Rainbow Privacy Policy

Last updated: 17th January 2024


Rainbow privacy policy. 


This is where we tell you how we process and protect your personal information and how we respect your privacy. We are the controller responsible for protecting the personal information we hold about you. We will keep it safe and secure and we will not misuse it. We appreciate that your personal information belongs to you even if it has been shared with others. This privacy policy explains what we do with your personal information so you understand how we use it. It also tells you what your legal rights are in relation to it and how you can exercise them so that you are in control of your personal information at all times. 


This policy is made for and applies to anyone who is a Rainbow customer or subscriber, or just anyone who is visiting our website. Please make sure you read this policy carefully. By accessing or browsing rainbowlabs.co.uk (our “Website”), or using any of the services we provide to our customers, then you confirm that you have read and understood the entirety of this privacy policy, as it applies to you. 


Feel free to email us at: hello@rainbowlabs.co.uk, if you have questions or concerns.


We may update our privacy policy from time to time. Any changes we make will be posted on this page. Where the changes are significant, we will let you know by email or in another appropriate manner such as when you next interact with our website or opp. 


Contents of this Policy: 


  • About Rainbow
  • Information we have about you
  • How do we use your personal information
  • Who do we share your personal information with
  • How long we store your personal information for
  • Your choices and rights
  • Transfers of information
  • Security of your personal information
  • Third party websites
  • Cookies
  • Contact us 


  1. About Rainbow 

We are registered as a limited company in the UK as Rainbow Limited and refer to ourselves in the first person throughout this policy. Our company registration number is 13125490 and our registered office is 86 Harley Street, 1st floor, London W1G 7HP. We are registered with the UK Information Commissioner’s Office (registration number ZA843014). Rainbow Diagnostics Ltd. is the controller of your personal information, and is responsible for protecting the personal information we hold about you. 


If you have any questions or concerns you can contact our Data Protection Officer by post at: 

86 Harley Street, 1st Floor, London W1G 7HP

 or by email at: hello@rainbowlabs.co.uk


  1. Information we have about you


Personal information is the term we use to describe information which we collect and which identifies you (such as your name) or could indirectly identify you (such as an IP address or other online identifier). We obtain from other sources. In this section, we explain what personal information we have about you. 


  • Information you give to us (e.g. on contact forms, questionnaires or when setting up accounts)
  • Contact details – such as your name, address, email address, phone number.
  • Account details – such as email, etc
  • Payment details – last 4 digits of payment card.
  • Responses to health questionnaires – dietary and exercise details, health information, name, ethnicity, sex, age, DOB.
  • Responses to marketing surveys or promotions – such as contact details and health data (thank you for your participation in these!).
  • Any updates to the contact or account details you provide to us – and thanks for keeping us updated.


If you ask us to delete your contact details or account details, we may no longer be able to provide our services to you.


  • Information we collect automatically when you visit our Website 
  • Technical information – such as your IP addresses, domain names, the country you’re visiting from, files requested, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Information on your visit – such as the full URL clickstream to, through and from our Website (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.


  • Information generated by our services
    The types of personal information that we receive as a result of our services may include the following special categories of personal data: 
  • Your race or ethnic origin
  • Your date of birth 
  • Your physical or mental health or condition(s)
  • Information relating to your physical or physiological behaviour
  • Blood test results
  • Doctor commentary on results 

We will only collect these types of special categories of information with your explicit consent. Please remember that if you choose to withdraw your consent to our processing of these categories of information, we may be unable to provide our services to you. 


The nature of what we do at Rainbow means that if you opt to use our services through a business-to-business customer of ours – we may receive personal information about you from our business customers, suppliers and sub-contractors (for example, doctors, laboratories and nutritionists).


  • Information we receive from sources other than those in C. above
  • Advertising networks and information providers – we work closely with advertising networks, analytics and search information providers and we sometimes receive information about you from them. 
  • Information from other websites and services we operate and provide – where this happens, we will let you know about sharing the information internally or combining it with information from the Website.


  • Children 
  • You must be aged 18 or over to purchase products or services from us. Our website and services are not directed at children and we do not knowingly collect any personal information from children. 
  • If you are a child and we learn that we have inadvertently obtained personal information from you from our websites, then we will delete that information as soon as possible.


