Privacy

Last updated:

Nov 17, 2025

1. Introduction

Medistack Ltd is committed to protecting the privacy and confidentiality of all individuals who use our services.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services. It also outlines your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using Medistack, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

MediStack Ltd
Registered in England and Wales
Company Number: 16785255
Email: info@medistack.co.uk
Website: www.medistack.co.uk

MediStack is a digital prescription assistant that supports healthcare professionals in prescribing medical cannabis under UK regulations.

3. Information We Collect

We may collect and process the following categories of personal data:

a. Personal Identification Information

  • Full name

  • Date of birth

  • Contact details (address, email, phone number)

  • Identification documents (where required for verification)

b. Medical and Health Information (Special Category Data)

  • Medical history, diagnoses, and treatment details

  • Prescriptions and dosage information

  • Relevant clinical notes or practitioner comments

c. Technical and Usage Data

  • IP address

  • Browser type and version

  • Device information

  • Website usage statistics and cookies

d. Professional Information (for healthcare providers)

  • GMC/NMC registration details

  • Professional credentials

  • Practice or clinic information

We collect information directly from you, through your healthcare provider, or through the use of our digital services.

4. Lawful Basis for Processing

MediStack processes personal data only where there is a lawful basis under the UK GDPR, including:

  • Consent: When you give explicit consent for your information to be processed for a specific purpose.

  • Contractual necessity: To provide you with our services or fulfil an agreement.

  • Legal obligation: To comply with applicable healthcare or regulatory requirements.

  • Legitimate interests: For administrative, security, and operational efficiency purposes.

  • Special category data: Processed under Article 9(2)(h) of the UK GDPR — for the purposes of medical diagnosis, healthcare provision, or treatment, under professional confidentiality obligations.

5. How We Use Your Information

We use your personal data to:

  • Facilitate medical cannabis prescription assessments.

  • Support healthcare professionals in clinical decision-making.

  • Maintain secure and accurate patient and practitioner records.

  • Communicate with you regarding appointments, prescriptions, and support.

  • Meet legal, professional, and regulatory obligations.

  • Improve and develop our digital services.

We do not sell or share your personal information with third parties for marketing purposes.

6. Data Storage and Transfers

Your personal data is securely stored within the European Economic Area (EEA).

MediStack only uses data processors that meet UK GDPR and EU adequacy standards for data protection.

In the event data needs to be transferred outside the EEA, appropriate safeguards (such as the UK International Data Transfer Agreement) will be applied to ensure protection consistent with UK law.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Legal and regulatory retention requirements for medical records.

  • Contractual or professional obligations.

  • Audit and compliance purposes.

Once data is no longer required, it will be securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, or disclosure, including:

  • Encryption and secure data transmission

  • Access controls and authentication

  • Regular security audits and monitoring

Only authorised personnel have access to personal data, and all are bound by strict confidentiality agreements.

9. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

  • Right of access – to request a copy of your personal data (Subject Access Request).

  • Right to rectification – to correct inaccurate or incomplete data.

  • Right to erasure – to request deletion of your data, where applicable.

  • Right to restrict processing – to limit how your data is used.

  • Right to data portability – to receive your data in a structured, commonly used format.

  • Right to object – to object to processing where based on legitimate interests.

  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

Requests should be directed to our Data Protection Officer (DPO) using the contact details below.

10. Cookies and Website Tracking

Our website uses cookies and similar technologies to enhance user experience and analyse website performance.

You can manage your cookie preferences through your browser settings or our cookie management tool. For more information, please see our Cookie Policy.

11. Disclosure of Information

We may disclose personal information to:

  • Registered healthcare professionals and prescribers involved in your care

  • Pharmacies dispensing medical cannabis

  • Regulatory authorities, if required by law

  • IT service providers and data processors under contract with us

All disclosures are carried out securely and in accordance with UK data protection legislation.

12. Contact and Data Protection Officer

For any questions about this Privacy Policy or to exercise your data protection rights, please contact:

Data Protection Officer (DPO)
Umar Sabat
Data Protection Officer
Email: Umar.sabat@ig-health.co.uk 

13. Complaints

If you believe your data has been handled incorrectly, please contact our DPO in the first instance.

If you remain dissatisfied, you can contact:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: www.ico.org.uk


14. Updates to This Policy

Medistack reserves the right to update this Privacy Policy at any time.
Any significant changes will be posted on our website and, where appropriate, notified directly to users.

Last Updated: 13.11.2025

Date of next update: 13.11.2026