Red Label Medical

Legal

Privacy Notice

Last updated: 20 May 2026

1. Who we are

Red Label Medical Ltd ("we", "us", "our") is the data controller for personal data collected through this website.

  • Registered office: 14–16 Dixon Road, Bristol, BS4 5QW, United Kingdom
  • Company No. 08676338
  • ICO registration: ZA030687
  • Care Quality Commission registration: 1-10976213225

This notice covers only the personal data we process through our website. Separate privacy notices apply to patients receiving clinical care; please ask the clinic directly for those.

2. Contact for data protection queries

Our Data Protection Officer can be contacted at data.protection@redlabelmedical.co.uk, or by post to the registered office marked "FAO Data Protection Officer".

3. What we collect

When you contact us via this website, we process:

  • Information you provide directly: your name, email address and the content of your message.
  • Technical information collected automatically by our hosting provider: IP address, browser type and version, pages visited and timestamps, held in server logs.

We do not invite or require special category (health) data through this website. If you choose to include health information in a message to us, we will treat it under our clinical confidentiality obligations and contact you to confirm how you would like us to handle it.

4. Cookies and similar technologies

Our website uses only strictly necessary cookies and browser storage required to provide the site. We do not load advertising, analytics or cross-site tracking technologies. The only item we store is a small record of your cookie preference (held in your browser's localStorage), which is never transmitted to us. See our separate Cookie Policy for full details.

5. Lawful basis

We rely on our legitimate interests (UK GDPR Art. 6(1)(f)) to respond to enquiries received via this website and to keep a record of correspondence for clinical governance, quality monitoring and complaint-handling purposes. We have assessed that this processing is necessary for those purposes and does not override your rights and freedoms, given the limited nature of the data and the reasonable expectations of someone contacting a medical practice. A summary of our legitimate interests assessment is available on request.

6. Retention

Enquiry correspondence is retained for up to 24 months from the date of last contact and is then deleted, unless a longer period is required by law, by our professional or regulatory obligations (for example NHS or CQC requirements), or to establish, exercise or defend a legal claim.

Server logs are retained for 30 days.

7. Recipients and processors

We share personal data with the following categories of processors, all bound by written contracts meeting the requirements of UK GDPR Art. 28:

  • a UK-based website hosting and content-delivery provider;
  • a UK/EEA-based email delivery and inbox service;
  • professional advisers (legal, accountancy, regulatory) where necessary and on a confidential basis.

A current list of named suppliers is available on request from our DPO.

8. International transfers

We do not transfer personal data outside the United Kingdom or the European Economic Area. If this changes, we will update this notice and put in place an appropriate transfer mechanism — a UK adequacy decision, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses — supported by a transfer risk assessment.

9. Automated decision-making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

10. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate personal data corrected;
  • request erasure of your personal data in defined circumstances;
  • restrict or object to processing;
  • request data portability where applicable;
  • withdraw consent at any time, where we rely on consent for a particular purpose, without affecting processing carried out before withdrawal.

To exercise any of these rights, email data.protection@redlabelmedical.co.uk. We will respond within one month, as required by Art. 12(3).

11. Complaints

We would like the opportunity to resolve any concerns directly. If you are unhappy with how we have handled your personal data, please contact our DPO at data.protection@redlabelmedical.co.uk. We will acknowledge your complaint within 30 days and explain the steps we will take to investigate and respond.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office:

  • Online: ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF