GDPR Compliance

Last updated: 5 March 2026

Our Commitment

Medisec Connect is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the privacy and security of your personal data seriously.

Data Controller

Medisec Connect is the data controller for all personal data processed through the platform. If you have questions about how we handle your data, please contact us at info@medisecconnect.com.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent — for marketing communications and optional features such as Profile Boosts.
  • Contract — to provide our platform services, including account creation, profile management, messaging, and access passes.
  • Legitimate interest — for platform security, fraud prevention, and service improvement.
  • Legal obligation — where required to comply with applicable laws.

Your Rights

Under GDPR, you have the right to:

  • Access your personal data held by us.
  • Rectification of inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) in certain circumstances.
  • Restrict processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email info@medisecconnect.com. We will respond within 30 days.

Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • AES-256 encryption for data at rest
  • TLS encryption for all data in transit
  • Secure, UK-accessible infrastructure via Supabase and Vercel
  • Role-based access controls for admin functions
  • Encrypted storage for sensitive documents (DBS certificates, ID)

Data Retention

We retain personal data only for as long as necessary to provide our services and comply with legal obligations. When you delete your account, your personal data is removed within 30 days, except where retention is required by law.

Third-Party Processors

We use carefully selected third-party services that comply with GDPR:

  • Supabase — database, authentication, and file storage
  • Vercel — hosting and deployment
  • Stripe — payment processing (PCI DSS compliant)

Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Contact

For any GDPR-related enquiries, contact our data protection team at info@medisecconnect.com.