Skip to content

Free Shipping Above $50
WeightWorld US
1. Introduction

1.1 This Privacy Policy explains how WeightWorld is an e-commerce brand operated and managed by Comfort Click Ltd. a company registered in UK under number 5614133, whose registered office is at unit 8, Sevenoaks Enterprise Centre, Bat & Ball Road, Sevenoaks, Kent TN14 5LJ (‘Company’) together, with its subsidiaries and affiliates operating in India (“Group entities”), collects, uses, discloses, retains, and protects personal data of customers who are using this website.

1.2 Comfort Click Ltd acts as a “business” under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), with respect to personal information collected through our website and associated platforms. As the role of a Data Protection Officer (DPO) is not required under CCPA/CPRA, the responsibilities relating to privacy and data protection compliance are fulfilled by our designated “Privacy Officer”.

1.3 Comfort Click Ltd is headquartered in the United Kingdom. Accordingly, personal information collected through cookies, web forms, or other interactions with our website may be transferred to, stored, and processed outside the United States. Such transfers are made for legitimate business purposes, including service delivery, customer support, and operational efficiency. When transferring personal information, we take commercially reasonable steps to ensure it is handled securely and in accordance with applicable requirements under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). To make it easy for you when reading this policy, 'we' ‘our’ and 'us' refer collectively to Comfort Click Ltd, its various brands and all operational subsidiaries, including those incorporated in India, which form part of our global operations.

1.4 Are children allowed to use Weightworld Services- Our services are intended for use by adults only. We sell children’s products for purchase by adults. If you are under 18, you may use Weightworld Services only with the involvement of a parent or guardian. We do not knowingly collect, use, or process personal data relating to children under the age of 18 (or the age of majority as defined by applicable law in your country).
If you are under 18, you must not use our services or provide us with any personal information. If we discover that we have inadvertently collected personal data from a child, we will take immediate steps to delete such information from our records. If you believe that a child may have provided us with their personal data, please contact us at dpo@comfortclick.co.uk so that we can take appropriate action.

2. What personal data do we collect?

2.1 In accordance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), we collect only the categories of personal information necessary for legitimate business purposes, including providing and improving our services, processing transactions, and delivering a secure and personalised user experience. The categories of personal information we may collect include:

This may include: 

a) Identity and Contact Information

  • Full name, and (gender/ title, date of birth)
  • Billing and shipping addresses
  • Email address and telephone numbers

b) Transactional and Purchase Data

  • products ordered or returned, purchase history, receipts, and delivery records
  • Payment method (note: we do not store full payment card numbers or CVV codes)
  • Promo code usage and loyalty activity
  • Wishlist or saved items

c) Identity Verification Documentation (If required) 

  • Copies of identification documents (e.g. passport, driver’s license, utility bill) for age verification, fraud prevention, or legal compliance.
  • This may include your date/place of birth, gender, photo ID, and nationality.

d) Customer Interaction and Engagement Data

  • Notes or recordings from your calls or messages with customer support
  • (Survey responses), feedback, product reviews, or complaints submitted 
  • Correspondence by email, social media and other messaging platforms.

e) Technical and Usage Data

  • IP address, device identifiers, and language settings.
  • Referrer URL, pages visited, time spent on each page
  • Search terms entered, interaction through marketing emails, and ad impressions

f) Cookie and Online Tracking Data

  • Data captured through cookies, pixels, and similar technologies 
  • Preferences related to marketing and cookies (via Consent management platform)
  • Geo-location data (city or region level, not precise GPS unless explicitly consented

g) Marketing and Preference Data

  • Your preferences for receiving marketing communications
  • Your response to promotions, competitions, and surveys
  •  Interest-based profiling (e.g. preferred products or categories based on your browsing/ purchase behaviour. 

h) Social Media Data

  • Your public social media handle or username if you interact with us via platforms such as Instagram, TikTok, etc.)
  • Any message, mentions, or tagged content you direct us publicly. 

