Privacy Policy

Last updated: 7 November 2025

This Privacy Policy explains how Redcel ("Redcel", "we", "us", or "our") collects, uses, discloses, and safeguards personal data when you visit our websites, purchase our products, or interact with us online or offline. It also explains your privacy rights and how the law protects you.

Important: This policy provides general information and is not legal advice. We operate in multiple jurisdictions. Where local laws require, we apply additional disclosures below (e.g., UK/EU/EEA and U.S. state privacy laws).

 

 

1) Who we are & scope

  • Controller (UK/EU/EEA): Redcel Ltd, ℅ Suites 2 & 3, Bow Street Chambers, 1/2 Bow St, Rugeley WS15 2BT, United Kingdom, Company Number 15928926.

  • Contact (all regions): Via our website contact form, or postal mail to the address above.


This policy covers our consumer website(s), ecommerce checkout(s), customer support, marketing communications, and social channels we control (collectively, the Services). It does not cover third‑party websites we link to.

 

 

2) Personal data we collect

We collect and process the following categories of personal data, depending on how you interact with us:

  • Identity & Contact Data – name, email address, phone number, billing/shipping address, company details (if you buy as a business).

  • Account Data – username, password, order history, saved preferences, support tickets.

  • Order & Transaction Data – items purchased, payment method, totals, taxes, refunds, gift cards, discount codes. Card data is processed by our payment providers; we do not store full card numbers.

  • Device/Usage Data – IP address, device identifiers, browser type, operating system, pages viewed, links clicked, approximate location (derived from IP), session diagnostics, and similar information collected via cookies, pixels, and SDKs.

  • Marketing & Communications Data – newsletter opt‑ins, marketing preferences, survey responses, product reviews, competition entries, affiliate/referral program participation.

  • Support & UGC – messages to customer support, service notes, uploaded images/videos (e.g., product installs, reviews), and social handles when you tag us.

  • Health/Special‑Category Data (optional) – We do not seek to collect medical or health data. If you choose to share wellness information (e.g., contraindications, pressure tolerances) for product suitability or training protocols, we will only process it with your explicit consent or where otherwise permitted by law (e.g., to protect vital interests).

Sources. We collect data directly from you, automatically from your devices, and from third parties (e.g., payment processors, delivery partners, marketing platforms, social login providers where you connect them, anti‑fraud services).

 

 

3) How we use personal data (purposes & legal bases)

We process personal data only where we have a valid legal basis and a legitimate purpose:

  • To operate our Sites and Services (e.g., load pages, remember settings, secure login) – legitimate interests / contract / consent for non‑essential cookies.

  • To fulfil orders and provide customer service (order confirmation, delivery, returns, warranties) – contract / legal obligation.

  • To take and process payments via third‑party payment providers – contract / legitimate interests; legal obligation for anti‑fraud and accounting.

  • To communicate with you (service messages, updates, support responses) – contract / legitimate interests.

  • To send marketing (emails/SMS/ads) where permitted and with appropriate controls – consent (opt‑in) or legitimate interests (soft opt‑in to existing customers, where allowed). You can opt out any time.

  • To personalise content and advertising (on our site and across third‑party platforms) – consent in the UK/EEA for non‑essential cookies; legitimate interests where permissible; see Cookies section.

  • To maintain safety, prevent fraud/abuse, and secure our Serviceslegitimate interests / legal obligation.

  • To comply with law (tax, accounting, product safety, recalls) – legal obligation.

  • With consent – when you ask us to do something that requires consent (e.g., publishing a testimonial with your name, processing optional health info). You may withdraw consent at any time.

We do not engage in solely automated decision‑making that produces legal or similarly significant effects about you.

 

 

4) Cookies, pixels & similar technologies

We use cookies and similar technologies to operate the site, measure performance, and personalise content/ads. In the UK/EEA, we request consent for non‑essential cookies. You can manage preferences via the Cookie banner and the Cookie Settings link in the footer.

Typical categories:

  • Strictly necessary (security, core functionality)

  • Performance/analytics (e.g., Google Analytics)

  • Functional (preferences)

  • Advertising (e.g., Meta, Google, TikTok) for interest‑based ads/retargeting

Your browser may offer a "Do Not Track" signal; we do not currently respond to DNT signals.

For details (cookie names, providers, lifespans), see our separate Cookie Policy.

 

 

5) Disclosures of personal data

We share personal data only as described below:

  • Service Providers/Processors – e.g., ecommerce/hosting (Shopify or similar), payment processors (Stripe/PayPal/etc.), email & SMS platforms (Klaviyo or similar), analytics, advertising and social platforms (Google/Meta/TikTok), anti‑fraud and security tools, logistics and delivery partners (DHL/DPD/UPS/evri/local carriers), customer support tools, cloud storage, CRM.

