Privacy Policy (GDPR)
This policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
Data we collect
- Name, email, billing/shipping address (for order fulfilment)
- IP address, browser type (for security and fraud prevention)
- Purchase history (for customer service and accounting)
Legal basis
We process your data on the basis of contract performance (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f)), and where required, your consent (Art. 6(1)(a)).
Data retention
Order data is retained for 7 years (legal/tax obligation). Marketing consent can be withdrawn at any time.
Your rights
You have the right to access, rectify, erase, restrict processing, data portability, and to lodge a complaint with your local Data Protection Authority.
Contact
For data requests: privacy@medshealth.co.uk