Privacy policy

Pharmacy2U, also trading under the name of “Chemist Direct”, “Pharmacy2U Pet Health” and “The PharmPet Co”, is a UK online pharmacy registered with the General Pharmaceutical Council (GPhC). You can review our GPhC registration details at:

www.pharmacyregulation.org/registers/pharmacy/registrationnumber/9010146

We use this privacy policy to give you information about how we handle information about you when you visit our websites (pharmacy2u.co.uk, shop.pharmacy2u.co.uk, chemistdirect.co.uk and health.royalmail.com) and mobile apps or use our services, apply to work at Pharmacy2U or use our vaccination and health services centres.

We respect your right to privacy and are committed to explaining clearly and honestly how we use any information that we have about you. This privacy policy will help you to understand what information we collect, why we collect it, and what we do with it.

To register and access certain services on this site, individuals under the age of 18 may do so for services where UK law permits access without parental consent, such as sexual health services, mental health support, and substance misuse advice. While minors may have the capacity to give informed consent for these services, as acknowledged by UK law and NHS guidelines, we reserve the right to evaluate such capacity to ensure informed consent is appropriately obtained. It is the user's duty to provide true and accurate information when registering.

Should we be unable to affirmatively determine a minor's capacity to consent, we maintain the discretion to refuse the creation of an account or provision of services. Users are responsible for their own use of this site and any associated orders. It is crucial for users to protect their login details against unauthorised use. When services necessitate parental or legal guardian consent for users under 18, we require such consent to be verified, with the parent or legal guardian assuming responsibility in alignment with our terms. Pharmacy2U endeavours to ensure the accuracy of this website's content; however, within legal limits, Pharmacy2U disclaims all warranties related to the content herein.

Your privacy matters to us, so whether you are new to Pharmacy2U or a long-time patient, please do take the time to read this policy. If you have any questions, please let us know by using the contact details provided below.

A member of our team, called the Data Protection Officer, oversees our data processing activities and how we handle your personal data. You can contact our Data Protection Officer by:

Email: [email protected]
Phone: 0113 265 0222

Post through our head office:

Pharmacy2U Limited,
Lumina,
Park Approach,
Thorpe Park,
Leeds
LS15 8GB

If you have any questions about this policy or our approach to data protection and privacy, please contact our Data Protection Officer.

We want to be as transparent as possible about how your personal data may be processed as this will vary depending on how you engage with Pharmacy2U. As we have multiple health and wellbeing services, your data’s journey through Pharmacy2U can vary greatly. For more detailed information about how your data may be processed through each of our services, please follow the links below:

The national data opt-out is an NHS Digital service which allows an NHS patient to opt out of their confidential patient information being used for research and planning in certain specific circumstances. 
 
Further information on the National Data Opt-Out programme can be found here: https://digital.nhs.uk/services/national-data-opt-out-programme

The above information marked with an asterisk (*) may be used for automated decision making or profiling purposes. We do this to: 

• Help us to understand our customers and to help us identify and market to customers with similar characteristics. 

• Enable us to determine if you might be interested in other products and services we provide. 

• Enable us to determine if products and services of other organisations are likely to be of interest to you. 

• Enable us to determine if you are likely to be suitable to take part in clinical trials and medical research we may be involved with from time to time (please refer to the section below). 

• Determine if our products and services of other organisations similar products and services may be of interest to you. 

The law allows us to collect and use this information on the basis that it is in our legitimate interests of operating and improving our commercial pharmacy services. 

We do not use any medical data, information about your health, or any other sensitive personal data for profiling and segmentation, except in some circumstances. Segmentation is the process of creating individual lists or groups based on select criteria. The circumstances where we may undertake profiling of medical data will be to undertake the provision of healthcare and treatment (e.g. establishing if you require flu jabs, vaccinations, eligibility for condition-specific information, or clinical trials). The specifics on this are outlined above. 

We will use information about the products and services you order for profiling purposes to help improve our marketing. 

The automated decision making that we undertake does not have any legal or other similarly significant effects on our patients. This is because every decision is reviewed by a suitable person before being put into effect. What this means is that we will not make decisions about you that are only determined by computers. Individuals will be given clear privacy and product information explaining that automated decision making may be used to interpret such things as dosage instructions where needed. The service remains bounded by fallback routes, pharmacist or clinical override, and exclusions for unsupported or low-confidence cases. 

You have the right to object to any processing that is based on our claim of our “legitimate interests” including profiling and automated decision making as outlined in the Your Rights section below.

Pharmacy2U's online doctor services are provided in collaboration with Expert Health Limited (“Expert Health”) 

Who provides the Online Doctor Service 

For online consultations and prescribing we work with independent healthcare providers Expert Health Limited. 

• For clinical consultations and prescribing, the relevant provider (Expert Health) is the controller of your clinical data. Their privacy notices explain how they process that data. 

• Pharmacy2U Limited is a separate controller for pharmacy dispensing and delivery, your P2U account and our own communications. 

• We use technology providers (for example, a telemedicine platform) as processors under contract for the relevant controller. 

