GDPR Compliance

General Data Protection Regulation (GDPR) Compliance

Medicann Ltd is committed to protecting your personal data and respecting your privacy rights. This page outlines your rights under the General Data Protection Regulation (GDPR) and how we comply with these regulations.

Your Rights Under GDPR

1. Right to Information

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy.

2. Right of Access

You have the right to request copies of your personal data. We may charge a small fee for this service if your request is clearly unfounded or excessive.

3. Right to Rectification

You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.

4. Right to Erasure

You have the right to request that we erase your personal data, under certain conditions. This right may be limited by legal obligations to retain certain information.

5. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

6. Right to Data Portability

You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

7. Right to Object

You have the right to object to our processing of your personal data, under certain conditions.

8. Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data for specific purposes
• Contract: Where processing is necessary for the performance of a contract with you
• Legal obligation: Where processing is necessary for compliance with a legal obligation
• Vital interests: Where processing is necessary to protect someone's life
• Public task: Where processing is necessary for the performance of a task carried out in the public interest
• Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Medical records: Retained for 8 years after last treatment or until age 25 (whichever is longer)
• Consultation records: Retained for 8 years after last consultation
• Marketing data: Retained until consent is withdrawn or 3 years of inactivity
• Financial records: Retained for 7 years as required by law

International Transfers

We may transfer your personal data outside the European Economic Area (EEA) in certain circumstances. When we do so, we ensure that appropriate safeguards are in place to protect your data, such as adequacy decisions or standard contractual clauses.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact our DPO at: dpo@medicann.co.uk

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us using the following methods:

• Email: privacy@medicann.co.uk
• Post: Data Protection Team, Medicann Ltd, 45 Century Buildings, The Esplanade, St Helier JE2 3QA
• Phone: 01534 666420

We will respond to your request within one month of receipt. In some cases, we may extend this period by two further months where requests are complex or numerous.

Complaints

If you are not satisfied with how we handle your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

ICO Contact Details:

Website: www.ico.org.uk

Phone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Updates to This Notice

We may update this GDPR notice from time to time. When we do, we will post the updated notice on our website and update the "last updated" date.

Contact Our Data Protection Team

For all data protection enquiries and to exercise your rights:

Email: dpo@medicann.co.uk

Phone: 01534 666420

Address: 45 Century Buildings, The Esplanade, St Helier JE2 3QA

ICO Registration: View our registration at ico.org.uk