Privacy Notice
Privacy Notice
This notice applies to you if we process your personal information as a user of our website. References to we, our or us in this privacy notice are to LiiFT®, Medicaleaf™ Limited and each of its direct and indirect subsidiaries, trading under the “Medicaleaf™” brand
We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your relationship with us. This notice explains how we comply with the law on data protection and what your rights are and for the purposes of data protection we will be the controller of any of your personal information.
- Personal information we collect
We may collect the following types of personal information about you:
- Contact details:information that allows us to identify and contact you directly such as your name, address, email address, telephone number and addresses.
- Personal history and information:This includes hobbies, interests, marital status, family details, and dietary requirements.
- Responses to surveys, competitions and promotions:we keep records of any surveys you respond to or your entry into any competition or promotion we run.
- Creditworthiness:We may undertake investigations into your creditworthiness in order to establish whether to enter into or continue a business relationship with you
- How you use our website:we collect information about the pages you look at and how you use them.
- Details of the correspondence (including e-mail correspondence) you send and receive from us:this includes letters and emails, SMS, MMS and other electronic communication and may in some cases include audio recording of telephone conversations
- Subscription information:for example when you subscribe to one of our blogs or other materials.
- IP address information:your computer’s IP address allows us to track your usage of our website.
- Special categories of personal information
We do not generally collect, store and use the following “special categories” of more sensitive personal information regarding you:
- Informationabout your race or ethnicity, religious beliefs, sexual orientation and political opinions;
- Informationabout your trade union memberships;
- Informationabout your health, including any medical condition, health and sickness records, medical records and health professional information; and
- Biometricinformation about you, for example fingerprints, retina scans.
Also we do not generally collect, store and use any criminal records history relating to you, our Anti Money Laundering checks may reveal such information.
4. Sources we collect your personal information from
We will collect personal information from a number of sources. These include the following:
- Directly from you:when you contact us by phone, email or communicate with us directly in some other way.
- Our website:provides us with information about how you use it and the devices that you use to connect to our website.
- Our providers of background information:which may include credit reference agencies, AML check provider, and other web platforms.
- What we use your personal information for
The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this.
| Purpose | Personal information used | Lawful basis |
| Identity and AML checks | All the personal information we collect | We may have a legal obligation to undertake identification and AML checks We also have a legitimate interest in knowing your identity |
| Passing details of our AML checks to third parties | All the personal information we collect |
The third parties have a legitimate interest in undertaking identity and AML checks |
| Enter into and perform contracts | All the personal information we collect |
To enter into and perform contracts with either yourself or the organisation that you represent |
| Deal with your queries or complaints | All the personal information we collect |
This may be necessary to perform a contract with you or the organisation that you represent We have a legitimate interest to improve the services or products we provide |
| Maintain and improve services and products | All the personal information we collect | We have a legitimate interest to improve the services and products we provide |
| Data analytics and statistical research to help us improve our online services | How you use our website |
We have a legitimate interest to improve the services we provide |
| Security of our IT systems | All the personal information we collect |
We have a legitimate interest in ensuring the security of our IT systems. |
| Staff training | All the personal information we collect |
We have a legitimate interest to improve the services we provide |
| Perform credit checks | Contact details and payment information | We have a legitimate interest to ensure that we are likely to be paid for our services or products |
| Determine services that may be of interest to you | All personal information we collect |
We have a legitimate interest to improve the services and products we provide |
| To provide you with requested information | Contact details and services and products or other information that you have requested we provide to you or your organisation | To comply with the request made by you |
| Direct marketing | Contact details and services and products that we have determined may be of interest to you or your organisation and/or which you or your organisation has purchased in the past | We may ask for your consent to process your data for this purpose, you may revoke your consent at any point. Alternatively if you or your organisation has purchased similar services or products from us previously we may market similar products or services as a legitimate interest in developing our business. You have the right to opt out from such marketing at any time |
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below. We will generally only ask for your consent for direct marketing.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide marketing information to you.
We may anonymise and aggregate any of the personal information we hold (so that it does not directly identify you). We may use anonymized and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site and developing new products and services.