Data Control and Processing 

• Expert Health Limited: As the data controller for clinical data, Expert Health manages your personal data strictly for the purpose of delivering the clinical and prescribing services. Expert Health operates in compliance with UK data protection laws. For further information on how Expert Health processes your personal data, please consult the Expert Health Privacy Notice.  

• Pharmacy2U Limited: In conjunction with Expert Health, Pharmacy2U also acts as a data controller, processing data that is necessary to manage your overall care and facilitate your access to clinical and prescribing services which are provided by Expert Health. 

How We Use Your Data 

Patient Record Management: We maintain patient records to manage your treatment effectively.  

• Identity Verification: We conduct identity checks using public databases and LexisNexis Identity Verification Services to meet regulatory requirements. You have the right to access records held by credit reference and fraud prevention agencies, including LexisNexis. Visit the LexisNexis page for more information on how to exercise these rights.  

• Service Delivery: We use your information to deliver services, manage treatments, gather feedback, and handle inquiries or complaints. This usage is underpinned by our contractual and legal obligations, and our legitimate business interests in providing a high quality service.  

• Communication: We contact you about service availability, order queries, or issues for record-keeping.  

• Consent-Based Activities: With your consent, we engage in:  

• Market research to enhance our services.  

• Marketing communications through various channels about promotions, tailored offers, and other relevant information. You may withdraw your consent at any time as detailed in the 'Your Rights' section below.  

• Quality and Security Measures: With your consent, we may monitor calls for training and quality assurance. We also analyse website activity to maintain security.  

• Legal Compliance: We process data as required by law, for instance in response to legal requests from courts or regulatory bodies. 

Why we use your data and our legal bases 

• Remote consultation, clinical assessment and prescribing – Art. 6(1)(b) contract; Art. 9(2)(h) health care; DPA 2018 Sch. 1 para 2. 

• Dispensing and delivery – Art. 6(1)(b); Art. 9(2)(h); Sch. 1 para 2. 

• Safeguarding / serious risk – Art. 6(1)(c)/(e)/(f) as applicable; Art. 9(2)(g) substantial public interest or 9(2)(c) vital interests; DPA 2018 Sch. 1 para 18/4. 

• Customer service, complaints and quality monitoring – Art. 6(1)(b)/(f); Art. 9(2)(h) where health data is involved; Sch. 1 para 2. 

• Direct marketing by email/SMS/app – Art. 6(1)(a) consent; PECR consent applies. 

• Analytics and website/app performance – we use analytics tools to help us understand how people use our website and app and to improve performance and security. We only set analytics cookies with your consent (see Cookies section), and then rely on our legitimate interests in running and improving our services to analyse the resulting information. 

• Fraud prevention and security – Art. 6(1)(f); where health data is touched, Art. 9(2)(g)/(h) as applicable; DPA 2018 Sch. 1 paras 10/2. 

We rely on the common law duty of confidentiality for medical information and usually seek your consent before sharing with your GP or other providers unless the law allows or requires otherwise. 

We maintain an Appropriate Policy Document under the DPA 2018 for our special category/criminal records processing.

If you take part in our Refer-a-Friend programme (RAF), we process your personal data to set up and run your participation, attribute referrals, issue and manage credits, provide support, and prevent misuse or fraud. For these core activities our lawful basis is contract (Article 6(1)(b)) because the processing is necessary to perform the RaF terms you agree to. We may also rely on legitimate interests (Article 6(1)(f)) for fraud prevention, service analytics and programme monitoring, and on legal obligation (Article 6(1)(c)) to keep records we must retain. Where we send you electronic marketing about the programme, we rely on your consent or the soft opt-in under PECR, and you can opt out at any time. We do not ask you for your friends’ contact details and do not message them on your behalf. A referred friend provides their own details and choices when they sign up; until they do, only minimal referral attribution data is processed. 

When a referred friend uses the Online Doctor service, Expert Health Limited acts as independent controller for the consultation and clinical records, and Pharmacy2U Ltd remains controller for the RaF scheme, your account and any dispensing. We keep RaF records only as long as needed for the programme and our legal obligations, usually up to six years. 

Where you use a friend’s referral link or code, once the referral qualifies, after consultation approval, we will confirm to the referrer only that a referral credit has been added to their account, but we will not disclose your identity, the specific code used, or any details of the consultation or service you engaged with. 

• Expert Health Limited is regulated by the Care Quality Commission in England. 

• Healthcare professionals providing services are registered with the General Medical Council or the General Pharmaceutical Council in the UK. 

Company information and registration with regulatory bodies  

• Expert Health Limited is a company registered in England and Wales with company number 04058287 and its registered office at Lumina, Park Approach, Thorpe Park, Leeds LS15 8GB. It is registered with and regulated by the Care Quality Commission in England. https://www.cqc.org.uk/location/1-347369219 It is also registered with the Information Commissioner’s Office (ICO) under registration reference Z9318313. 

• Healthcare professionals who are engaged by Expert Health provide clinical and prescribing to you are registered with the General Medical Council, as applicable, in the UK.  

In order to provide you with our products and services, we use other organisations to help carry out some of the processing activities on our behalf. 