Please contact us at: hello@rainbowlabs.co.uk if you are aware that we may have inadvertently collected personal information from a child. 


  1. How do we use your personal information?


We use your personal information for different purposes, but in all cases we must have a legal basis for doing so. When we use your “special categories of personal data” we need an additional legal basis. 


These are the legal bases for which we use your information:


  • Consent – you have given clear consent to us to process your personal information for a specific purpose.
  • Our contract – processing your personal information is necessary for a contract you have with us (for example, to fulfill an order which you place with us, or to comply with the terms of use of our Website which you accept by browsing), or because we have asked you to take specific steps before entering into that contract. 
  • Legitimate interests – processing your personal information is necessary for our legitimate interests or those of a third party, provided those interests are not outweighed by your rights and interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by using the contact details in this policy.


Legal Basis Purpose Additional Legal Basis – to justify use of “special categories of personal data” for these purposes
Consent To contact you (including by email or post) with information about our products and services which either you request1 or which we feel will be of interest to you.

To analyse how you use our products and services. To provide you with targeted marketing. 
Explicit Consent
Contractual necessity To allow you to access and use our Website and to register for an account. 

To provide you with the information1 products and services that you request from us.


To notify you about changes to our services and to keep you informed about our fees and charges. 

Explicit Consent
Legitimate interests To do things necessary for our business such as pursuing debts or ensuring the security of our services and Website


To carry out statistical analysis and market research.

To carry out marketing, advertising and promotions.

To improve and maintain our Website prepare reports or compile statistics in order to improve our services. 

To detect or prevent fraud. 

We do not need to use your “special” categories of personal data for these purposes 
Legal duty To comply with our legal, accounting, and tax obligations.

To establish, defend or exercise our legal rights. 
Defence of legal claims 


  1. Sharing your information

    We will only share your personal information with other organisations after careful consideration and only when we have a legitimate reason. We may share your personal information with the following categories of third parties: 
  • our service providers and sub-contractors, including but not limited to payment processors, suppliers of technical and support services, cloud service providers, auditors, actuaries, lawyers, tax advisers and logistics providers;  
  • companies that assist us in our marketing, advertising and promotional activities; 
  • analytics and search engine providers that assist us in the improvement and optimisation of our Website; and 
  • any third parties that you have agreed that we may share your personal information with for marketing purposes. 

If we share your personal information to third parties1 they will only legally be able to use it for the purpose of providing services to us. We make sure that third parties we share personal information with follow equivalent privacy and security procedures to our own to protect your information.

We may anonymise and aggregate your data to create health reports and statistics. This may be used for marketing or shared with third parties for purposes of academic research. None of these anonymised, aggregated reports or statistics will enable you to be personally identified.


Finally, we may also disclose your personal information to third parties in certain exceptional circumstances as follows:


  • where it is in our legitimate interests to do so to run, grow and develop our business:
    • if we sell or buy any business or assets, we may disclose your personal information to the seller or buyer of that business or those assets; or
    • if Rainbow or most of our assets are acquired by a third party, in which case personal information held by Rainbow will be one of the transferred assets;


  • if we are required by any applicable law or law enforcement organisation to do so; 
  • in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or 
  • to protect the rights, property, or safety of Rainbow, our customers or other persons. This may include exchanging information with other organisations for the purposes of fraud protection and credit risk reduction.


Except for what is written in this policy, we will never share any of your personal information to any third party without notifying you and/or getting your consent. If you do consent and later change your mind, you can remove consent and therefore our permission to use this information. See section 6 below for your rights to withdraw consent. 


  1. How long we store your information for


We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. As soon as there is no longer any need for us to hold your personal information, we will delete it or, in some cases, anonymise it so you can no longer be identified from it. 


Data Description  Retention Period Reason for retention Period
Personal data, including customer names, addresses,  payment details  5 years after last purchase  Business Need
Subscription test records 5 years after last purchase  Business Need
Health Data  5 years after last purchase  Business Need
Account correspondence 

(notes, complaints, purchase history)

5 years after last purchase  Limitation Act 1980


If you would like further information regarding the periods for which your personal information will be held, please contact our DPO using the details in section 1 of this privacy policy. 