2.2 We collect your personal data either directly from you, from your interactions with our website or customer service team, from third-party platforms, analytics partners and advertising networks. We will always seek your explicit consent when required by law (e.g. for marketing, cookies, or sensitive information) and ensure any processing is limited to legitimate, specified purposes only. We at Comfort Click strongly hold the principles of transparency, security, and accountability in every stage of your data journey with us. 

3. Explaining the legal bases, we rely on

Legal Basis for the Collection, Use, and Processing of Personal Information

3.1 We collect, use, disclose, and otherwise process Personal Information strictly in accordance with applicable United States privacy and consumer protection laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and any substantially similar state privacy laws, as well as relevant federal regulations. The specific legal bases upon which we rely include:

3.2 Consent. Where required by applicable law, we collect and process Personal Information based on your affirmative and informed consent. Consent may be obtained when, for example:
• You subscribe to receive our marketing communications or newsletters.

• You consent to our use of cookies, tracking technologies, and preference-management tools when you interact with our websites. These tools help us provide core functionality, improve performance, and deliver a more tailored user experience

• You voluntarily submit information for surveys, promotions, contests, or product reviews.
Where consent serves as the basis for processing, you may withdraw it at any time by contacting our Data Privacy Office at privacy@comfortclick.com or by using the opt-out or unsubscribe mechanisms provided in commercial communications.

(Notice: For purchases through Amazon or other third-party platforms, those entities act as independent data controllers. Any Personal Information they collect is governed by their respective privacy policies and consent standards.)

3.3 Performance of a Contract: We process Personal Information where it is reasonably necessary to enter into or fulfil a contractual relationship with you, including in order to:

• Process, fulfil, and manage product orders and transactions;
• Provide delivery, returns, refunds, and customer service;
• Authenticate account access and manage billing or payment processing.
Failure to provide the required Personal Information may prevent the execution of a transaction or service.

3.4 Compliance with Legal and Regulatory Obligations: We process Personal Information where required to comply with applicable U.S. federal, state, or regulatory obligations, including:
• Consumer protection, e-commerce, product safety, and tax compliance laws;
• Requests from courts, law enforcement or regulatory bodies;
• Anti-fraud, anti-corruption, anti-money-laundering, and sanctions screening obligations, including obligations under the Bank Secrecy Act (BSA), USA PATRIOT Act, and related financial crime legislation.

3.5 Legitimate Business Interests: We may process Personal Information where such processing is reasonably necessary to pursue our legitimate commercial, operational, or security interests, provided such interests are not overridden by your privacy rights. These interests include:
• Improving our websites, services, and user experience;
• Conducting business analytics, quality assurance, and product performance measurement;
• Personalising marketing and service communications, including permitted “soft opt-in” communications to existing customers under CAN-SPAM and TCPA frameworks;
• Detecting and preventing fraud, cybersecurity threats, misuse, or unauthorised access;
• Establishing, exercising, or defending legal claims or compliance positions.
We apply balancing tests and privacy risk assessments to ensure that our legitimate interests do not conflict with your fundamental privacy rights and expectations.

3.6 U.S. Nationwide Compliance Applicability: Although this Policy is drafted to comply specifically with the CCPA/CPRA for California residents, we extend equivalent privacy rights and protections to residents of all U.S. states that have enacted comprehensive privacy laws with similar scopes, including but not limited to Colorado, Virginia, Utah, and Connecticut.

3.7 Governing Law:  This Privacy Policy, and any disputes arising from or relating to it, shall be governed by and construed in accordance with the laws of the United States and the State of California, without regard to conflict-of-law principles. Where required by state or federal law, we will comply with jurisdiction-specific privacy obligations.

4. When and how do we collect and use your personal data?

4.1 We collect personal information at various points of interaction between you and Weightworld, including when you visit our website, create an account, make a purchase, subscribe to communications, engage with customer support, participate in promotions, or otherwise interact with our products or services. Our collection and processing of personal information is governed by the principles of lawfulness, fairness, transparency, and purpose limitation as required under applicable United States privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), as well as other similar state consumer privacy frameworks where applicable and as required under Article 5 (a) of the UK/EU GDPR. The data is collected under appropriate legal bases as described in the above Clause 3 of this policy, as relevant to the context.

4.2 We collect, use, process, store, and disclose personal information strictly for legitimate business purposes and only to the extent necessary for operational and transactional needs, compliance obligations, and the provision and improvement of our services. Consistent with U.S. data protection legislation, personal information is collected under lawful bases, including but not limited to:

a) To process and fulfil your order by us or third party: to perform a contract or fulfil an order, including transaction processing, product delivery, account management, and customer service support; Besides, when your order is delivered or serviced directly by a third party, we only  share the data necessary to complete the transaction. (If the third party intends to process your data for additional purposes (e.g. marketing), they are responsible for informing you and obtaining your consent where necessary.

b) To comply with our contractual or legal obligations: to comply with legal, regulatory, and law enforcement requirements, including fraud detection, prevention of security incidents, and maintenance of audit and accounting records; this also includes updates to our terms, privacy notices, service changes, or product recalls. These messages are completely informational, and consent is not required. We may also share data with law enforcement agencies and authorities if required. For example, when a court order is put forward to us to share data with law enforcement agencies or a recognized court of law.

c) To personalize your shopping experience and to improve our service system: for legitimate business interests, such as improving website performance, optimizing product offerings, personalizing marketing communications, analytics, service enhancements, security safeguards, operational efficiency, and internal research and development;

d) To send basket abandonment or order tracking email and customer service interaction: We may remind you when you leave items in your cart or send you tracking information post-purchase to enhance your shopping experience. The customer service interaction includes responding to queries, refund requests, complaints, or support cases across email, phone, live chat, or social media. Records may be retained to improve the service quality and resolve future issues. 

e) To send you direct marketing (with your consent or soft opt-in): with your affirmative consent, where required and applicable under state privacy laws, including marketing subscriptions, promotional activities, and optional survey participation;

f) To send you surveys, feedback, and to administer any of our prizes: requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest in doing so as this helps make our products and services more relevant to you. We shall also administer the draws or competitions which you enter with your consent, 

g) For our member or logged-in area, to decide which information to show you, with the help of technological algorithms. We do so on the basis of your consent when you become a member by creating an account. If you don’t want to continue receiving offers, you’ll be unable to continue your account with us. For example, if you consent through our website, we may use your shopping preferences to offer you tailored rewards.

h) Use of Demographic and Geographic Data for Artificial Intelligence Training and Analytics-The Company may collect, process, and utilise non-personal demographic and geographic data, including but not limited to age range, gender, postal code/PIN code, city, and province/region (collectively, “Demographic Data”), strictly for the limited purposes of training and enhancing artificial intelligence (AI) models, optimising product performance, improving service functionality, and conducting aggregated service analytics. Such Demographic Data shall be processed solely in a de-identified, pseudonymised, or aggregated format, and shall not be used to directly or indirectly identify any natural person.

The Company expressly affirms that no Personally Identifiable Information (“PII”), whether direct or indirect, will be utilised for AI training or related analytical activities. All processing activities shall be executed in accordance with the principles of data minimisation, purpose limitation, and pseudonymisation as mandated under the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. Any PII collected for other lawful purposes shall remain segregated from AI training environments and shall be processed solely to fulfil contractual or regulatory obligations or to deliver core services to users.

4.3 The Company shall implement robust organisational and technical safeguards to protect data subjects’ rights and freedoms, and will ensure that any processing of Demographic Data for the aforementioned purposes does not compromise the anonymity or privacy expectations of individuals.

4.4 We ensure that all personal information is collected and processed in accordance with the principles of transparency and consumer rights. Individuals located in states with enhanced privacy protections (including California, Virginia, Colorado, Connecticut, and Utah) may exercise additional rights under state privacy statutes, as described in the relevant section of this Policy.

