Volteface, secretariat for the All-Party Parliamentary Group for Medical Cannabis under Prescription, will be publishing monthly reports on our anonymous traffic statistics from June.

Privacy Policy

How MedBud™ Handles Your Data

Last Updated: 27/01/2024

MedBud™ takes user privacy and data protection seriously. We seek to comply with all applicable data protection requirements, which in the UK currently includes the inheritance of the European Union’s General Data Protection Regulation (GDPR).

This privacy policy describes who we are, how we collect and may use your personal data, and how we may share some information provided anonymously for public statistics. This policy also sets out your rights under data protection law in relation to our processing of your personal data.

If you require further information, or if you have any questions about this privacy policy, please email: access@medbud.wiki

Why are we here?

In December 2021, Cannapedia.org.uk was shut down, the main patient resource that at the time provided insight into the full cannabis formulary available to UK patients.

MedBud™ was founded in January 2022 by Ralph Leonardo MacMurray, a patient struggling to access information on their prescribed cannabis-based medications. Today we provide essential comparative metrics between prescription cannabis medications; clinics prescribing; pharmacies dispensing; and the producers/brands supplying CBPMs.

We’re depended upon by the majority of patients, clinicians and pharmacists as the only frequently maintained, independent and unbiased resource detailing all options currently available to patients.

We are currently 100% volunteer-led, we plan to incorporate as a non-profit organisation, and have been running a fundraiser since ‘4/20’ in 2023 to facilitate this. In the meantime, we publish all donations and expenses on our Public Accounts Ledger in the interest of full transparency. We do not allow companies to advertise, and will not accept funding in return for favour/influence/bias. We pride ourselves on impartiality.

Our postal address is: MedBud, 71-75 Shelton St, Covent Garden, London, WC2H 9JQ

Why we now need a privacy policy

In April 2023 we were first contacted by MHRA due to complaint over claimed unlawful advertising of controlled medications. After 6 months of legal negotiations, backed by a multi-national legal firm 'pro bono', MedBud has been required to restrict the amount of public information provided - in particular to ensure legitimate need to access information related to medication pricing, current stock levels, and dispensing pharmacies.

In order to continue providing the same level of information to patients, clinicians and pharmacists alike - MedBud has needed to devise an accounts and validation system to ensure we can confirm legitimate need to access protected information.

While setting up this system MedBud has decided to further build on its public statistics reporting and provide further anonymised public stats based on our user base. We're in a unique perspective to provide insight into an industry whereby few official stats are available, and attempt to do so in public interest. Most data is provided optionally via user profile fields, though by default we always report based on age group, region, and current length of time as a patient.

We collect some biographical data

When signing up for an account at MedBud™, we collect some limited biographical data in order to later facilitate publishing indiscriminate public statistics based on various personal attributes.

We record your name, general region (not address), and date of birth by default during registration - with some additional fields that can be optionally updated later in each user’s profile. While this information is attached to individual patient accounts, any statistics published based on this will always be entirely anonymised. We have to collect names and date of birth to ensure legal compliance, but do not publish this information.

Some data is collected for republication so that we can help ensure fair and equal treatment for all patients, whereby others are able to look for discrepancies in treatment between different genders, age groups, regions etc. based on statistics provided.

We collect data from your interactions with us

If you interact with us, we will automatically record some details of those interactions. For example, we will naturally collect details of email correspondence, and hard copy correspondence should be automatically scanned by our virtual office provider.

When you interact with us online we will automatically collect data about your use of our services, including data on the type of device you’re using, its IP address, your browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. Most of this data is collected by Google Analytics or Cloudflare.

In addition our servers, logs and other technologies automatically collect certain information to help us administer, protect and improve our services, analyse usage and improve users’ experiences.

For further information see our cookies policies below.

We may access or amend your personal data when we have legitimate interests in doing so

At times we will need to access or amend your data as part of daily operations, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security. We will not process your data on a legitimate interest basis where the impact of the processing on your interests and rights outweigh our legitimate interests.

We will process the following personal data on the basis of our legitimate interests:

If you do not want us to process your personal data on the basis of our legitimate interests, let us know and we will double check to make sure that our interests in processing your personal data don’t outweigh your interests and rights.

We will process your personal data to comply with our legal and regulatory obligations

We may need to use your information to comply with legal and regulatory obligations; including complying with your information rights; with reporting obligations; and with court orders if ever received. Unless explicitly prohibited from disclosing, MedBud will by default notify any and all account holders of legal requests to access their information which we must comply to. We may also need to process your personal data to protect your vital interests or those of another person.

We must verify your date of birth in line with the expected Online Safety Act 2023, and we must verify your legitimate need to access information on controlled drugs - with stringent legislation/guidelines surrounding its publication:

We need your consent to process special category data

Under the GDPR, personal data is considered to be special category data where it reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. It also includes the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a data subject's sex life or sexual orientation.