  1. Your choices and rights




  • At any time, you can choose not to provide us with personal data. If you choose to do this, you can continue to visit our website and browse its content, but we won’t be able to provide you with services, even if you have already paid for them. 
  • You can turn off cookies in your browser settings. If you turn off cookies, you can continue to visit our website and browse its content, but our online services might be less effective. Please see our cookie policy for more details 
  • You can choose for us not to use your personal information for marketing. Also, If you have previously given your consent and want to retract it later, then you can either unsubscribe to the communications, update your marketing settings in your account dashboard or opt out by contacting us at: hello@rainbowlabs.co.uk (This will not affect the lawfulness of any processing carried out by us using your consent before such withdrawal) Rights 


You can contact us by email at: hello@rainbowlabs.co.uk at any time, to request that we: 

  • update any personal information which is out of date or incorrect;
  • delete any personal information which we are holding about you;
  • restrict the way that we process your personal information in certain circumstances such as where the data is inaccurate;
  • object to us processing your information where we are relying on our legitimate interests as the legal ground for processing;
  • provide your personal information to a third party provider of services; or
  • provide you with a copy of any personal information which we hold about you (although we reserve the right to charge a reasonable fee for this if requests are excessive or repetitive).
  • You have the right to withdraw your consent in relation to us processing your special categories of personal data (as mentioned above) at any time. If you withdraw your consent to us processing your personal data, especially the special categories above, this will mean that we are unable to provide our services to you. (This will not affect the lawfulness of any processing carried out by us using your consent before such withdrawal).


Please note that many data subject rights are not absolute and the extent to which they apply may vary depending on the circumstances and any exemptions that may apply. If you would like to exercise any of your data subject rights1 please contact us at: hello@rainbowlabs.co.uk We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period by law).


  1. Transfers of information


All EEA countries (the EU1 Norway, Iceland and Liechtenstein) provide an adequate level of data protection allowing free transfer of personal information between the UK and any of those countries. We process the personal information we collect at our offices in London, but we may transfer your personal information outside the UK or the EEA to our third party providers listed immediately below:


  • Infrastructure: Amazon Web Services, Siteground


  • Analytics: Google, Facebook 


  • Communications: Sendinblue, FreshDesk 


  • Payments: Stripe 


If we transfer any personal information about you to any such non-UK and non-EEA third party providers, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this privacy policy. These measures may include the following: 


  • ensuring that there is an adequacy decision by the UK Government in the case of transfers out of the UK, or by the European Commission in the case of transfers out of the EEA, which means that the recipient country is deemed to provide adequate protection for such personal data; or 
  • that we have in place standard model contractual arrangements with the recipient which have been approved by the European Commission (or the UK Government for transfers out of the UK in due course). These model contractual clauses include certain safeguards to protect the personal data.


Further details on the steps we take to protect your personal information in these cases is available from us on request by contacting our Data Protection Officer using the details in section 1 of this privacy policy.


  1. Security of your personal information


Our responsibility to you


At Rainbow, we have physical, electronic and managerial procedures in place to protect and secure the information we collect. We are committed to protecting personal information from loss, misuse, disclosure, alteration, unauthorised access and destruction and we take all reasonable precautions to safeguard the confidentiality of personal information. This includes appropriate entry controls to our premises, multi-factor authentication for all accounts relating to production data, use of an industry leading identity and access management solution, Okta, to manage employee accounts and access to these systems and limiting access to your personal data to those employees, agents contractors and third parties who have a need to know, and encryption of data at rest and in transit. 

We make every effort to protect your personal information. However, there is always an inherent risk, beyond our control, in sending information over the internet. If we do ever encounter any online data breaches, we commit to taking prompt action to resolve the situation to protect your information. 

We use Stripe for payment transactions and so do not hold payment or payment card data (except for the last 4 digits). 


Your responsibility to us


Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. 


  1. Third party websites


Our Website may, from time to time, contain links to websites operated by third parties. This privacy policy only applies to the personal information that we collect and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We don’t endorse or accept any responsibility for the content of those third party websites or third party terms and conditions or policies.


  1. Cookies


Some pages on our Website use cookies, which are small text files placed on your device (such as your computer, tablet or mobile phone) when you visit our Website. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences. For more information, please see www.allaboutcookies.org.