5. Combining your data for personalised direct marketing

5.1 In order to deliver personalized offers, promotional content, and product recommendations that align with your interests, we may combine personal information collected through your interactions with our digital platforms—including purchase history, browsing activity, device information, cookies and tracking technologies, and account activity—with personal information obtained from third-party data providers, where such sharing is permitted under applicable U.S. privacy laws and where you have provided any legally required consent.

5.2 To enhance the accuracy and relevance of our marketing efforts, we may also supplement the information we maintain with publicly available data or commercially available marketing data from reputable sources. These sources may include public property records, demographic databases, or marketing insights lawfully acquired from third-party partners.

5.3 The combined information allows us to develop a more comprehensive understanding of your preferences and to tailor our marketing communications accordingly. Depending on your jurisdiction, this processing may be considered “targeted advertising,” “cross-context behavioral advertising,” or “profiling.” Where required by law, we will obtain your affirmative consent before using your personal information for these purposes. You may exercise your right to opt out of such processing at any time by following the instructions provided in our Privacy Notice or by submitting a verifiable request through our designated privacy channels. We will honor your choices in accordance with the California Consumer Privacy Act (CCPA/CPRA), and any other applicable U.S. privacy laws.

6. How do we protect your personal data?

6.1 We understand that the security of your personal data is of paramount importance. We use administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures are intended to guard against unauthorized access, disclosure, alteration, and destruction, and it includes:

  • Encrypting data in transit using HTTPS/SSL, and requiring secure configurations for all transactional areas of our website.

  • Limiting access to personal information to personnel and service providers who need it for authorized business purposes, using role-based access controls, authentication requirements, and security training.

  • Using secure payment processors that comply with PCI-DSS, and applying encryption or tokenization to payment information.

  • Monitoring our systems for vulnerabilities, intrusions, or misuse, and applying safeguards such as firewalls, logging, intrusion detection, and regular patching.

  • Performing periodic security assessments, including penetration testing and vendor security reviews.

Although no system can guarantee absolute security, we maintain a written information security program and regularly update our safeguards to comply with applicable laws, industry standards, and evolving threats.

7. How long will we keep your personal data?

7.1 We will retain your personal information only for as long as we need it for the purposes described in this Privacy Policy, including to provide our services, comply with our legal and accounting obligations, resolve disputes, and enforce our agreements. Once we no longer need your information, we will securely delete it or de-identify it so it can no longer reasonably be linked to you. We may use de-identified or aggregate information for business analytics, research, and improving our products.


Examples of our data retention periods include:


Orders and Customer Service: We generally keep order information for about six (6) years from the date of purchase to support returns, refunds, customer service, and legal compliance. 


Product- Related Obligations: For certain regulated, high value, or long-life products, we may keep related data as long as reasonably necessary for the disclosed purpose; (which may be up to 10 years).

Warranties: If you purchase a product with a warranty, we keep the related information for the duration of the warranty so that we can administer your rights and our obligations.

7.2  Legal, Tax, and Compliance: We may retain certain basic information (e.g., name, email, and transactional history) in a restricted form, beyond these periods where required to comply with legal obligations or to establish, exercise, or defend legal claims. We maintain internal retention schedules and periodically review the data we hold to ensure it is not kept longer than needed.

8. Who do we share your personal data with?

8.1 We share personal information only when it is necessary, proportionate, and lawful to do so. We disclose information to service providers who process information on our behalf, to certain third parties who act as independent controllers, and to other recipients as required by law. We take steps to limit what we share and to ensure these parties protect the information.

8.2 We may share your information with the following categories of recipients:

i) Service Providers and Contractors: Companies that help us operate our websites, provide IT and Cloud hosting, manage communications, process payments, deliver orders, support customer service, detect fraud, and secure our systems. These parties must use your information only to provide services to us and are bound by contractual restrictions under applicable privacy laws.

ii) Advertising and Analytics partners: We may disclose identifiers, device information, and browsing activity to advertising or analytics partners (such as Google and Meta) to provide cross-context behavioural advertising or measurement, where permitted by law and based on your cookie or opt-out preferences. In certain states (e.g., California), this may be considered “sharing” personal information, and you have the right to opt out at any time.

iii) Professional Advisers: Auditors, insurers, lawyers and similar advisers in connection with compliance, claims, risk management, or regulatory obligations.

iv) Regulators and Law Enforcement: Where required by law, court order, or other legal process, subject to legal review.

v) Business Transfers: If we undergo a merger, acquisition, financing, restructuring, or sale, we may transfer information to the relevant acquiring or successor entity, subject to similar confidentiality and security safeguards.

