RegisterLogin

Introduction

This Privacy Policy describes how Vericura Limited (“we,” “us,” or “our”) collects, uses, and protects your personal information when you visit our website or interact with our medical cannabis services. We are committed to protecting your privacy and handling your personal data responsibly.

Information We Collect

Information You Provide Directly

  • Contact Information: Name, email address, phone number, company details

  • Professional Information: Medical credentials, practice details, areas of expertise

  • Communication Records: Messages, inquiries, and correspondence with our team

  • Partnership Applications: Information submitted for potential business partnerships

Information Collected Automatically

  • Website Usage Data: Pages visited, time spent, click patterns, referral sources

  • Technical Information: IP address, browser type, device information, operating system

  • Cookies and Tracking: Data collected through cookies and similar technologies (see our Cookie Policy)

Information from Third Parties

  • Professional Verification: Publicly available information to verify medical credentials

  • Business Information: Company details from professional directories and databases

How We Use Your Information

We use your personal information for the following purposes:

Business Operations

  • Process inquiries and partnership applications

  • Provide information about our products and services

  • Facilitate communication between parties

  • Maintain accurate business records

Professional Services

  • Verify medical credentials and professional standing

  • Provide educational resources and clinical information

  • Support healthcare professional networking and collaboration

Website Improvement

  • Analyze website usage to improve functionality and user experience

  • Monitor website security and prevent fraud

  • Optimize content based on user preferences and behavior

Legal and Regulatory Compliance

  • Comply with applicable laws and regulations

  • Respond to legal requests and regulatory inquiries

  • Maintain required business records

Legal Basis for Processing

Under UK GDPR, we process your personal information based on:

  • Legitimate Interest: For business operations, website security, and service improvement

  • Consent: For marketing communications and certain data collection activities

  • Contractual Necessity: To fulfill partnership agreements and provide requested services

  • Legal Obligation: To comply with UK laws, regulations, and MHRA requirements

  • Vital Interests: Where necessary to protect health and safety

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

  • Technology Partners: For website hosting, analytics, and technical support

  • Professional Services: Legal, accounting, and compliance consultants

  • Communication Tools: Email marketing and customer relationship management platforms

Business Partners

  • Healthcare Networks: With your consent, for professional collaboration

  • Research Organizations: For anonymous, aggregated research purposes only

Legal Requirements

  • MHRA and Regulatory Bodies: When required by UK medicines regulation

  • Information Commissioner’s Office (ICO): In response to data protection inquiries

  • UK Courts and Legal Proceedings: In response to valid UK legal requests

  • Health and Safety: To protect rights, property, or safety as required by UK law

Business Transfers

In the event of a merger, acquisition, or sale of business assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Safeguards

  • Encryption: Data transmitted over secure, encrypted connections (SSL/TLS)

  • Access Controls: Restricted access to personal information on a need-to-know basis

  • Security Monitoring: Regular monitoring for unauthorized access or security breaches

Organizational Measures

  • Staff Training: Regular privacy and security training for all personnel

  • Data Minimization: Collecting only necessary information for specified purposes

  • Regular Audits: Periodic review of data handling practices and security measures

Your Rights Under UK GDPR

Under UK GDPR, you have the following rights regarding your personal information:

Access and Information Rights

  • Right of Access: Request a copy of the personal information we hold about you

  • Right to Rectification: Request correction of inaccurate or incomplete information

  • Right to Data Portability: Receive your data in a structured, machine-readable format

Control and Deletion Rights

  • Right to Withdraw Consent: Withdraw consent for processing where applicable

  • Right to Erasure: Request deletion of your personal information (subject to legal obligations)

  • Right to Restrict Processing: Request limitation of how we process your information

  • Right to Object: Object to processing based on legitimate interests

Additional Rights

  • Right to be Informed: Understand how your data is being used (this privacy policy)

  • Rights Related to Automated Decision Making: Protection against automated decision-making and profiling

How to Exercise Your Rights

To exercise these rights, please contact our Data Protection Officer using the information provided below. We will respond to your request within one month of receipt.

Right to Complain

If you believe we have not handled your personal information properly, you have the right to complain to the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk

  • Phone: 0303 123 1113

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

Retention Periods (UK GDPR Compliance)

  • Contact Information: Retained for 6 years after last contact (or as long as you maintain interest)

  • Communication Records: Retained for 6 years for business and regulatory compliance

  • Website Analytics: Anonymous data retained for 2 years maximum

  • Medical Professional Records: Retained for 7 years in compliance with UK healthcare regulations

  • Legal and Regulatory Records: Retained as required by UK law and MHRA regulations

Deletion Process

When retention periods expire, we securely delete or anonymize your personal information unless longer retention is required by law.

International Data Transfers

As we operate within the UK, your personal information is primarily processed within the UK. If we need to transfer your information outside the UK, we will:

  • Ensure the destination country has an adequacy decision from the UK government, or

  • Implement appropriate safeguards such as Standard Contractual Clauses approved by the ICO

  • Obtain your explicit consent where required

We will always ensure your personal information receives the same level of protection as required under UK GDPR.

Children’s Privacy

Our website and services are not directed to children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our business practices

  • New legal requirements

  • Enhanced privacy protections

Notification of Changes

We will notify you of significant changes by:

  • Updating the “Last updated” date at the top of this policy

  • Posting a notice on our website

  • Sending email notifications for material changes

Contact Information

For questions about this Privacy Policy or our privacy practices, please contact:

Privacy Officer: [Name]
Email: [privacy@yourcompany.com]
Address: [Your Company Address]
Phone: [Your Phone Number]

Data Protection Officer (if applicable): [Name and contact information]

Regulatory Compliance

We are committed to complying with UK and EU privacy laws, including:

  • UK GDPR: The UK General Data Protection Regulation

  • Data Protection Act 2018: UK implementation and supplementary provisions

  • Privacy and Electronic Communications Regulations (PECR): For electronic marketing and cookies

  • MHRA Regulations: Medicines and Healthcare products Regulatory Agency requirements for medical cannabis companies

For specific information about your privacy rights under UK law, please contact our Data Protection Officer using the details provided above.