Please click here to view our separate cookie policy. 


  1. Contact us


Questions, comments and requests about this privacy policy or how we collect, use or store your personal information are welcomed and should be emailed to us at: hello@rainbowlabs.co.uk or to our Data Protection Officer by post at: 

Rainbow Laboratories, 86 Harley Street, 1st Floor, London W1G 7HP

 or by email at: hello@rainbowlabs.co.uk


If you believe we have breached your rights please contact us at: hello@rainbowlabs.co.uk or you can make a complaint to the UK Information Commissioner’s Office (https://ico.org.uk).



Find blood test that’s right for you

Your health, your way!


Welcome back

Important Safety Information

Take any medicines called nitrates, often prescribed for chest pain, or guanylate cyclase stimulators like Adempas (riociguat) for pulmonary hypertension. Your blood pressure could drop to an unsafe level are allergic to Tadalafil or any of the ingredients in Tadalafil

Discuss your health with your doctor to ensure that you are healthy enough for sex. If you experience chest pain, dizziness, or nausea during sex, seek immediate medical help

Tadalafil can cause serious side effects. Rarely reported side effects include:

an erection that will not go away (priapism). If you have an erection that lasts more than 4 hours, get medical help right away. If it is not treated right away, priapism can permanently damage your penis

sudden vision loss in one or both eyes. Sudden vision loss in one or both eyes can be a sign of a serious eye problem called non-arteritic anterior ischemic optic neuropathy (NAION). Stop taking Tadalafil and call your healthcare provider right away if you have any sudden vision loss

sudden hearing decrease or hearing loss. Some people may also have ringing in their ears (tinnitus) or dizziness. If you have these symptoms, stop taking Tadalafil and contact a doctor right away

Before you take Tadalafil, tell your healthcare provider if you:

have or have had heart problems such as a heart attack, irregular heartbeat, angina, chest pain, narrowing of the aortic valve, or heart failure

have had heart surgery within the last 6 months

have pulmonary hypertension

have had a stroke

have low blood pressure, or high blood pressure that is not controlled

have a deformed penis shape

have had an erection that lasted for more than 4 hours

have problems with your blood cells such as sickle cell anemia, multiple myeloma, or leukemia

have retinitis pigmentosa, a rare genetic (runs in families) eye disease

have ever had severe vision loss, including an eye problem called NAION

have bleeding problems

have or have had stomach ulcers

have liver problems

have kidney problems or are having kidney dialysis have any other medical conditions

Tell your healthcare provider about all the medicines you take, including prescription and over-the-counter medicines, vitamins, and herbal supplements.

Tadalafil may affect the way other medicines work, and other medicines may affect the way Tadalafil works, causing side effects. Especially tell your healthcare provider if you take any of the following:

medicines called nitrates

medicines called guanylate cyclase stimulators such as Adempas (riociguat)

medicines called alpha-blockers such as Hytrin (terazosin HCl), Flomax (tamsulosin HCl), Cardura (doxazosin mesylate), Minipress (prazosin HCl), Uroxatral (alfuzosin HCl), Jalyn (dutasteride and tamsulosin HCl), or Rapaflo (silodosin). Alpha-blockers are sometimes prescribed for prostate problems or high blood pressure. In some patients, the use of Tadalafil with alpha-blockers can lead to a drop in blood pressure or to fainting medicines called HIV protease inhibitors, such as ritonavir (Norvir), indinavir sulfate (Crixivan), saquinavir (Fortovase or Invirase), or atazanavir sulfate (Reyataz)

some types of oral antifungal medicines, such as ketoconazole (Nizoral) and itraconazole (Sporanox)

some types of antibiotics, such as clarithromycin (Biaxin), telithromycin (Ketek), or erythromycin

other medicines that treat high blood pressure

other medicines or treatments for ED

Tadalafil should not be used with REVATIO or with other PAH treatments containing PDE5 inhibitors.

Tadalafil does not protect against sexually transmitted diseases, including HIV.

The most common side effects of Tadalafil: headache; flushing; upset stomach; abnormal vision, such as changes in color vision (such as having a blue color tinge) and blurred vision; stuffy or runny nose; back pain; muscle pain; nausea; dizziness; rash.