Privacy Policy for Medology


The event organiser, Medology, has the legal responsibility to tell ticket buyers and event attendees how their personal information will be collected and used. You can find their Privacy Policy below or contact them to request it.

Privacy Policy

1. Introduction

This Privacy Policy explains how Medology collects, uses, stores, shares, and protects personal data across our programmes, events, platforms, websites, communications, and related services.

Medology operates through Medology Global LLC, our UAE entity, together with Medology Ltd, our UK entity. For our global and online operations, Medology Global LLC is the primary Medology entity. For certain UK-facing activities, including UK events, UK operations, or where UK legal or regulatory obligations apply, Medology Ltd may also process personal data.

We are committed to handling personal data lawfully, fairly, transparently, and securely. Where applicable, we process personal data in line with relevant UAE data protection requirements and, where relevant, UK data protection law.

2. Who We Are

Primary global entity
Medology Global LLC
United Arab Emirates

UK entity
Medology Ltd
Registered in England and Wales
ICO Registration Number: ZB157402

For questions about this Privacy Policy or to exercise your privacy rights, please contact:

Email: admin@medology.co.uk
Website: medology.global / medology.co.uk

If needed for formal correspondence relating specifically to UK operations, Medology Ltd may also be contacted at its registered office address.

3. Who This Policy Applies To

This Privacy Policy applies to individuals whose personal data we process, including:

  • students and prospective students;
  • parents, guardians, and family members;
  • school, university, and institutional contacts;
  • event attendees and applicants;
  • mentors, educators, speakers, and collaborators;
  • suppliers, service providers, and professional contacts;
  • website visitors and people who contact us in any capacity.

4. The Medology Entity Responsible For Your Data

The Medology entity responsible for your personal data will depend on the nature of your interaction with us.

In most cases:

  • Medology Global LLC is the primary controller for our global brand, online services, international programmes, digital products, marketing activity, and wider global operations.
  • Medology Ltd may act as controller, joint controller, or processor in relation to UK-based events, UK operational delivery, UK suppliers, UK legal compliance, and certain UK-facing services.

Where more than one Medology entity is involved, we will handle personal data in a way that reflects the actual service being provided and the relevant legal obligations.

5. The Personal Data We Collect

We collect personal data that is relevant and reasonably necessary for our services and operations. Depending on how you interact with us, this may include:

  • name and identity details;
  • email address, phone number, postal address, and other contact details;
  • account, registration, booking, and application details;
  • education, academic, and progression-related information;
  • programme participation details;
  • communications with us, including emails, forms, messages, and support queries;
  • payment, billing, transaction, and order information;
  • technical information, such as IP address, browser type, device information, and website usage data;
  • marketing preferences and communication choices;
  • photos, videos, webinar recordings, chat logs, feedback, and submitted content where relevant to our services;
  • safeguarding-related information where necessary; and
  • limited special category or sensitive personal data where strictly necessary and lawful.

We do not collect more personal data than we reasonably need for the relevant purpose. Transparency and data minimisation are core expectations of modern privacy law and privacy notices should explain clearly what data is collected and why.

6. Children’s Data

Some of our services may involve individuals under the age of 18. Where we process children’s personal data, we take additional care to ensure that such data is handled appropriately, fairly, and securely.

Where appropriate, we may rely on a parent, guardian, school, or other responsible adult to provide information, permissions, or instructions on the child’s behalf.

7. How We Collect Personal Data

We may collect personal data:

  • directly from you;
  • through forms, enquiries, registrations, and purchases;
  • when you attend our events, webinars, classes, or mentoring sessions;
  • when you use our websites, portals, or platforms;
  • when you communicate with us by email, phone, messaging platforms, or social media;
  • from parents, guardians, schools, institutions, or other third parties acting on your behalf or in connection with the services;
  • from service providers involved in payment processing, analytics, hosting, communications, or administration;
  • through cookies and similar technologies on our websites.

8. How We Use Personal Data

We use personal data only where we have a valid reason to do so. Depending on the context, we may use personal data to:

  • respond to enquiries and provide requested information;
  • register individuals for programmes, events, or services;
  • deliver teaching, mentoring, tutoring, admissions support, leadership programmes, events, resources, and related services;
  • manage accounts, bookings, attendance, payments, fees, refunds, and records;
  • communicate operational updates, service notices, and important changes;
  • personalise and improve our services, platforms, and customer experience;
  • manage relationships with students, families, schools, partners, suppliers, speakers, and collaborators;
  • administer and protect our business, systems, websites, and platforms;
  • monitor quality, safety, safeguarding, and compliance;
  • investigate complaints, incidents, misuse, or legal issues;
  • send marketing and promotional communications where permitted; and
  • comply with legal, regulatory, tax, accounting, and reporting obligations.

Privacy frameworks generally require organisations to explain their purposes clearly and tie them to an appropriate lawful basis rather than relying on vague blanket wording.