These types of organisations may include: 

• Laboratories; 

• Technology hosts; 

• Providers of website and app analytics and user experience tools; 

• Printing companies; 

• Providers of digital advertising services; 

• Providers of marketing and sales software solutions; 

• Mailing houses;  

• Drug manufacturers and 

• Identity verification partners. 

In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this Privacy Policy. 

We also collect, use and share Aggregated/Anonymised Data such as statistical or demographic data for any purpose. 

Aggregated Data may be produced from your personal data, however it does not individually identify you, directly or indirectly, and so it is not considered to be personal data. For example, we may aggregate your usage data with other users’ data to calculate the percentage of users accessing a specific website page. Additionally, we may aggregate your data to create marketing personas/lookalikes to help improve our advertising. Our analytics and user experience tools mainly operate on aggregated or pseudonymised information, and we configure them to avoid capturing the content of medical or payment information you enter wherever possible. 

However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data. This combined data will be used in accordance with this privacy policy. 

Please note, where we aggregate data for marketing purposes, it will not be combined with your personal data, and you will not be able to be directly or indirectly identified as a result. 

Transitioning to a Soft Opt-In Approach: Enhancing Our Communication 

As Pharmacy2U expands its operations, we're broaden the application of our customer-focused marketing strategy across various platforms, including ChemistDirect.co.uk, the P2U Shop, and our main website that offers an array of NHS and private health services. Our commitment to your privacy and preferences remains steadfast, which is why we've adopted a 'soft opt-in' approach to keep you informed about products and services you truly care about. 

Our Soft Opt-In Approach Explained: 

We respect your choices and interests. By employing a 'soft opt-in' strategy, we ensure that communications about marketing are only sent to you if they relate to products or services you've shown interest in or purchased from us in the past. This approach is now extended across Pharmacy2U's offerings, including our main website and the P2U Shop, ensuring a cohesive and respectful communication practice throughout our services. 

Transparent Communication: 

When you share your details with us, we'll be crystal clear about how we plan to use them, especially regarding marketing communications. You'll always know when you're opting in or out, and we provide a simple and direct way for you to decline these communications if you prefer. 

Marketing Messages — Always In Your Control: 

Each message we send will include an easy opt-out option, affirming your ability to control your preferences at any time. Furthermore, we've made managing your communication preferences even simpler with the introduction of our Communication Preference Centre accessible directly from your account. This means you have the flexibility to opt-out of specific channels, such as text, email, or post, or even tailor your interests to ensure you receive only the most relevant information. Our aim is to empower you with complete control over how we communicate with you, making it easy to customize your preferences to suit your individual needs and interests. 

Similar Goods and Services and Our PetHealth Offering 

Pharmacy2U provides a broad range of health and wellbeing products and services under one unified brand. This includes NHS pharmacy services, private healthcare services, consumer health products from the Pharmacy2U Shop, and our PetHealth services for veterinary prescription dispensing and pet over-the-counter and wellness products. PetHealth and “The PharmPet Co” are trading names of Pharmacy2U Limited and are not separate companies. 

When we rely on the ‘soft opt-in’ under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (PECR), we will only send electronic marketing where you have given us your contact details in the course of purchasing or enquiring about our services, and where the marketing relates to Pharmacy2U products and services we reasonably believe may be of interest to you. We consider similar goods and services to include the integrated range of Pharmacy2U health, pharmacy, wellness and related services. 

We recognise that not everyone is interested in pet health products. You can adjust your marketing preferences or opt out of email or SMS marketing at any time through the Communication Preference Centre by using the opt-out link in our communications. 

Unified Data Management within Pharmacy2U Group 

As part of the Pharmacy2U Group's commitment to enhanced patient services following the acquisition of LloydsDirect ,a trading name of Metabolic Healthcare Ltd, we are integrating our processes to improve the prescription experience. Your data might be collaboratively managed across the group to facilitate superior and streamlined services under the unified Pharmacy2U brand. This may involve sharing your data within the group entities to fulfil our service obligations and to support our continuous improvement. With your consent, we're transferring customer data from LloydsDirect to Pharmacy2U, ensuring a continuous, high-quality service. Preliminary non-sensitive data sharing lays the groundwork for a seamless integration into the Pharmacy2U environment. Rest assured, any internal data processing will strictly adhere to the highest standards of data protection, ensuring the security and confidentiality of your personal information.

Prescription Data with IQVIA 

In line with practices common among larger pharmacies, we share prescription and prescriber information with IQVIA Ltd, a company incorporated in England and Wales (Registered Address: 3 Forbury Place, 23 Forbury Road, Reading, RG1 3JH; Company Registration Number: 03022416). This sharing of information is based on the legitimate interest for supporting enhanced healthcare analytics and research, contributing to the broader objectives of healthcare improvement and innovation. 

The information shared is in the form of anonymous or aggregated data and does not include any personal data of our customers receiving prescriptions. The prescriber information we share consists only of publicly available data, such as the name and workplace address of prescribers, and is considered non-sensitive. 

We believe that this practice presents a very low risk of harm and aligns with the NHS's policy of releasing prescribing information by GP practice. 

