Privacy Policy

Medibro Ltd ("we", "our", "us") is the data controller responsible for your personal data. We operate the website medibro.co.uk and related services.

We are registered with the UK Information Commissioner's Office (ICO) under reference [To be registered with ICO]. To contact us about data matters, email privacy@medibro.co.uk.

We collect and process the following categories of personal data:

• Account data: name, email address, password (hashed)
• Contact data: phone number, delivery address
• Order data: purchase history, payment status (we do not store full card details)
• Profile data: date of birth, health goals (optional)
• Usage data: pages visited, products viewed, session duration
• Communications: emails you send us, survey responses, reviews
• Marketing preferences: newsletter subscriptions, push notification opt-ins

We process your personal data for the following purposes:

• Processing and fulfilling your orders (contract performance)
• Managing your customer account (contract performance)
• Sending order confirmation and delivery updates (contract performance)
• Processing payments via our payment provider (contract performance)
• Providing customer support (legitimate interest)
• Sending marketing communications, where you have opted in (consent)
• Improving our website and services (legitimate interest)
• Detecting and preventing fraud (legitimate interest and legal obligation)
• Complying with legal obligations (legal obligation)
• Personalising your experience (legitimate interest)

Under UK GDPR, we rely on the following lawful bases: contract performance (order fulfilment), legitimate interests (fraud prevention, analytics, customer service), consent (marketing emails, push notifications, non-essential cookies), and legal obligation (tax records, compliance).

We use cookies and similar technologies. For details of what cookies we use and your options, please see our Cookie Policy.

We may use third-party analytics services (including Google Analytics and Meta Pixel) where you have given consent via our cookie banner. You can withdraw cookie consent at any time by updating your preferences in the cookie settings.

We share personal data only with:

• Payment processors: Stripe Inc (PCI-DSS compliant)
• Delivery partners: couriers and Royal Mail for order fulfilment
• Email service: Postmark (transactional emails)
• Analytics: Google Analytics (where consent given)
• Legal authorities: where required by law

We do not sell your personal data to third parties.

Some of our service providers process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.

We retain personal data for as long as necessary for the purposes described:

• Account data: duration of account + 3 years after closure
• Order records: 7 years (HMRC requirement)
• Marketing data: until you unsubscribe or withdraw consent
• Analytics data: 26 months (Google Analytics default)

Under UK GDPR you have the right to:

• Access: request a copy of your personal data
• Rectification: correct inaccurate data
• Erasure: request deletion of your data ("right to be forgotten")
• Restriction: restrict processing in certain circumstances
• Portability: receive your data in a machine-readable format
• Object: object to processing based on legitimate interests
• Withdraw consent: withdraw any consent at any time

To exercise any right, contact us at privacy@medibro.co.uk or use the data export and deletion options in your account settings.

You have the right to lodge a complaint with the UK ICO: ico.org.uk.

We implement appropriate technical and organisational measures to protect your personal data, including SSL/TLS encryption, password hashing, and access controls. However, no internet transmission is completely secure.

We may update this policy periodically. Material changes will be notified by email or prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

Data protection queries: privacy@medibro.co.uk

General enquiries: Contact form