1. Who we are
MedibrainUK is the controller of personal data collected through this website, unless stated otherwise. “Controller” means we decide how and why your personal data is processed.
If you have questions about this policy or want to exercise your rights, email info@medibrainuk.co.uk.
2. What personal data we collect
We try to keep collection to the minimum needed to run the site, respond to enquiries, and (if relevant) provide paid services.
| Category | Examples | Collected when |
|---|---|---|
| Contact data | Name, email address, phone number (if provided), message contents | When you email us, message us, or submit an enquiry |
| Technical data | IP address, device/browser type, pages visited, timestamps | When you browse the site (e.g., server logs, security monitoring) |
| Payment-related data | Payment status, transaction identifiers, billing contact details as needed | If/when you purchase services (payments handled by Stripe) |
3. How we use your personal data
- To respond to enquiries and provide customer support.
- To deliver services you request (for example, arranging sessions or providing information about programmes).
- To operate and secure the website (prevent abuse, troubleshoot issues, and maintain reliability).
- To process payments (if/when applicable) and keep basic financial records.
- To comply with legal obligations (for example, tax/accounting and fraud prevention).
4. Lawful bases (UK GDPR)
UK GDPR requires a lawful basis for processing. Depending on context, we rely on:
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries and messages | Legitimate interests and/or taking steps at your request prior to entering a contract |
| Running the site securely (logs, abuse prevention) | Legitimate interests (security and service reliability) |
| Providing paid services and handling payments | Performance of a contract |
| Tax/accounting and legal compliance | Legal obligation |
5. Who we share data with
We do not sell your personal data. We may share it with trusted service providers (“processors”) that help us operate our services.
| Processor | What they do | Data involved |
|---|---|---|
| Stripe | Payment processing (if/when used) | Transaction identifiers, status, and billing/contact details as required |
| Hosting & infrastructure providers | Website hosting, storage, and delivery | Technical data (e.g., IP address) and content required to serve the site |
We may also disclose personal data when required by law, to protect our rights, or to prevent fraud/abuse.
6. Data retention
We keep personal data only as long as necessary for the purposes described in this policy. For example, we may retain correspondence for a reasonable period to manage our relationship with you and keep records. Where payments are involved, we may retain records as required by UK tax and accounting rules.
7. Security
We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, misuse, or alteration. However, no online service can be guaranteed 100% secure.
8. International transfers
Some service providers may process personal data outside the UK. Where transfers occur, we use appropriate safeguards (for example, UK adequacy regulations or contractual protections).
9. Your rights
If UK GDPR applies, you may have rights including:
- Access to your personal data
- Correction of inaccurate data
- Deletion (in certain circumstances)
- Restriction of processing (in certain circumstances)
- Objection to processing (including processing based on legitimate interests)
- Data portability (in certain circumstances)
- Withdraw consent (where we rely on consent)
You can also complain to the UK Information Commissioner’s Office (ICO).
10. How to contact us
Email: info@medibrainuk.co.uk
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we’ll update the effective date at the top of this page.