  • Business partners – where you engage in co‑promotions, referrals, or affiliate programs and have consented/opted in.

  • Legal, safety & compliance – to comply with law, respond to lawful requests, enforce terms, protect rights, property and safety.

  • Business transfers – in connection with any merger, financing, acquisition, or dissolution transaction.

  • With your consent – when you ask us to share (e.g., publish a review with your name, share installation photos).

We do not sell your personal information for money. In some jurisdictions (e.g., California), using advertising cookies/pixels may be treated as a “sale” or “sharing” of personal information for targeted advertising. See Your privacy rights below for how to opt out.

 

 

6) International data transfers

We may transfer personal data outside your country (e.g., to the U.S.) to service providers. Where required, we use appropriate safeguards such as Standard Contractual Clauses, UK Addendum, and additional measures. You may ask us for a copy of the relevant safeguards (redactions may apply).

 

 

7) Data retention

We keep personal data only as long as necessary for the purposes set out in this policy, including to meet legal, accounting, or reporting requirements. Typical retention:

  • Orders & invoices: up to 6 years (UK tax rules) from the end of the financial year in which the transaction occurred.

  • Support records: up to 3 years from last interaction, unless we need to keep them longer for legal reasons.

  • Marketing data: until you opt out or your account becomes inactive for a defined period (we periodically cleanse inactive contacts).

  • Cookie/analytics data: per the lifespans stated in our Cookie Policy.

 

 

8) Security

We implement administrative, technical and physical safeguards appropriate to the risk, including encryption in transit, access controls, and staff training. No system is 100% secure; if we experience a data breach affecting your rights and freedoms, we will notify you and regulators as required by law.

 

 

9) Your privacy rights

UK/EEA (UK GDPR/GDPR)

You have the right to access, rectify, erase, restrict, object (including to direct marketing), and port your personal data, and the right to withdraw consent at any time where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority (see Section 11).

United States (CPRA/"CCPA", and similar state laws)

Depending on your state, you may have the rights to know/access, correct, delete, portability, and to opt out of the sale or sharing of personal information and targeted advertising. You also have the right to limit the use/disclosure of sensitive personal information where applicable, and to be free from discrimination for exercising your rights.

  • To opt out of targeted advertising cookies, adjust the Cookie Settings (and, where available, use our “Do Not Sell or Share My Personal Information” link).

  • You may designate an authorized agent to make a request on your behalf (we will require proof of authorization and identity verification).

  • Some states offer an appeal process if we deny your request; you may reply to our decision email to initiate an appeal.

How to exercise your rights (all regions): Email us with the subject “Privacy Request” and tell us which rights you wish to exercise. We may need to verify your identity before fulfilling the request.

 

 

10) Children’s privacy

Our Services are not directed to children and we do not knowingly collect personal data from children under 13 (or a higher age where required by local law). If you believe a child has provided personal data to us, please contact us to request deletion.

 

 

11) Complaints & contacts

If you are in the UK, you can contact the Information Commissioner’s Office (ICO) at ico.org.uk or by phone/post. In the EU/EEA, you can contact your local Data Protection Authority. We encourage you to contact us first via email and we will try to resolve your concern.

 

 

12) Changes to this policy

We may update this policy from time to time to reflect changes in our practices or the law. The “Last updated” date at the top tells you when we last changed it. Significant changes will be highlighted on our website or communicated by email where appropriate.

 

 

13) Region‑specific disclosures (summary)

  • UK/EEA marketing (PECR/e‑privacy): We use opt‑in consent for electronic marketing to new subscribers and provide a clear unsubscribe link in every message. We may rely on soft opt‑in for existing customers where permitted.

  • California "Shine the Light": California residents may request a list of third parties to whom we disclose personal information for their own direct marketing within the prior calendar year; email us with “Shine the Light” in the subject line.

  • Health/medical information: If you provide optional wellness or health-related information, we will process it only with your explicit consent or as otherwise permitted by law, and we will not use it for advertising.

 

 

14) Key service providers (examples)

For transparency, typical providers we rely on include:

  • Ecommerce/hosting: Shopify (or equivalent platform)

  • Payments: Stripe, PayPal, Apple Pay/Google Pay (via your device)

  • Email/SMS: Klaviyo (or equivalent)

  • Analytics/ads: Google Analytics/Ads, Meta (Facebook/Instagram), TikTok, Microsoft Advertising

  • Logistics: DHL, DPD, UPS, local courier partners

  • Fraud/security: anti‑fraud tools, CDN and WAF services

We maintain current processor lists internally and can provide more details on request.

 

 

15) Contact us

Questions about this policy or our privacy practices? Contact us by email.

 

© 2025 Redcel. All rights reserved.