9. Legal Bases For Processing

Where applicable, we rely on one or more of the following grounds:

  • performance of a contract or taking steps at your request before entering into one;
  • compliance with a legal or regulatory obligation;
  • our legitimate interests in operating, improving, and protecting our organisation and services;
  • consent, where consent is required or appropriate; and
  • additional lawful conditions where special category or sensitive personal data is involved.

The lawful basis used depends on the context and the purpose of the processing. Consent is not the only lawful basis; organisations are expected to identify the basis that best fits the actual use of the data.

10. Special Category / Sensitive Personal Data

In limited cases, we may process sensitive personal data where this is necessary for safeguarding, accessibility, welfare, support arrangements, dispute resolution, legal compliance, or the proper delivery of a service.

Where required by law, we will seek appropriate consent or rely on another valid legal condition. We will apply additional protections to this type of data.

11. Marketing Communications

We may send you updates about Medology programmes, events, offers, opportunities, or content where:

  • you have requested information from us;
  • you have engaged with our services;
  • you have signed up to hear from us; or
  • we otherwise have a lawful basis to contact you.

You can opt out of marketing communications at any time by using the unsubscribe option in the message or by contacting us at admin@medology.co.uk.

12. Who We Share Personal Data With

We do not sell personal data.

We may share personal data where necessary with:

  • payment providers and financial service providers;
  • website, hosting, cloud, CRM, analytics, and IT service providers;
  • learning platforms, communication tools, and event platforms;
  • schools, institutions, mentors, educators, speakers, and programme partners where relevant to the service being provided;
  • professional advisers, including lawyers, bankers, insurers, auditors, and accountants;
  • regulators, government bodies, law enforcement, courts, or other authorities where required;
  • safeguarding contacts or welfare-related parties where necessary;
  • third parties involved in a corporate transaction, restructuring, merger, sale, or reorganisation.

Where third parties process personal data on our behalf, we require them to protect it appropriately and to process it only for authorised purposes. ICO guidance emphasises the need to identify recipients clearly and ensure processors handle data under proper instructions and safeguards.

13. International Transfers

Because Medology operates internationally, personal data may be processed in the UAE, the UK, and other jurisdictions in which our service providers or partners operate.

Where personal data is transferred internationally, we take steps designed to ensure it remains appropriately protected and handled in accordance with applicable legal requirements.

14. Data Retention

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to:

  • provide services;
  • maintain records;
  • deal with complaints or disputes;
  • enforce agreements;
  • protect legal rights; and
  • comply with legal, tax, accounting, regulatory, and safeguarding obligations.

Different categories of data may be kept for different periods. Financial and transactional records may be retained for longer where required by law or good business practice.

A privacy notice should explain retention in a clear, purpose-led way rather than promising indefinite or undefined storage.

15. Data Security

We use appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

These measures may include:

  • access controls and role-based permissions;
  • password protection and authentication controls;
  • encryption where appropriate;
  • secure hosting and storage environments;
  • staff training and confidentiality expectations;
  • monitoring, backups, and incident management processes; and
  • careful selection and oversight of service providers.

Privacy and security regimes expect organisations to apply suitable controls and to embed protection by design and by default.

16. Data Breaches

If we become aware of a personal data breach, we will assess it promptly and take appropriate action.

Where required by applicable law, we will notify relevant regulators and affected individuals within the timeframes required by law. Under UK rules, notifiable breaches must generally be reported without undue delay and, where feasible, within 72 hours of becoming aware of them.

17. Your Rights

Depending on the laws that apply to your data, you may have rights to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of personal data;
  • request restriction of processing;
  • object to certain processing;
  • request transfer of your personal data;
  • withdraw consent where processing is based on consent; and
  • complain to a relevant regulator.

UK privacy notices are expected to explain these rights and how individuals can exercise them.

To exercise any of these rights, please contact:
admin@medology.co.uk

We may need to verify your identity before responding to a request. We will respond within the timeframe required by applicable law.

18. Complaints

If you have concerns about how we handle your personal data, please contact us first at admin@medology.co.uk so we can try to resolve the issue.

If your concern relates to UK data protection law and you remain dissatisfied, you may have the right to complain to the Information Commissioner’s Office in the United Kingdom.

19. Cookies and Similar Technologies

Our websites may use cookies and similar technologies to:

  • help our websites function properly;
  • remember preferences;
  • understand how visitors use our websites;
  • improve performance and content; and
  • support marketing and analytics activities where permitted.

You can manage cookies through your browser settings and, where applicable, through our website cookie controls.

20. Third-Party Links and Platforms

Our websites, emails, and communications may include links to third-party sites, plug-ins, or platforms. We are not responsible for the privacy practices of those third parties. You should review their privacy notices separately.

21. Changes To This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, structure, operations, or legal obligations.

The latest version will always be posted on the relevant Medology website, and the “Last updated” date will show when changes were made. ICO privacy notices commonly explain that notices should be kept under review and updated when necessary.

22. Contact Us

For all privacy enquiries, requests, and concerns, please contact:

Medology
Email: admin@medology.co.uk
Websites: medology.global and medology.co.uk

For UK-specific regulatory matters, Medology Ltd is the UK entity and holds ICO Registration Number ZB157402.