Privacy Policy

Med-Forum For Social Development UK LTD is a non-profit organisation registered in England and Wales as a Company Limited by Guarantee.

For data protection matters, you can contact us using any of the methods listed above.

ICO position. Med-Forum UK has self-assessed against the criteria in the Data Protection (Charges and Information) Regulations 2018 (as amended) and considers itself exempt from the data protection fee under the not-for-profit provisions. We have notified the Information Commissioner's Office accordingly. Even where the fee exemption applies, we remain fully bound by all UK GDPR obligations.

To honour the principle of data minimisation under UK GDPR and to support our exemption from the data protection fee, we operate an information-only website. Specifically:

• We do not collect personal data through this website. There are no contact forms, newsletter signup forms, donation forms, or volunteer applications on this site.
• We do not operate CCTV. We do not record video, audio, or any form of surveillance footage of visitors, volunteers, participants, or staff.
• Our registered office address is mail-only. 71-75 Shelton Street, Covent Garden, London is a registered correspondence address provided by a third-party service. We do not physically operate from that location, and no personal data is stored there.
• We do not use Google Analytics or third-party tracking tools. We do not track visitor behaviour for marketing or profiling purposes.
• We do not sell, rent, or trade personal data with any third party for marketing or commercial purposes.
• We do not use automated decision-making or profiling.
• We do not send marketing communications. We do not operate a newsletter or any other email marketing list.
• We do not process online donations. Any financial support to our work is handled through offline channels with separate documentation.

We collect different types of personal information depending on how you interact with us. This includes:

We do not knowingly collect special category data (such as data about your health, religion, ethnicity, or sexual orientation) unless you voluntarily provide it as part of a project application where it is relevant, in which case we will request your explicit consent.

We use your personal information for the following purposes:

• To deliver our services — process volunteer and project applications, manage memberships, and coordinate participation in our programmes.
• To communicate with you — respond to enquiries, send you updates about projects you have joined, and provide newsletter content if you have subscribed.
• To process donations — handle and acknowledge donations made via our Stripe payment processor.
• To improve our website — understand how visitors use the site so we can make it better.
• To meet legal obligations — comply with UK law, regulatory requirements, and reporting obligations to grant funders.
• To protect our organisation — prevent fraud, abuse, or misuse of our services.

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following legal bases:

We do not sell, rent, or trade your personal data. We may share limited information with the following categories of trusted third parties only when necessary:

All third parties are required to respect the security of your personal data and to treat it in accordance with applicable data protection law.

Our website uses cookies and similar technologies. A cookie is a small text file stored on your device when you visit a website. We use:

• Essential cookies — required for the website to function (such as session cookies). These do not require your consent.
• Analytics cookies — help us understand how visitors use our site (Google Analytics, if enabled). These require your consent.
• Functionality cookies — remember your preferences and choices.

You can control or delete cookies through your browser settings at any time. Note that disabling certain cookies may affect website functionality.

We keep your personal data only as long as necessary for the purposes set out in this policy, or as required by law:

You have the following rights regarding your personal data:

• Right to be informed — about how we collect and use your data (this Privacy Policy).
• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — request deletion of your data, where applicable.
• Right to restrict processing — limit how we use your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent — at any time, where we rely on consent as our legal basis.
• Right not to be subject to automated decision-making — including profiling. We do not currently use automated decision-making.

To exercise any of these rights, please write to us by post at our registered office: Med-Forum For Social Development UK LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. We will respond within one calendar month, as required by UK GDPR.

As an organisation working across the Euro-Mediterranean, your data may sometimes be transferred outside the United Kingdom, for example to project partners in EU member states or to service providers based in the United States (such as Mailchimp).

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions — for transfers to countries the UK Government has deemed to provide adequate protection (including the EEA).
• Standard Contractual Clauses — for transfers to other countries, including the UK International Data Transfer Agreement.

Some of our youth programmes may involve participants under the age of 18. In such cases, we require verifiable parental or guardian consent before collecting any personal data from a child under 13.

For participants aged 13 to 17, we collect only what is strictly necessary for safe participation in the programme, and we apply additional safeguards. Parents and guardians have the right to review, request deletion of, or object to the processing of their child's data at any time.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. The "Last Updated" date at the top of this page indicates when the policy was last revised.

For significant changes, we will provide additional notice such as an email to subscribers or a banner on our website. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us first:

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority: