Data Protection Policy

Data Protection Policy

Muslim Weight Management is committed to protecting the personal data of participants, speakers, and visitors to our online CME/CPD activities. We collect and use only the information we need, keep it secure and confidential, and process it in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy also functions as our core privacy notice for CME/CPD activities and should be read together with any additional privacy or cookie information provided on our website or platforms.

Muslim Weight Management is the “data controller” for personal data collected in connection with our CME/CPD activities. This means we decide why and how your data is used. In some cases, where we work with partners, they may also act as data controllers or processors, and we will make this clear where relevant.

What data we collect

We may collect:

  • Name, email address, WhatsApp number, professional role, and country/region.
  • Registration and participation details (for example which sessions you attend, completion of quizzes or feedback forms, certificates issued, and CPD points/hours claimed where applicable).
  • Communication preferences and records of communications with us (for example, enquiries, complaints, or feedback).
  • Technical data such as IP address and basic device/browser information, and information about how you access and use our online platforms (for example, log data and usage analytics).

Where you choose to provide them, we may also collect:

  • Accessibility or reasonable‑adjustment needs (for example, captioning, additional time, or format preferences).
  • Information about your religious or ethical preferences where this is relevant to tailoring content to Muslim weight‑management considerations.

These categories may include “special category” data (such as health or religious information). We will only ask for and use such information where it is necessary (for example to arrange adjustments or tailor content) and where we have a lawful basis and a valid special‑category condition, such as your explicit consent or, where applicable, the substantial public‑interest condition for equality‑of‑opportunity monitoring.

Our CME/CPD activities are aimed at adult healthcare professionals and are not intended for children. We do not knowingly collect personal data from anyone under 18 in this context.

How and why we use your data

We use this data to:

  • Deliver our free online activities, including managing registrations and attendance and providing access links and joining instructions.
  • Record participation and, where applicable, issue certificates or evidence of completion and CPD/learning credits.
  • Communicate with you about specific activities you have registered for, including reminders, updates, and follow‑up surveys or feedback requests.
  • Where you choose to provide a WhatsApp number, we may use it to send essential information about activities you have registered for. We will only use it for optional or marketing‑type communications where you have given consent or where we can rely on legitimate interests in line with e‑privacy rules.
  • Improve our programmes and services, for example by analysing anonymised or aggregated feedback and usage patterns.
  • Respond to enquiries, complaints, or concerns and to manage our relationship with you.
  • Maintain appropriate records for quality assurance, accreditation, and legal or regulatory purposes. For accredited activities, we keep records such as attendance logs, evaluation summaries, and faculty conflict‑of‑interest declarations to demonstrate compliance with accreditation standards.

Our main legal bases for using your data are:

  • Performance of a contract (or taking steps at your request before entering into a contract), where processing is necessary to provide you with a service you have registered for.
  • Our legitimate interests, for example to improve our programmes, keep appropriate records of participation, protect our organisation from fraud or misuse, or understand how our activities are used, provided these interests are not overridden by your rights and interests.
  • Your consent, where you choose to receive optional communications (such as newsletters or marketing about future activities) or where we process special category data (such as health or religious information) for clearly defined purposes.

You can withdraw your consent for optional communications at any time by following the unsubscribe instructions in our messages or by contacting us.

How we share and protect data

  • We do not sell your personal data.
  • We may use trusted third‑party services (for example webinar platforms, learning management systems, survey tools, and email providers) to help deliver our activities and communications under written agreements that require them to keep your data secure and to use it only on our instructions.
  • Some of these providers may be located outside the UK. Where this involves transferring personal data from the UK to a country without an adequacy decision, we will put in place appropriate safeguards such as standard contractual clauses and, where necessary, carry out transfer risk assessments and implement supplementary measures to protect your information.
  • We use reasonable technical and organisational measures to keep data secure and to limit access to those who need it to carry out their role. This may include access controls, encryption, secure storage, and staff training on data protection and confidentiality.
  • Where we are required by law or regulation (for example, in connection with safeguarding, law‑enforcement requests, or professional regulatory investigations), we may share limited relevant information with appropriate authorities or bodies, but only where we believe this is necessary and proportionate.

How long we keep data

We keep your data only as long as needed to:

  • Manage registrations and participation in CME/CPD activities.
  • Provide certificates or evidence of completion and, where appropriate, maintain records that may be needed by you or by accrediting bodies to demonstrate CPD/learning activity over time.
  • Handle questions, feedback, or complaints and to keep appropriate records of how these were managed.
  • Meet legal, regulatory, accounting, or reporting requirements.

We apply defined retention periods for different categories of data. For example, we may retain core participation and certificate records for up to 7 years after the end of the calendar year in which the activity took place, to support professional CPD records and legal limitation periods. After the relevant retention period expires, personal data is securely deleted or anonymised wherever possible so that you can no longer be identified.

If you would like more detail about how long we keep particular categories of data, you can contact us using the details below.

Your rights

Depending on where you live and subject to certain conditions and exceptions, you may have rights to:

  • Access the personal data we hold about you and receive a copy of it.
  • Ask us to correct inaccurate or incomplete data.
  • Ask us to delete your data in certain circumstances (for example where it is no longer needed for the purposes for which it was collected and we have no legal reason to keep it).
  • Ask us to limit how we use your data in certain circumstances (for example while we are considering a request to correct it).
  • Object to certain types of processing, for example where we rely on legitimate interests, or to receiving direct marketing.
  • Receive your data in a structured, commonly used, and machine‑readable format and/or ask us to transfer it to another organisation where technically feasible (data portability), where the processing is based on consent or contract and carried out by automated means.
  • Withdraw consent at any time where we rely on your consent (for example for optional communications or processing of certain special category data). Withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn.

We will explain if we cannot fully meet a request because of legal, regulatory, or legitimate business requirements (for example where we need to retain certain records to evidence CPD participation, respond to complaints, or comply with legal obligations).

If you are in the UK and have concerns about how we handle your data, you also have the right to complain to the Information Commissioner’s Office (ICO). We would encourage you to contact us first so that we can try to resolve your concerns.

Islamic ethical principles

Our approach to confidentiality and data minimisation is also informed by Islamic ethical principles of safeguarding privacy (satr), avoiding harm, and handling entrusted information with integrity (amanah).

Contact

If you have questions about this policy or want to exercise your rights, please contact us at:
https://muslimweightmanagement.com/contact

or using any dedicated privacy contact details we provide in our online materials.

We will respond within a reasonable timeframe and, where required by law, within the relevant statutory time limits for responding to data protection requests.

Governing law

This policy is governed by the law of England and Wales. If there is any inconsistency between this policy and mandatory local law where you are based, mandatory local law will prevail to the extent of that inconsistency.