Roczen Ltd 

Roczen provides a medically led, digitally optimised specialist weight management service connecting patients to a multidisciplinary clinical team. The Roczen platform can provide lifestyle only intervention. The platform also provides wraparound care for patients who are taking Anti-Obesity Medications prescribed through a P2U. Roczen Ltd registered in England with number 13251035 whose registered office is at One, Fleet Place, London, England, EC4M 7WS.  

P2U understands this relationship will improve clinical understanding of weight loss management as well as providing a relationship which will improve a patient with lifestyle interventions for the improvement of health. 

Our Future Health research programme 

Our Future Health is the UK’s largest-ever health research programme. It is designed to help people live healthier lives for longer through the discovery and testing of more effective approaches to prevention, earlier detection and treatment of diseases. 

Millions of people, from all backgrounds and from right across the UK, are invited to take part. Volunteers will provide information about their health and lifestyles to create an incredibly detailed picture that represents the whole of the UK. 

By developing a more detailed understanding of what makes certain people more likely to develop a disease - plus what to look out for before any symptoms appear - Our Future Health has the potential to help to develop far more effective approaches to both prevention and treatment. 

Pharmacy2U has been asked to identify people who are eligible and to invite them to join the Our Future Health research programme. We will use the data we hold to identify suitable people and send them an invitation to take part. The data used will include name, date of birth and address. Your personal data will not be shared directly with the research programme. 

The programme is organised by Our Future Health is a company limited by guarantee registered in England and Wales (number 12212468) and a charity registered with the Charity Commission for England and Wales (charity number 1189681) and OSCR, Scottish Charity Regulator (charity number SC050917). Registered office: 2 New Bailey, 6 Stanley Street, Manchester M3 5GS. 

It will always be entirely your decision whether or not to participate in Our Future Health. Your decision will not have any effect on the services we provide to you. We won’t disclose any information about you which allows you to be identified to Our Future Health or the NHS without your explicit consent. 

The research programme has requested that all eligible people be contacted once only. To manage the invitation process, we will need to keep the list of people who have been invited until six months after the research programme recruitment is complete. This is to ensure that you are not invited if you have told us you do not want to be contacted, and that no one is invited more than once. 

The Health Research Authority has provided legal support to the Our Future Health research programme under Section 251 of the NHS Act 2006 and Regulation 5 of The Health Service (Control of Patient Information) Regulations 2002 which enable the common law duty of confidentiality to be temporarily lifted so that confidential patient information can be processed by NHS Digital on behalf of the programme. This support provides the legal basis for suitable participants to be invited to join the research programme. This is following advice from the Confidentiality Advisory Group, an advisory body which provides independent expert advice on the use of confidential patient information without consent in England and Wales. 

More information is available at https://ourfuturehealth.org.uk/  

Personal Demographics Service (PDS FHIR API) 

• If you are receiving care from a health or care organisation, that organisation may share your NHS number with other organisations providing your care. This is so that the health and care organisations are using the same number to identify you whilst providing your care. By using the same number the health and care organisations can work together more closely to improve your care and support. 

• Your NHS number is accessed through an NHS England service called the Personal Demographic Service (PDS). A health or care organisation sends basic information such as your name, address and date of birth to the PDS in order to find your NHS number. Once retrieved from the PDS, the NHS number is stored in our case management system. These data are retained in line with our record retention policies and in accordance with the Data Protection Act 1998, Government record retention regulations and best practice. Further information is available on our website. 

• We will share information only to provide health and care professionals directly involved in your care access to the most up-to-date information about you. Access to information is strictly controlled, based on the role of the professional, and where the user has a direct care relationship with you. 

• The use of joined up information across health and social care brings many benefits. One specific example where this will be the case is the discharge of patients into social care. Delays in discharge (commonly known as bed blocking) can occur because details of social care involvement are not readily available to the staff on the hospital ward. The hospital does not know who to contact to discuss the ongoing care of a patient. The linking of social care and health information via the NHS number will help hospital staff quickly identify if social care support is already in place and who the most appropriate contact is. Ongoing care can be planned earlier in the process, because hospital staff will know who to talk to. 

• You have the right to object to the processing of your NHS number in this way. This will not stop you from receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options that you have. 

• If you wish to opt-out from the use of your NHS number in this way, you can contact us by phoning 01234 123123 or by emailing [email protected]. 

Clinical research, medical trials and studies and automated decision-making 

As a respected medical business, we are often approached by other professional organisations looking for people to participate in medical research, clinical trials of new treatments for example, or other medical studies. We believe that it is vitally important such trials take place and aim to support them as far as we can. 

This is how we determine if you would be a suitable participant in a clinical trial: 

• Sponsors of trials approach us with a profile of people they are seeking to participate. This may include information such as gender, age band, geographic location and details of health conditions or medications they are researching. 

• We will look at our database of patients to find people who meet the participant profile using the information we hold about each patient. 

• We will provide all those individuals who have been identified as suitable to participate in a trial with information about it and will, subject always to consent, disclose their contact information to the trial sponsor. 

