that we limit how we process your data while a complaint or query is resolved. |
| Portability (Article 20) | Request your data in a structured, machine-readable format (e.g., CSV or JSON) so you can transfer it to another provider. |
| Objection (Article 21) | Object to processing based on legitimate interests or for direct marketing purposes. |
How to Make a Request
You can submit a data subject access request (DSAR) or exercise any of your rights by:
- Email: Send your request to mydata@lolahealth.com
- In-app: Use the account settings in the Lola mobile app to access, download, or delete your data
- Post: Write to us at Lola Health Ltd, 167-169 Great Portland Street, 5th Floor, London, W1W 5PF
What to Include in Your Request
To help us process your request efficiently, please include:
- Your full name and email address associated with your Lola account
- A description of the data or action you are requesting
- Any relevant order numbers or dates
Identity Verification
To protect your privacy, we may need to verify your identity before processing your request. We may ask you to confirm details associated with your account or provide a form of identification.
Response Time
We will acknowledge your request within 5 working days and provide a full response within 30 days of receiving your verified request. If your request is complex or we receive a high volume of requests, we may extend this by up to two additional months, and we will inform you of the reason for the extension.
Fees
Data subject access requests are free of charge. However, we may charge a reasonable administrative fee if a request is manifestly unfounded, excessive, or repetitive, as permitted under Article 12(5) of the UK GDPR.
Not Satisfied?
If you are not happy with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk/make-a-complaint
We encourage you to contact us first at mydata@lolahealth.com so we can try to resolve your concern directly.