8.3 We do not sell personal information for money. However, under California and certain other state privacy laws, our use of advertising and analytics partners may be considered a “sale” or "sharing" of personal information for cross-context behavioural advertising. You can opt out of such activities at any time using our “Your Privacy Choices” link or cookie preferences. To know more about the Cookies we use, kindly refer to the cookies policy on the web page cookie-policy

9. Where your personal data may be processed?

9.1 We operate in the United States and may process your personal data in the U.S. and in other countries where our service providers or we maintain operations. These locations may have privacy laws that differ from the laws in your home state or country. When we transfer your personal data to another country, we ensure that the recipient is subject to appropriate safeguards designed to protect your information. These safeguards may include written contracts that require the recipient to protect your data, compliance with applicable privacy laws, and technical and organizational security measures.  All such transfers shall be limited to what is necessary, proportionate, and consistent with the principles of purpose limitation and data minimization.

9.2 To provide our services- including order fulfillment, customer support, advertising, analytics, IT hosting, and fraud prevention-we may transfer your information to third-party service providers or affiliates located in the U.S. or in other jurisdictions.

9.3 Safeguards for Cross-Border Transfer: Regardless of where your information is processed, we use safeguards designed to ensure your personal data remains protected. These may include contractual commitments requiring service providers to keep your data secure and to use it only for the purposes we specify. Where required, we also apply additional administrative, technical, and organisational controls such as encryption, strict access measures, and ongoing monitoring.

The Company has implemented and maintained appropriate cross-border transfer mechanisms required under Applicable Privacy Laws, including but not limited to:
(a) written data-processing agreements;

(b) confidentiality obligations;

(c) purpose-limitation restrictions;

(d) data-security controls, including encryption and role-based access management; and

(e) ongoing monitoring, risk assessments, and audits.


9.4 Service Providers shall Process Personal Data solely on the Company’s documented instructions and shall be prohibited from retaining, using, or disclosing Personal Data for any purpose other than the specific business purpose specified in the governing agreement, including any prohibitions on “Selling” or “Sharing” Personal Data under the CPRA.

9.5 Where required, the Company shall conduct and document Transfer Impact Assessments (TIAs) and shall implement supplementary safeguards to ensure an essentially equivalent level of protection for cross-border data transfers. We continually monitor legal developments in global privacy laws to ensure that our transfer practices remain compliant and that your personal data receives a high standard of protection.

9.6 If you would like more information about the international transfer mechanisms we rely on, or copies of relevant safeguards, you can contact our Privacy Officer (PO) using the details provided at the end of this Privacy Policy.

10. What are your rights over your personal data?

10.1 We are committed to ensuring you remain in control of your personal data. Subject to verification and applicable statutory exceptions, consumers have the following rights under CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut DPA, Utah UCPA, and similar U.S. state privacy laws:

  1. Right To Access/know: You have the right to request confirmation of whether we process your personal data, and to receive a copy of the data, along with clear information about how and why it is being used.

  2. Right to Deleted: In certain instances, you can ask us to delete your data – for example, where it is no longer necessary for the purpose for which it was collected, or where you withdraw your consent and no other legal basis applies.

  3. Right to Correct: If any personal data we hold about you is inaccurate or incomplete, you may request that it be corrected or updated promptly.

  4. Right to Data Portability: To obtain a portable, technically feasible copy of personal information that the consumer previously provided.

  5. Right to Opt-Out: To direct the Company not to:
    (i) sell personal information;
    (ii) share personal information for cross-context behavioural advertising;
    (iii) process personal information for targeted advertising;
    (iv) process personal information for profiling that produces legal or similarly significant effects.

  6. Right to Limit Use of Sensitive Personal Information (CPRA): Where applicable, to restrict the use of sensitive personal information to necessary business purposes as defined in Cal. Civ. Code §1798.121.

  7. Right to Withdraw Consent: Individuals retain the right to withdraw consent at any time when their personal data is processed on the basis of consent. Upon withdrawal, the organisation must cease such processing unless another lawful basis applies.

  8. Right to Appeal: Individuals have the right to appeal an organisation’s denial of a privacy request within the statutory timeframe. The organisation must review the appeal and provide a written decision consistent with applicable legal requirements.

  9. Right to lodge a Complaint: Individuals may file a complaint with their state Attorney General or the appropriate privacy regulator if they believe their privacy rights have been violated. Organisations must provide clear instructions for submitting such complaints and cooperate with regulatory inquiries.

10.2 The Company will verify the identity of the consumer or authorised agent consistent with statutory requirements and respond within the timelines set by applicable privacy law (e.g., 45 days under CCPA/CPRA, with extension where permitted). Where the Company declines to act on a request, it will provide a legally sufficient explanation.

11. How can you stop the use of your personal data for direct marketing?

11.1 The Company provides consumers with the ability to opt out of direct marketing communications at any time. Consumers may also exercise their statutory rights to opt out of the sharing of personal information, the sharing of personal information for cross-context behavioural advertising (CCPA/CPRA), and targeted advertising (CDPA, CPA, CTDPA, UCPA).

11.2 The Company will recognise and honour Global Privacy Control (GPC) browser signals as a valid opt-out request under CPRA requirements. When a GPC signal is detected, the Company will cease any sale or sharing of personal information associated with that browser or device.

11.3 Opt-out mechanisms include unsubscribe links, account-level preference settings, support requests, and legally required website links (“Do Not Share My Personal Information”; “Your Privacy Choices”). Service messages, transactional notices, and legally required communications are not subject to marketing opt-out.

12. Contacting the Regulator

12.1 If you feel that your data hasn't been treated properly, you may file complaints with the applicable state Attorney General or other regulator regarding the Company’s data-processing practices. However, we would appreciate the opportunity to resolve your concerns directly before you contact a supervisory authority.

12.2 We encourage you to contact our Privacy Officer (PO) first so we can attempt to resolve your issue directly, promptly, and in accordance with your local legal timeframes. Our Privacy Officer can help address most concerns directly, but if you still wish to contact the State Attorney for your queries, details are available through the official state government website.

13. If you live outside the USA

13.1 This Privacy Policy shall be provided in English and other multiple languages. Should there be any conflict in the meanings between the English and translated versions, the English version shall prevail.

13.2 When placing an order with us, browsing our website, including for analytics and website usage research, and/or agreeing to receive direct marketing electronic communications as described in this Privacy Policy and our Cookies Notice, your personal data will be processed by us or on our behalf. Your personal data may be processed in the USA, UK or other jurisdictions where our trusted service providers or we operate.

13.3 When your information is transferred outside your country, we use safeguards designed to protect it, including contractual protections, technical measures, and ensure an appropriate level of data protection is maintained.

13.4 We are committed to maintaining transparency and accountability in how we manage your personal data. From time to time, we may update this Privacy Policy to reflect changes in the law, our data processing practices, or service offerings. We encourage you to periodically review this page to stay informed about how we protect your privacy.

14. Contact Us

14.1 We really hope that this Privacy Policy has been helpful in setting out the way we handle your personal data and your ways to control it. If you have any questions, please contact our Privacy Officer, who would be delighted to help:

Email at: dpo@comfortclick.co.uk.
Telephone: +1 (917) 6944477
Postal address: Unit 8, Sevenoaks Enterprise Centre, Bat & Ball Road, Sevenoaks, Kent, TN14 5LJ. 

This Policy shall be deemed effective as of the approved date and will be reviewed annually or upon legal updates. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
Your cart
Your cart is empty
Have an account? Log in to check out faster.
Continue shopping Continue shopping