It will always be entirely your decision whether or not to participate in a clinical trial. Your decision will not have any effect on the services we provide to you. We won’t disclose any information about you which allows you to be identified to any trial sponsor without your explicit consent. 

The law allows us to undertake profiling and automated decision making in pursuit of our interests of promoting our business as a leading provider of pharmaceutical services and maintaining a database of patients for our commercial benefit. The law also allows us to undertake this type of processing to support the interests of sponsors of clinical trials and research. The law (Data Protection Act 2018 Section 19, and Schedule 1 Section 2 and Section 4) permits us to use medical data and health information for the listed purposes as it is necessary for medical research, and the provision of health care/treatment. The UK introduced a national data opt-out (https://digital.nhs.uk/services/national-data-opt-out) in May 2018 whereby all UK NHS patients were automatically opted into a scheme allowing NHS organisations to share patient information for the purposes of research and planning. You may choose to opt out. For further information please visit https://www.nhs.uk/your-nhs-data-matters/manage-your-choice. 

We may process your data to help us identify patients based on the clinical trial eligibility criteria of the specific trial. The automated decision making that we undertake does not have any legal or other similarly significant effects on our patients because every decision is reviewed by a suitable person before being implemented. What this means is that we will not make decisions about you that are wholly determined by computers alone. 

You have the right to object to any processing that is based on our claim of our “legitimate interests” including profiling and automated decision making as outlined in the Your Rights section below. 

We retain information about which clinical trials we think you are suitable for and the basis of our decision making only for as long as we need it. The high-level profile information is shared with clinical research companies to allow them to determine if we are likely to have any suitable research/trial candidates. We will ordinarily only disclose information about those people who meet the trial person profile specification with explicit consent unless the research program is so generic that it does not require the disclosure of any data concerning health in which case we may choose to disclose a list of candidates on the basis of the legitimate interests of the trial sponsor. We may also disclose information about our customers' participation in clinical trials and medical research to our professional and medical advisors. 

The ICO has produced wider guidance on direct marketing for the public sector. Pharmacy2U, as is the case with other commercial pharmacies, provides pharmaceutical services under the National Health Service Act 2006 and is therefore considered a public authority specified in respect of information relating to those services. This guidance specifically considers the rules on direct marketing in the context of health and care communications. It includes some case studies at the end. 

While direct marketing communication sent by electronic mail or text will need the consent of the individual prior to sending that communication. Following NHS England guidance messages and communications about: 

• Communications about research participation from organisations whose tasks and functions include the conduct of health and social care research 

• Information to an individual to inform them about a health or social care research project they may be eligible to participate in 

These would be seen as necessary for your organisation's task and function, so are NOT direct marketing. 

You have the right to object to any communication about health and social care research, please contact any member of staff or email us at [email protected].

Service Messages 

We send automated communications to customers in addition to manual communications which react to a specific inquiry or order. In line with ICO guidance, routine customer service messages do not count as direct marketing – in other words, correspondence with customers to provide the information they need about a current contract, services they requested, or past purchases. You will receive these messages, even if you have not opted into marketing or unsubscribed from our email communication. 

The ICO also clarifies that general branding, logos, or straplines in these messages do not count as marketing. The sending of service messages without explicit consent is lawful as it is communication in regards to the fulfilment of our contract with you and it is in our legitimate interest to keep our customer base up to date and informed about the service, pursuant to Art.6.1(f) UK GDPR, whereby processing is lawful where it is necessary for the legitimate interest of the controller. Further information is also available on the ICO website. 

NHS Service Information Messages 

As part of our commitment to providing high-quality healthcare services, Pharmacy2U may send communications to patients about relevant NHS services, such as our new NHS oral contraception service. These messages are sent in compliance with NHS direct marketing guidance and are considered necessary communications regarding available NHS services pertinent to your healthcare. They are not classified as 'direct marketing' but are vital to inform you about relevant healthcare options and services that you are eligible for. 

The legal basis for sending these NHS Service Information Messages is our legitimate interest in keeping our customers informed about essential healthcare services, as outlined in Article 6(1)(f) of the UK GDPR. This interest aligns with ensuring that you have access to the most relevant and beneficial healthcare services available to you. 

While these communications are part of our effort to ensure you are informed about healthcare services that may benefit you, we respect your preference regarding such communications. If you wish not to receive informational messages about NHS services, you may contact our Data Protection Officer at [email protected]. 

Data Accuracy Messages 

If you have registered with Pharmacy2U for the NHS Repeat Prescription Service, but are not actively using the account you will periodically receive a message and askes to review and update your account details. 

For clinical reasons and under the Data Protection Act 2018 we have a legal obligation to ensure that our patient data is ‘accurate‘ and is up to date and gets delivered to the right delivery address. The guidance of the Information Commissioner’s Office (ICO) also says, “It may be sensible to periodically ask individuals to update their own details”. Please see Pharmacy2U’s privacy policy for further information. 

Public Health Messages 

Occasionally, we process your personal data for purposes directly connected with ensuring that you receive high-quality healthcare through the NHS and informing you of services that may be relevant to you. This includes information about the COVID-19 vaccination programme and the seasonal flu vaccination programme. 