- Who we share your personal information with
We share personal information with the following parties:
- Companies in the same group of companies as us:
- Other companies in our supply chain: so that they can contact you about any issues in the supply chain.
- Credit reference and other identification agencies:so that we can assess your creditworthiness and to verify your identity. These agencies may retain a footprint that a search has been undertaken
- Marketing and public relations companies: to help us to develop, carry out and assess marketing and PR campaigns
- Other service providers and advisors:such as companies that support our IT, help us analyse the data we hold, process payments, send communications to our customers, provide us with legal or financial advice and generally help us deliver our products and services to you or the organisation that you represent.
- Purchasers of our business:buyers or perspective buyers to whom we sell or negotiate to sell our business.
- The Government or relevant regulators:where we are required to do so by law or to assist with their investigations, for example the Information Commissioner’s Office.
- Police, law enforcement agencies and security services:to assist with the investigation and prevention of crime and the protection of national security.
We also use Google Analytics which sets cookies to collect information about how visitors use our website. See our cookie notice for more information. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout .
We do not disclose personal information to anyone else except as set out above. We may provide third parties with aggregate statistical information and analytics about users of our products and services but we will make sure no one can be identified from this information before we disclose it.
- Direct Marketing
Email, post and SMS marketing:from time to time, we may contact you by email, post or SMS with information about products or services we believe you may be interested in.
We will only send marketing messages to you in accordance with the marketing preferences you set when you create your account or that you tell us afterwards you are happy to receive or where you or the organisation you represent have purchased similar services or goods from us previously.
You can then let us know at any time that you do not wish to receive marketing messages by sending an email to us at info@medicaleaf.org or by using the by using the details set out in the “Contacting us” section below. You can also unsubscribe from our marketing by clicking on the unsubscribe link in any marketing messages we send to you.
- Transferring your personal information internationally.
The personal information we collect may be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will take all reasonable steps to ensure that your personal information is only used in accordance with this privacy notice and applicable data protection laws and is respected and kept secure and where a third part processes your data on our behalf we will put in place appropriate safeguards as required under data protection laws. For further details please contact us by using the details set out in the “Contacting us” section below.
Our directors and other individuals working for us may in limited circumstances access personal information outside of the UK and European Union if they are on holiday abroad outside of the UK or European Union. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal data within the UK.
In limited circumstances the people to whom we may disclose personal information as mentioned in section 6 above may be located outside of the UK and European Union. In these cases we will impose any legally required protections to the personal information as required by law before it is disclosed.
- How long do we keep personal information for?
We will keep your personal information for as long as is necessary for the purpose for which it has been obtained. For individual contacts at customers and suppliers this will be for as long as we continue to have a relationship with that customer or supplier and then for a period of 7-15 years afterwards.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move position or work for a different organisation or change your phone number or email address, you can contact us by using the details set out in the “Contacting us” section below. - Security
We have numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords and firewalls. We cannot, however, guarantee that these measures are, or will remain, adequate. We do, however, take data security very seriously and will use all reasonable endeavours to protect the integrity of the information you provide. - Your rights in relation to your personal information
You have the following rights in relation to your personal information: (i) the right to be informed about how your personal information is being used; (ii) the right to access the personal information we hold about you; (iii) the right to request the correction of inaccurate personal information we hold about you; (iv) the right to request the erasure of your personal information in certain limited circumstances; (v) the right to restrict processing of your personal information where certain requirements are met; (vi) the right to object to the processing of your personal information; (vii) the right to request that we transfer elements of your data either to you or another service provider; and (viii) the right to object to certain automated decision making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example we do not use automated decision making in relation to your personal data. However some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the “Contacting us” section below. If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage to contact us to resolve your complaint first.
- Changes to this notice
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this section. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information. - Contacting us
In the event of any query or complaint in connection with the information we hold about you, please emailinfo@medicaleaf.org or write to us at: Data Protection Officer, Medicaleaf Limited, 862, Eagle Tower, Montpellier Drive, Cheltenham, GL50 1TA, United Kingdom.
