Privacy & Cookie Policy
How the Cyprus Medical Society UK looks after your information. Last updated 8 July 2026.
This policy explains what personal information the Cyprus Medical Society UK ("Cyprus Medical Society UK", "we", "us") collects when you create a membership account, how we use it, and the rights you have over it. We are the data controller for this information.
Information we collect
When you register and maintain a membership account, we collect:
- Account details — your email address and a password (stored encrypted; we never see it).
- Identity — title, first name and surname.
- Professional details — whether you are a medical student, a UK-based doctor or an overseas member; for students, your medical school and year of study; for doctors, your specialty, grade, NHS trust or health board and GMC registration number; for overseas members, your country of practice.
- Profile details — city, graduation year, phone number, mentorship preference, a short bio, areas of interest, optional professional and social-media links, and an optional profile photo.
- Student verification — if you register as a medical student, an image of your student ID, used solely to verify your enrolment. It is visible only to Cyprus Medical Society UK administrators and is never shown in the directory.
- Preferences — which of your profile fields are shown in the member directory, whether to show a contact email there, and whether you wish to receive our newsletter.
Why we use it, and our lawful basis
We use your information to administer your membership, operate the members-only directory, run mentorship and community activities, and — only if you opt in — send you our newsletter and updates. Our lawful bases under UK GDPR are:
- Performance of a contract — to provide your membership and its core benefits, including listing you in the member directory (see below), which is a condition of membership.
- Legitimate interests — to run and develop the society for the benefit of its members, keep the directory reliable, and keep our systems secure, in ways you would reasonably expect.
- Consent — for optional extras only, such as our newsletter and marketing updates. Where we rely on consent you can withdraw it at any time, without affecting your membership.
- Legal obligation — where we are required to retain or disclose information to comply with the law.
The member directory
The member directory is a core benefit of membership and is visible only to signed-in, approved members — never to the public or search engines. Because connecting members to one another is central to what the society does, being listed in the directory is a condition of membership: every approved member appears in it. We rely on performance of your membership contract and our legitimate interests for this, rather than consent.
Your listing always shows your name, title, membership type and city. You remain in control of several other fields — from your profile you can hide your grade, trust or school, bio, interests, mentorship status and phone number, and you choose whether to show a contact email. Your GMC number and student ID are never shown in the directory. If you no longer wish to be listed, you can delete your account from the Account & Security page, which removes you from the directory and erases your profile.
Marketing
We only send the newsletter and promotional updates if you have opted in. You can opt out at any time from the Account & Security page or via the unsubscribe link in any email.
How and where we store your information
Your data is held in our membership database and file storage, and access is restricted and protected by row-level security so members can only see what they are entitled to. Uploaded files — profile photos and student ID images — are kept in access-controlled storage; student ID images are restricted to administrators and are not publicly accessible. We keep your information for as long as you remain a member; if you delete your account, your profile data and uploaded files are removed.
We rely on a small number of trusted service providers (processors) to run the society:
- Supabase — our membership database, authentication and file storage.
- Vercel — hosting of this website.
- Resend — delivery of account and notification emails.
- Stripe — processing of donations (we never see or store your full card details).
These providers process data on our instructions and under appropriate safeguards. Data is held within the UK or European Economic Area, or under equivalent protections where a provider operates elsewhere.
A note on website content
Information on this website is provided for general information only and is not medical or professional advice. Member profiles and directory entries are supplied by members themselves. Please see our Disclaimer & Terms of Use for details.
Your rights
Under UK data protection law you have the right to:
- access the personal data we hold about you;
- correct it — you can edit most of it directly on your profile;
- erase it — you can permanently delete your account and profile from the Account & Security page;
- restrict or object to processing we carry out on the basis of legitimate interests, and request a copy of your data;
- withdraw consent for any optional processing (such as the newsletter) at any time, without affecting your membership;
- complain to the Information Commissioner's Office (ico.org.uk).
Cookies
We use only essential cookies needed to keep you signed in securely. We do not use advertising or third-party tracking cookies.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated to members, and the "last updated" date above will always reflect the current version.
Contact us
For any privacy question, or to exercise a right above, email info@cyprusmedicalsociety.org.uk.