If we do this directly on the request of the NHS to support their statutory functions, this can be done without your consent as the NHS is established by Act of Parliament and is required by law to carry out these functions, under Data Protection law they are allowed to process your personal data because the processing is ‘necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.‘ 

If not instructed directly, the legal basis for sending these messages is legitimate interest. 

Partially completed order messages 

As part of our clinical responsibility to patients, we may also send you emails if you only partially complete a prescription order on our website or app. We assessed that informing the patient about an incomplete prescription order is both in the interest of the patient, as well as in our interest as the registered pharmacy. The legal basis for sending these messages is therefore legitimate interest.

Pharmacy2U is a commercial business, and our success is based not only on the trust of our customers but on adopting a responsible approach to marketing. We use the information we hold about our customers for direct marketing purposes including sending direct marketing materials about our products and services that we believe may be of interest to you via mail, email, SMS, and telemarketing. We also may customise the adverts you see on our website. Usually, adverts are customised through automated decision making, based on the pages you have visited on our site previously. 

The law allows us to undertake direct marketing in pursuit of our interests in promoting our business. You may object to our using information about you for direct marketing purposes as outlined in the Your Rights section below. 

We will only send direct marketing materials to you via email or other electronic messaging if you have consented to us to do so or if they relate to our own products and services similar to those that you have previously expressed an interest in or ordered. We maintain records of consent: you may withdraw your consent at any time. 

Pharmacy2U provides a broad range of health and wellbeing products and services under one unified brand. This includes NHS pharmacy services, private healthcare services, consumer health products from the Pharmacy2U Shop, and our PetHealth services for veterinary prescription dispensing and pet over the counter and wellness products. PetHealth and “The PharmPet Co” are trading names of Pharmacy2U Limited and are not separate companies. 

When we rely on the ‘soft opt-in’ under the Privacy and Electronic Communications Regulations (PECR), we will only send electronic marketing where you have given us your contact details in the course of purchasing or enquiring about our services, and where the marketing relates to Pharmacy2U products and services we reasonably believe may be of interest to you. We consider similar goods and services to include the integrated range of Pharmacy2U health, pharmacy, wellness and related services. 

We recognise that not everyone is interested in pet health products. You can adjust your marketing preferences or opt out of email or SMS marketing at any time through the Communication Preference Centre in your account, or by using the opt-out link in our communications. 

When we undertake direct marketing by telephone, we will always check whether you are registered on the telephone preference service (TPS), the UK’s register of numbers that may not be used for telephone marketing. 

We retain information about your interaction with our direct marketing activities only for as long as we need it which is generally no longer than 2 years from the end of a campaign. We may retain anonymised campaign statistics for a longer period of time to allow us to monitor our direct marketing activities year on year. Like many organisations, we use specialist service providers to help us to carry out our direct marketing including marketing agencies, printing and mailing companies, email/SMS broadcasting providers, telephone marketing agencies and other similar professional advisors which means information about you may be disclosed to them. 

When we undertake customer surveys or email broadcasting, we may use specialist services providers in other countries including for example SurveyMonkey and Sailthru both of which are based in the USA. Whenever we transfer information about you overseas, we will make sure that we implement suitable safeguards including for example using appropriate contracts which hold our suppliers to account and provide protection to your rights and freedoms. For further information about international transfers of personal data please contact our Data Protection Officer. 

Marketing for others 

We also use the information we hold to undertake direct marketing activities on behalf of other organisations. 

We will not send any direct marketing materials to you by email or other electronic methods about any third party without your specific consent. 

We retain information about your interaction with the direct marketing activities we undertake only for as long as we need it which is as long as you are a customer with us, and once you are not, for 3 months beyond then. 

We also use the information we hold to undertake direct marketing activities on behalf of other organisations, including the NHS. For example, where we have your consent, we may send you the information in the form of specific emails or newsletters about specific partners whose offers we believe may be relevant to you. These may include organisations in these categories: 

• Healthcare products and services 

• Retail 

• Financial services 

• Leisure 

• Charities 

• Clinical trial operators and research organisations 

The law allows us to send to you direct marketing materials on behalf of other organisations on the basis of their commercial interests. You may object to our using information about you for direct marketing purposes as outlined in the Your Rights section below. 

We will not send any direct marketing materials to you by email or other electronic methods to any third party without your consent. 

We retain information about your interaction with the direct marketing activities we undertake only for as long as we need it which is generally no more than 2 years after a campaign. 

In general, whilst we may undertake direct marketing on behalf of others, we will not disclose any information about you to third parties for them to undertake direct marketing. In that way we retain control over the uses of information about you for direct marketing giving you one point of contact should you wish to object to such use. 

We will never share your personal information unless we have legitimate and lawful grounds to do so. We do not sell your data to third parties. 

Social media 

We may obtain information about you from social media channels including Facebook and Twitter. We use content aggregators such as Hootsuite to manage social media content that refers to us so that we can monitor market sentiment towards our brand and address any complaints or brand issues raised on social media. 

We may also process your data in order to identify people like you to send them marketing information. Should we use your data in this way your personal information will be anonymised. 