We process your special category data as part of our verification process to ensure you have legitimate and lawful need to access controlled information on controlled medications. It is additionally processed for: archiving purposes in the public interest; for scientific or historical research purposes; and statistic purposes. Please see 'How long do we keep your personal data' for details on when accounts are automatically anonymised and archived by MedBud. You can remove consent for sharing special category data at any time, this will require us to deactivate and archive your account, as we're no longer able to meet our regulatory commitment to provide account verification for accessing any controlled information.

You can ask for access to the information we hold on you

You have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of personal data concerned and the recipients of the personal data.

We will provide the first copy of your personal data free of charge, and hope to automate the Subject Access Request procedure to ensure it's useable without charge at all times. There is otherwise meant to be a statutory £10 fee for processing a Subject Access Request, in most circumstances this will be waived, though we reserve the right to charge if we feel there is an unwarranted abuse of our free SAR procedure.

We cannot provide access to a copy of any data that would adversely affect the rights and freedoms of others - for example if this contains another’s personal information.

You can ask to change information you think is inaccurate

You should let us know if you disagree with something included in your personal data.

Most user data held is freely updatable by editing your account profile, exceptions are made when we must hold validated information to evidence your legitimate need to access protected information. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it, if ever necessary.

You can ask to delete information (your right to be forgotten)

In some circumstances you can ask for your personal information to be deleted, for example, where:

Please note that we can’t delete your information where:

You can ask us to limit what we use your personal data for

You have the right to ask us to restrict what we use your personal data for where:

When personal data is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

Where restriction of use has been granted, we’ll inform you before we carry on using your personal data.

You have the right to ask us to stop using your personal data for any of our services. Where possible we’ll seek to comply with your request, but we may need to hold or use data because we are required to by law. You should also be aware that If your request is approved this may cause delays or prevent us delivering that service.

Transfers outside the UK & EEA

MedBud operates server and technology infrastructure hosted in the United States, which may require the duplication and holding of your data (including special category) outside of the UK or EU, to ensure the website can continue to operate as otherwise outlined in this document.

We may transfer your data to our headquarters which we intend to base in the US - with MedBud planned to operate in multiple legal jurisdictions. Where necessary, we ensure the safety of your personal data through the adoption of Standard Contractual Clauses. We rely on the Standard Contractual Clauses under Article 46.2 of the GDPR.

We do not provide your personalised special category data to 3rd parties, and this policy does not vary between international jurisdictions. Your privacy and the security of your special category data are of paramount importance to us, and we strictly adhere to the regulations outlined in the GDPR to protect your information.

We seek explicit consent for the transfer of any special category data during our sign-up process.

How long do we keep your personal data

We will retain data about your use of our websites, products and services and data indefinitely where it is utilised for the purposes of providing public statistics, in public interest.

In some circumstances it is not possible for us to specify in advance the period for which we will retain your personal data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We anonymise, archive and mark accounts as inaccessible when requested - or by default after a period of account inactivity lasting longer than a year.

We will always retain your personal data where this is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or those of another person.

Security

We update and test our security technology on an ongoing basis. We restrict access to your personal data to staff who need to have access to it to provide services or benefits to you. We also train our volunteers about the importance of confidentiality and maintaining the privacy and security of your information, with a Non-Disclosure Agreement signed.

Amendments to this Privacy Policy

We will post any changes on the website and when doing so will change the updated date at the top of this privacy notice. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services. If you are not happy with any changes that we have made you should cease using our services.

In some cases we may provide you with additional notice of changes to this privacy statement, such as via email. We will always provide you with such additional notice well in advance of the changes taking effect where we consider the changes to be material.

About cookies

Cookies may be either “persistent” cookies or “session” cookies:

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Why we use cookies

Cookies help us improve the products and services that we offer you. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use cookies to:

Our service providers use cookies:

Google

We use Google Analytics to analyze the use of our web properties. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available here.

To ensure that an opt-out is maintained in respect of a particular browser, you may wish to consider using the Google browser plug-ins.

Cloudflare

Cloudflare uses various cookies to maximize network resources, manage traffic, and protect our customers’ sites from malicious traffic.

By default, cookie data may be processed in Cloudflare’s data center in the United States and is subject to the cross-border data transfer section 7 of the Cloudflare Privacy Policy. Customers who use the Data Localization Suite can control where cookie data is processed (with Regional Services) and logged (using the Customer Metadata Boundary). Further details can be found here.

Our service providers also use cookies and those cookies may be stored on your computer when you visit our website. Google and Cloudflare provide services to us and store cookies on your computer when you use our website.

Managing cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our websites, products and services.

Most browsers allow you to refuse to accept cookies, and to delete cookies.

Our Contact Details

Your privacy is important to us. If you have any comments or questions regarding this Privacy Policy, you can contact us:

This page was last updated: . Please email MedBud with any required updates or corrections.

  Information provided is partially -sourced and may be outdated or otherwise incorrect. Please report any inaccuracies found by email.

NHS LogoFurther National Health-Service Information on Cannabis-Based Products for Medicinal Use (CBPMs)