Privacy Policy
Privacy Policy Last updated: 5 June 2026
Who we are Medicine Within is the data controller responsible for your personal data when you register for our events.
You can contact us about data protection matters at: [becky@medicinewithin.uk] (please put “Privacy” in the subject line).
What personal data we collect When you register for an event we collect:
Your name
Your email address
We may also automatically collect technical information such as your IP address, browser type and version, device type, and how you interact with our website (via cookies and similar technologies).
How we use your personal data and our legal bases We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| To process your ticket purchase and manage your booking | Performance of a contract |
| To send you important event information, updates, reminders, and practical details about the event you have registered for | Legitimate interests (we have a legitimate interest in communicating with people who have bought tickets so the event runs smoothly) |
| To manage event attendance, check-ins, and logistics | Performance of a contract / Legitimate interests |
We will only use your data for these purposes. If we want to use it for anything else (e.g. future marketing unrelated to the event you registered for), we will ask for your consent separately.
Sharing your personal data We do not sell your personal data to anyone.
We only share it with trusted third parties who help us deliver the event:
- Stripe – our payment processor. They handle payments securely and we do not store your payment card details. See Stripe’s Privacy Policy: https://stripe.com/privacy
- Our website hosting, email, and other service providers who assist us in running the event (they are bound by contract to keep your data secure and confidential)
We only share the minimum information necessary for them to do their job.
International transfers Your personal data is primarily stored and processed in the United Kingdom. Where we use service providers based outside the UK (for example certain cloud or email services), we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses, to protect your data to the same standard as UK GDPR.
Data security We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, or damage. Payment data is handled securely by Stripe in accordance with PCI-DSS standards.
How long we keep your data We retain your personal data only for as long as necessary to:
Administer the event
Fulfil our legal and accounting obligations
Deal with any queries or complaints
Your legal rights Under UK GDPR you have the right to:
Access the personal data we hold about you
Correct any inaccurate or incomplete data
Request deletion of your data (“right to be forgotten”)
Restrict or object to certain processing
Receive a copy of your data in a portable format (data portability)
Withdraw consent (where we rely on consent)
To exercise any of these rights, please email us at [becky@medicinewithin.uk]. We will respond within one month.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK data protection regulator: www.ico.org.uk or 0303 123 1113.
Cookies and similar technologies Our website uses cookies and similar technologies to make the site work properly, remember your preferences, and understand how visitors use the site.
You can manage your cookie preferences through your browser settings. For more detailed information, please see our [Cookie Policy] (or add a short cookie section here if you prefer everything in one document).
Changes to this policy We may update this Privacy Policy from time to time. The latest version will always be available on our website. If we make significant changes that affect how we use your personal data, we will notify you where appropriate.