If you have consented to marketing, we may use your personal data to generate targeted marketing on social media sites, for example, Facebook. We send pseudonymised data in a way that only the intended end user can understand. We recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms. If you do not wish to receive such targeted marketing generally, you are able to switch this off within the social media site. 

The law allows us to undertake the listed activities on the basis of our legitimate interests of protecting and developing our business. We retain information on our social media pages and aggregators for no more than 2 years. Some of the social media channels we use to transfer personal data to the USA. Whenever we transfer information about you overseas, we will make sure that we implement suitable safeguards including for example using appropriate contracts which hold our suppliers to account and provide protection to your rights and freedoms. For further information about international transfers of personal data please contact our Data Protection Officer.

Retention of your information 

We only keep your personal details for no longer than is necessary for the purposes for which it is processed. For information relating to your recruitment (including interview notes) we will take into account the limitation periods for potential claims such as race or sex discrimination, after which the information will be destroyed. 

If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so. However, we shall first consider whether the records can be anonymised, and the longer period for which they will be kept. 

If your application is successful, we will keep only the recruitment information that is necessary in relation to your employment. For further information, see our data protection privacy notice employment. 

We keep a document which tells us how long we need to keep this information for in order to meet the above purposes. If you want more detail on this, please get in touch using the contact details given in the ‘Contact us’ section. 

Disclosing your personal information 

We may also need to share some of the above categories of personal information with other parties, such as HR consultants and professional advisers. 

Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. 

We may also be required to share some personal information with our regulators or as required to comply with the law. In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this Privacy Policy. 

Sensitive personal information and criminal records information 

Further details on how we handle sensitive personal information and information relating to criminal convictions and offences are set out in our PY056 Data Protection Criminal Records Information Policy. 

This policy is available from our HR department or DPT or within the confluence library. Alternatively you can contact us using the contact details below to ask us for a copy of this policy. 

Pharmacy2U is proud to be part of the national response to the coronavirus (COVID-19) pandemic and is operating vaccination centres across England as a ‘lead provider’ under the National Immunisation Management Service (NIMS). The NIMS is the NHS England’s centralised service for the management of both the COVID-19 and seasonal flu vaccination programmes. 

The key purposes of this central NHS system are to enable identification of priority groups, to send invitations to book appointments for vaccination, to manage and monitor the progress of the programme. Further information can be found at: https://www.england.nhs.uk/contact-us/privacy-notice/national-flu-vaccination-programme/ 

The list of people that have been identified and invited by the NIMS for a COVID-19 vaccination is sent to the NHS National Booking System, which invitees can use to book an appointment online. This system is managed by NHS Digital (data controller). You can contact NHS Digital at: [email protected] or call 0300 303 5678. 

NHS Digital is sharing the details of the individuals booked for a specific time at this vaccination centre with Pharmacy2U (data processor). You can contact Pharmacy2U’s information governance team at: [email protected]. 

NHS Digital sends daily updates to GP systems to allow them to update their local record and monitor progress for their patients.

Your rights regarding your personal information are detailed in this Privacy Policy. It outlines how to contact us or supervisory authorities if you have complaints or queries about your data rights.  

For further information, please review our complete Privacy Policy and the Expert Health's Privacy Policy and Terms and Conditions. 

Retention of your information 

We keep a document which tells us how long we need to keep this information for in order to meet the above purposes. If you want more detail on this, please get in touch using the contact details given in the ‘Contact us’ section.  

Unless we explain otherwise to you, we will retain your personal data on the basis of the following guidelines: 

• for as long as we have a reasonable business need, such as managing our relationship with you and managing our business 

• for as long as we provide services to you and then for as long as someone could bring a claim against us; and/or 

• in line with legal and regulatory requirements or guidance. 

Right of Access 

You have the right to obtain confirmation from Pharmacy2U as to whether personal data concerning you are being processed and, where that is the case, access to that data. 

Right to Rectification 

You have the right to oblige Pharmacy2U to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement. 

Right to Erasure (Right to be Forgotten) 

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to erase personal data concerning you. 

Right to Restriction of Processing 

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you. 

Right to Data Portability 

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to provide you with the personal data about you which you have provided to Pharmacy2U in a structured, commonly-used and machine-readable format. 

You also have a right to oblige Pharmacy2U to transmit those data to another controller. 

Right to Withdraw Consent 

If the lawful basis for processing is consent, you have the right to withdraw that consent. 

Right to Object to Direct Marketing 

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing. 

Rights in Relation to Automated Decision-Making and Profiling 

Pharmacy2U may perform some automated decision-making based on personal data, as outlined above in the ‘Automated decision-making and profiling’ section. However, this will not produce any legal effects on you. 

You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply to you. This is because they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, any automated decision making that we carry out in relation to your personal data does not have any legal effects on you. However, some rights will always apply. For example, your right to withdraw consent or object to processing for direct marketing are absolute rights. 

