Legal

Privacy Policy

Mediflux Ltd  ·  Last updated 5 May 2026

1. About Us

Mediflux Ltd ("Mediflux", "we", "us", or "our") is a company registered in England and Wales under company number 17196111. We operate mediflux.co.uk and provide AI workflow automation services exclusively to businesses in the medtech sector.

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Mediflux Ltd is the data controller.

Questions about this policy: hello@mediflux.co.uk

2. What Personal Data We Collect

2.1 Data You Provide Directly

When you interact with us through our website, booking form, or contact form, we may collect:

  • Your name and job title
  • Your business email address and phone number
  • Your company name, size, and industry
  • Information about your operational workflows and software systems
  • Any other information you choose to share during enquiries or discovery calls

2.2 Data Collected Automatically

When you visit our website, we automatically collect:

  • IP address and approximate location
  • Browser type, version, and device information
  • Pages visited, time spent, and navigation paths
  • Referral source
  • Cookie identifiers (see Section 7)

2.3 Data Collected via Third-Party Platforms

  • Cal.com — discovery call scheduling (name, email, calendar data)
  • Google Analytics — anonymised website usage data
  • Google Ads — advertising measurement and conversion tracking
  • LinkedIn Ads — advertising measurement and audience insights
  • Klaviyo — email marketing (name, email, engagement data)

3. How We Use Your Personal Data

3.1 To Respond to Enquiries and Provide Services

  • Processing discovery call bookings and follow-up communications
  • Scoping and delivering AI implementation services
  • Managing ongoing client relationships

Legal basis: Contract performance and Legitimate Interests (UK GDPR Article 6(1)(b) and 6(1)(f)).

3.2 To Operate and Improve Our Website

  • Analysing website usage via Google Analytics
  • Identifying and resolving technical issues
  • Improving content and user experience

Legal basis: Legitimate Interests and Consent where cookies require it (UK GDPR Article 6(1)(f) and 6(1)(a)).

3.3 For Marketing and Advertising

  • Sending marketing emails via Klaviyo where you have consented or where legitimate interest applies
  • Running targeted advertising campaigns via Google Ads and LinkedIn Ads
  • Measuring advertising campaign performance
  • Creating custom and lookalike advertising audiences

Legal basis: Consent for email marketing; Legitimate Interests for B2B advertising where permitted (UK GDPR Article 6(1)(a) and 6(1)(f)).

3.4 To Comply with Legal Obligations

  • Maintaining business records as required by law
  • Responding to lawful requests from regulatory authorities

Legal basis: Legal obligation (UK GDPR Article 6(1)(c)).

4. Who We Share Your Data With

We do not sell your personal data.

4.1 Service Providers and Sub-processors

  • Cal.com — calendar and booking infrastructure
  • Google LLC — Google Analytics and Google Ads
  • LinkedIn Ireland Unlimited Company — LinkedIn Ads
  • Klaviyo Inc. — email marketing platform
  • Anthropic PBC — AI/LLM processing for workflow automation services (named sub-processor; data transits Anthropic API transiently and is not used for model training under Anthropic's commercial API terms)
  • Framer B.V. — website hosting
  • Cloudflare Inc. — DNS, CDN, and security infrastructure
  • Supabase Inc. — database hosting (EU West/Ireland region)
  • n8n GmbH — workflow automation platform

4.2 International Transfers

Some of our service providers are based outside the UK or EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO or adequacy decisions where applicable.

4.3 Legal Disclosures

We may disclose your data if required to do so by law, court order, or regulatory authority, or where necessary to protect our legal rights.

5. How Long We Keep Your Data

  • Enquiry and contact data: up to 2 years from last contact, unless you become a client
  • Client data: duration of engagement plus 6 years (UK contract law limitation period)
  • Marketing data: until you unsubscribe or withdraw consent
  • Website analytics data: 26 months (Google Analytics default)
  • Booking data via Cal.com: up to 12 months after the scheduled call

6. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — ask us to delete your data in certain circumstances
  • Right to restrict processing — ask us to limit how we use your data
  • Right to data portability — request your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests or for direct marketing

To exercise any of these rights, contact us at hello@mediflux.co.uk. We will respond within one month.

If you are unhappy with how we handle your data, you can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. When you first visit our website, you will be asked for your consent to non-essential cookies. You can change your preferences at any time using the cookie settings button at the bottom-left of any page.

7.1 Strictly Necessary Cookies

Required for the website to function. These cannot be disabled.

7.2 Analytics Cookies

Used to understand how visitors use our website. We use Google Analytics with IP anonymisation enabled.

  • _ga — Google Analytics, distinguishes users (expires 2 years)
  • _ga_* — Google Analytics 4 session data (expires 2 years)
  • _gid — Google Analytics, distinguishes users (expires 24 hours)

7.3 Advertising and Targeting Cookies

Used to deliver relevant advertising and measure campaign performance via Google Ads, LinkedIn Ads, and Klaviyo.

7.4 Managing Cookies

You can control cookies through your browser settings or by visiting allaboutcookies.org. You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout.

8. Third-Party Platform Policies

8.1 Google

  • Privacy Policy: policies.google.com/privacy
  • We comply with Google's EU User Consent Policy for UK users

8.2 LinkedIn

  • Privacy Policy: linkedin.com/legal/privacy-policy
  • LinkedIn members can opt out in their LinkedIn account settings

8.3 Klaviyo

  • Privacy Policy: klaviyo.com/legal/privacy
  • All marketing emails include an unsubscribe link

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (HTTPS/TLS), access controls on all systems, EU-based database hosting, and regular review of our security practices.

In the event of a personal data breach likely to risk your rights and freedoms, we will notify the ICO within 72 hours and affected individuals where required.

10. Children's Data

Our website and services are directed at business professionals only. We do not knowingly collect personal data from individuals under 18. If we become aware of such data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the date at the top of this page. Continued use of our website after any changes constitutes acceptance of the updated policy.

12. Contact Us

Mediflux Ltd
Email: hello@mediflux.co.uk
Website: mediflux.co.uk
Company Number: 17196111
Registered in England and Wales

We aim to respond to all data protection enquiries within one calendar month.