Legal

Privacy Policy

How MediBrain UK Ltd collects, uses, and protects your personal data — and your rights under UK GDPR.

Effective: 27 February 2026 · Company No. 16970579 · medibrainuk.co.uk

On this page

Jump to any section

1. Who we are 2. What data we collect 3. How we use data 4. Lawful bases (UK GDPR) 5. Sharing & processors 6. Retention 7. Security 8. International transfers 9. Your rights 10. Contact us 11. Changes to this policy

At a glance

Key facts about how we handle data

Accounts
No logins on this site
Advertising cookies
None currently
Contact data
Reply to enquiries only
Payments
Stripe (if applicable)
Your control
You can request access, correction, deletion, or object to processing at any time. We aim to respond within 1 month.
Make a privacy request

1. Who we are

MediBrain UK Ltd ("we", "us", "our") is the controller of personal data collected through this website. "Controller" means we decide how and why your personal data is processed. We are registered in England and Wales under Company Number 16970579.

Our website is medibrainuk.co.uk. If you have questions about this policy or want to exercise your rights, contact us at info@medibrainuk.co.uk.

2. What personal data we collect

We keep data collection to the minimum needed to run the site, respond to enquiries, and provide our services.

Category Examples Collected when
Contact data Name, email address, phone number (if provided), message contents When you email us, message us via WhatsApp, or submit an enquiry form
Technical data IP address, device/browser type, pages visited, timestamps When you browse the site (server logs, security monitoring, analytics)
Payment-related data Payment status, transaction identifiers, billing contact details If/when you purchase services (payments processed by Stripe)
Special category data

We do not intend to collect special category data (such as health information) through this website. Please avoid sending sensitive information via contact forms or email.

3. How we use your personal data

  • To respond to enquiries and provide customer support.
  • To deliver services you request — for example, arranging coaching sessions or providing programme information.
  • To operate and secure the website — preventing abuse, troubleshooting issues, and maintaining reliability.
  • To process payments (where applicable) and maintain basic financial records.
  • To comply with legal obligations — for example, UK tax, accounting, and fraud prevention requirements.

4. Lawful bases under UK GDPR

UK GDPR requires a lawful basis for processing personal data. Depending on context, we rely on:

Purpose Lawful basis
Responding to enquiries and messages Legitimate interests and/or steps taken at your request prior to entering a contract
Running the site securely (logs, abuse prevention) Legitimate interests (security and service reliability)
Providing paid services and processing payments Performance of a contract
Tax, accounting, and legal compliance Legal obligation

5. Who we share data with

We do not sell your personal data. We may share it with trusted service providers ("processors") that help us operate our services.

Processor Purpose Data involved
Stripe Payment processing (where applicable) Transaction identifiers, status, and billing/contact details as required
Hosting & infrastructure providers Website hosting, storage, and delivery Technical data (e.g., IP address) and content required to serve the site
Analytics providers Understanding how visitors use the site Anonymised/aggregated usage data

We may also disclose personal data when required by law, to protect our legal rights, or to prevent fraud or abuse.

6. Data retention

We keep personal data only as long as necessary for the purposes described in this policy. Correspondence may be retained for a reasonable period to manage our relationship with you. Where payments are involved, we retain records as required by UK tax and accounting rules (typically 6 years).

7. Security

We use appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, or alteration. However, no online service can be guaranteed 100% secure. If you suspect any misuse of your data, please contact us immediately.

8. International transfers

Some service providers may process personal data outside the UK. Where transfers occur, we use appropriate safeguards — for example, the UK's international data transfer agreements or contractual protections — to ensure your data remains protected to UK GDPR standards.

9. Your rights under UK GDPR

You may have the following rights in relation to your personal data:

  • Right of access — to receive a copy of the personal data we hold about you.
  • Right to rectification — to correct inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data in certain circumstances.
  • Right to restriction — to limit how we process your data in certain circumstances.
  • Right to object — to processing based on legitimate interests.
  • Right to data portability — to receive your data in a structured, machine-readable format in certain circumstances.
  • Right to withdraw consent — where we rely on consent as a lawful basis.
Right to complain

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

10. How to contact us

To exercise your rights or ask any questions about this policy, please contact us:

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes are published constitutes acceptance of the updated policy.

Make a Privacy Request Contact Us
Chat with us