Are you looking for expert advice...

The Medical Cannabis Clinicians Society: Privacy Policy

Effective from: 28 July 2025

The Medical Cannabis Clinicians Society (MCCS) is committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect your personal information in line with UK GDPR and the Data Protection Act 2018.

1. Who We Are

We are The Medical Cannabis Clinicians Society, a Community Interest Company registered in the UK. We are the data controller for any personal information you provide.

  • Company Name: MedCan Clinicians Society CIC
  • Registered Address: 29 Adeline Gardens, Gosforth, Newcastle Upon Tyne, Tyne & Wear, NE3 4JQ
  • Email: contact@ukmccs.org
  • ICO Registration Number: ZB439597

As a CIC, we operate solely for the benefit of healthcare professionals and the public. We use your information only to provide services related to our mission — supporting the safe, evidence-based prescribing of medical cannabis in the UK.

2. What Information We Collect

We may collect and store:

  • Your name
  • Professional role (e.g. consultant, GP, nurse, pharmacist)
  • Email address
  • Membership status and payment history
  • Correspondence with our support inbox
  • Stripe payment reference (MCCS sees only the last 4 digits)
  • IP address and technical/browser data when using our website

3. Why We Collect Your Data

We process your data to:

  • Verify your professional status for membership
  • Deliver member services (e.g. events, access to resources)
  • Administer payments, auto-renewals, and account access
  • Send relevant updates and communications
  • Invite you to member-only platforms (e.g. https://groups.io/g/UKMCCS)
  • Respond to queries or support requests

We use your payment reference and membership status to manage automatic renewals through Stripe. You can cancel auto-renewal at any time by contacting us directly.

Our lawful bases for processing your data are:

  • Contract – to provide your membership and services
  • Legitimate interest – to maintain operations and engagement
  • Consent – for email updates via Mailchimp, where applicable
  • Legal obligation – to retain financial or transactional data where required

4. How We Store and Protect Your Data

We store data securely using encrypted, password-protected systems. Your data is held in:

  • Our membership database (via our website)
  • Mailchimp (for email communications)
  • Stripe (for payment processing)
  • Google Groups (for member discussion and announcements)

We never store your full payment details. Stripe handles all transactions securely.

5. Who We Share Data With

We do not sell your data. We only share data with trusted third-party providers who support our services:

    • Stripe – payment processor
    • Mailchimp – email delivery platform
  • Google Groups – member-only forum
  • Web and database hosting providers – for our website

Some of these providers may process your data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), in line with UK GDPR requirements.

6. Cookies and Analytics

We use essential cookies to ensure the site functions properly. Our website may also use analytics tools to collect anonymous visitor data (e.g. page views, bounce rates). These do not include personally identifiable information.

Upon visiting our website, you will see a cookie banner giving you the option to accept or reject non-essential cookies. You may also manage your preferences through your browser settings.

7. How Long We Keep Your Data

We keep your personal information for as long as necessary to:

  • Deliver membership services
  • Maintain legal, regulatory, and financial records

This typically means retaining membership-related data for up to 2 years after your membership ends, unless required to keep it longer. You may request deletion of your data at any time unless we are legally required to retain it.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access the data we hold about you
  • Request correction of any inaccurate information
  • Request deletion of your data (where lawful)
  • Restrict or object to certain types of processing
  • Withdraw consent (e.g. for email marketing)
  • Request transfer of your data to another provider
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

9. No Automated Decision-Making

We do not use personal data for automated profiling or decision-making. All membership decisions (e.g. approval) are made by real people.

10. Age Limit

Our services are intended for healthcare professionals aged 18 or older. We do not knowingly collect personal data from individuals under the age of 18.

11. How to Contact Us

If you have questions about this policy or how your data is used, please contact:

📧 Email: contact@ukmccs.org
📮 Post: 29 Adeline Gardens, Gosforth, Newcastle Upon Tyne, Tyne & Wear, NE3 4JQ

12. Changes to This Policy

We may occasionally update this Privacy Policy. Any significant changes will be notified by email or via our website. The most up-to-date version will always be available at www.ukmccs.org