Privacy Policy
1. Introduction
MEDI DISTRIBUTION LIMITED ("We," "Us," "Our") trading as MediStro is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or purchase our products.
Data Controller:
MEDI DISTRIBUTION LIMITED
Company Number: 12324138
Registered Address: 3 Wood Street, Middleton, Manchester, England, M24 4DH
Email: Paul@medistro.co.uk
We are registered with the Information Commissioner's Office (ICO) under registration number: [YOUR ICO REGISTRATION NUMBER - REQUIRED]
2. Information We Collect
2.1 Information You Provide Directly
When you use our website or make a purchase, we collect:
| Type of Information | Examples | Purpose |
|---|---|---|
| Contact Information | Name, email address, phone number, delivery address, billing address | Order processing, delivery, customer service |
| Payment Information | Credit/debit card details (processed securely by payment providers) | Payment processing |
| Account Information | Username, password, order history, preferences | Account management, personalization |
| Communication Data | Email correspondence, customer service messages, reviews | Customer support, product improvement |
2.2 Information We Collect Automatically
When you visit our website, we automatically collect:
- Technical Data: IP address, browser type and version, device type, operating system, time zone setting
- Usage Data: Pages visited, time spent on pages, links clicked, referring website, search terms used
- Cookie Data: Information collected through cookies and similar technologies (see Cookie Policy below)
2.3 Information from Third Parties
We may receive information about you from:
- Payment processors (e.g., Stripe, PayPal) - transaction confirmations and fraud prevention data
- Delivery companies - delivery status updates
- Analytics providers (e.g., Google Analytics) - website usage statistics
- Social media platforms - if you interact with our social media content
3. How We Use Your Information
We use your personal data for the following purposes under these legal bases:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling your orders | Contract Performance |
| Payment processing and fraud prevention | Contract Performance & Legitimate Interest |
| Delivery of products | Contract Performance |
| Customer service and support | Contract Performance & Legitimate Interest |
| Sending order confirmations and updates | Contract Performance |
| Marketing communications (with consent) | Consent |
| Website improvement and analytics | Legitimate Interest |
| Compliance with legal obligations | Legal Obligation |
| Protecting against fraud and abuse | Legitimate Interest |
4. Marketing Communications
We will only send you marketing emails if you have:
- Opted in to receive marketing communications when creating an account or placing an order
- Previously purchased from us and have not opted out
You can opt out at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Updating your preferences in your account settings
- Contacting us at Paul@medistro.co.uk
Note: You cannot opt out of transactional emails (order confirmations, shipping updates, etc.) as these are necessary for fulfilling your orders.
5. Cookies and Tracking Technologies
5.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience.
5.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for website functionality (shopping cart, checkout, login) | Session |
| Performance Cookies | Collect anonymous data about how you use our site (Google Analytics) | 2 years |
| Functional Cookies | Remember your preferences (language, currency, etc.) | 1 year |
| Marketing Cookies | Track your browsing to show relevant ads (Facebook Pixel, Google Ads) | 90 days - 2 years |
5.3 Managing Cookies
You can control cookies through your browser settings. Please note that disabling certain cookies may affect website functionality.
Browser cookie settings:
6. How We Share Your Information
We do not sell your personal data to third parties. We only share your information with:
6.1 Service Providers
- Payment Processors: Stripe, PayPal - to process payments securely
- Delivery Companies: Royal Mail, DPD, Evri - to deliver your orders
- Email Service Provider: [e.g., Mailchimp, Klaviyo] - to send transactional and marketing emails
- Hosting Provider: Shopify - to host our website and store data
- Analytics Providers: Google Analytics - to understand website usage
- Customer Service Tools: [e.g., Zendesk, Gorgias] - to provide customer support
6.2 Legal Requirements
We may disclose your information if required by law, court order, or to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent fraud or abuse
- Protect the rights and safety of others
6.3 Business Transfers
In the event of a merger, acquisition, or sale of our business, your personal data may be transferred to the new owner.
7. International Data Transfers
We primarily store and process data within the United Kingdom and European Economic Area (EEA). Some of our service providers may be located outside the UK/EEA.
When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- EU Standard Contractual Clauses
- UK International Data Transfer Agreement (IDTA)
- Privacy Shield certification (where applicable)
- Adequacy decisions by the UK Government
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- SSL/TLS encryption for data transmission
- Secure payment processing through PCI DSS compliant providers
- Regular security audits and vulnerability assessments
- Access controls and authentication measures
- Employee training on data protection
- Regular data backups
However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Data Retention
We retain your personal data only for as long as necessary for the purposes outlined in this Privacy Policy:
| Data Type | Retention Period |
|---|---|
| Order and transaction data | 7 years (for accounting and tax purposes) |
| Account information | Until account deletion or 3 years of inactivity |
| Marketing consent data | Until consent is withdrawn or 2 years of inactivity |
| Customer service records | 3 years after last interaction |
| Website analytics data | 26 months (Google Analytics default) |
10. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Your Data Protection Rights:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Data Portability: Request your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests or for marketing purposes
- Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
- Right to Lodge a Complaint: Complain to the Information Commissioner's Office (ICO)
10.1 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: Paul@medistro.co.uk
Post: 3 Wood Street, Middleton, Manchester, England, M24 4DH
We will respond to your request within one month. If your request is complex, we may extend this by up to two months and will inform you.
10.2 Identity Verification
To protect your privacy, we may ask you to verify your identity before responding to data subject requests.
11. Children's Privacy
Our website and products are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.
12. Third-Party Websites
Our website may contain links to third-party websites (e.g., social media platforms, payment processors). We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing any personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Posting the updated policy on our website with a new "Last Updated" date
- Sending an email notification (for significant changes)
Your continued use of our website after changes are posted constitutes acceptance of the updated Privacy Policy.
14. Contact Us & Complaints
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:
Data Protection Officer:
Email: Paul@medistro.co.uk
Post: MEDI DISTRIBUTION LIMITED, 3 Wood Street, Middleton, Manchester, England, M24 4DH
14.1 Complaints to the ICO
You have the right to lodge a complaint with the UK Information Commissioner's Office:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113
Website: https://ico.org.uk
© 2026 MEDI DISTRIBUTION LIMITED. All rights reserved.