NHS National data opt-out for research and planning purposes 

You may choose to opt out of the NHS using your data for planning and research purposes – details are obtained by: 

• visiting the www.nhs.uk/your-nhs-data-matters website portal; using the NHS App; or 

• writing an email to [email protected], or 

• writing by post to National Data Opt Out, Contact Centre, NHS Digital, HM Government, 7 and 8 Wellington Place, Leeds, LS1 4AP; or by 

• calling the NHS Digital contact centre - 0300 303 5678 (open workdays Monday-Friday, 9am-5pm). 

Your right to complain to us about how we use your data 

If you believe we have not complied with data protection law, you can make a complaint to us. You can do this via your account or by emailing [email protected]. We will acknowledge your complaint within 30 days and respond without undue delay after we have investigated. You can still complain to the ICO at any time (see Contact details below). 

If you wish to exercise any of your rights concerning your personal data, you should contact Pharmacy2U’s Data Protection Officer at the address shown below in the ‘Contact us’ section. 

If you are not happy with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is: 

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

Telephone: 0303 123 1113 

e-mail: [email protected]

You can find out more information about your legal rights can be found on the Information Commissioner’s website at: https://ico.org.uk/for-the-public

Where data is transferred outside the UK, we use UK adequacy regulations, the UK–US Data Bridge (where available) or approved contracts such as the IDTA or SCCs with the UK Addendum. You can request a copy of the relevant safeguards from the DPO (redactions may apply for confidentiality). 

Pharmacy2U acknowledges and respects the importance of your privacy. We have partnered with various service providers to offer you an expanded range of services. While using these services, your data protection remains a priority for us. 

When you sign up for services through our partnership program, please note the following: 

Data Sharing: Upon registration to our partner services, our partners will share information with Pharmacy2U regarding your sign-up and the specific services you have requested. This shared information is limited to your registration status and service requests. 

Legitimate Business Interest: The data shared between Pharmacy2U and our partners is done based on legitimate interest. This allows us to understand and cater to your needs better and enables us to provide a more personalized experience for you. 

We assure you that this data sharing respects all applicable laws and regulations regarding data protection and privacy. It is carried out with the utmost level of security and confidentiality. 

By signing up for our partner services, you acknowledge and accept these terms related to data sharing and privacy. For any further queries or concerns, you may contact us at [email protected]. 

Our partnership services are: 

• ‘Pharmacy2U Medical Letters’ located at ‘medical-letters.pharmacy2u.co.uk’: This service is provided by ZoomDoc Limited, a company incorporated and registered in England and Wales, with a company registration number of 09540794. Their registered office is located at 2 Chanin Mews, London NW2 4AQ. The doctors associated with this service are registered with the General Medical Council, and ZoomDoc Limited is regulated by the Care Quality Commission. 

We, Pharmacy2U Limited, run our website at pharmacy2u.co.uk (our site). Our site uses cookies to help differentiate you from other users. Our websites use cookies to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our websites and also allows us to improve our websites. 
 
By law, website operators are required to ask for a website user’s permission when placing certain kinds of cookie on their devices for the first time. 
 
Where consent is required, the law states that it should be “informed consent”, which means we must ensure that you understand what cookies are and why we want to use them. We are committed to providing the best digital service to you whilst at the same time fully protecting your privacy. For further information on our cookies policy and how we use cookies through use of all our online services, please see below. 

What are Cookies?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. 
 
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests. 

Necessary Cookies

These cookies are essential in order to enable you to move around our websites and use its features, such as accessing secure areas of the websites. Without these cookies, services you have asked for cannot be provided. 
 
Your consent is not required for the delivery of those cookies which are strictly necessary to provide services requested by you. 
 
We use these types of cookies. 

Analytics Cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All the information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. Web analytics that use cookies to gather data to enhance the performance of a website fall into this category. For example, they may be used for testing designs and ensuring a consistent look and feel is maintained for the user. This category does not include cookies used for behavioural/ targeted advertising networks. 
 
We use these types of cookies, but you are able as a user to follow the link below and manage whether or not they are implemented on your device. 

Experience Cookies

These cookies allow our websites to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video. The information these cookies collect is generally anonymised and they cannot track your browsing activity on other websites. 
 
We use these types of cookies, but you are able as a user to follow the link below and manage whether or not they are implemented on your device. 

Advertising Cookies

These cookies are used to deliver adverts more relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation. 
 
We use these types of cookies, but you are able as a user to follow the link below and manage whether or not they are implemented on your device. 

Definitions used above are consistent with those supplied by the International Chamber of Commerce ‘ICC UK Cookie Guide’ April 2012. 
 
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. 
 
For more information on our position on the use of cookies, please contact us:  
 
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential Category 1 Cookies) you may not be able to access all or parts of our websites. For information on how to delete cookies, please refer to: https://ico.org.uk/for-the-public/online/cookies 

We may change our privacy policy from time to time. 

If we change anything important (the information we collect, how we use it or why), we will undertake reasonable efforts to make you aware of the changes such as by providing a link to the change on the website or telling you by email.

You can phone us on 0113 265 0222 or webchat with us from our website at www.pharmacy2u.co.uk/help-and-support. 

If you have any questions about our privacy policy or our approach to data protection and privacy you may send an email to [email protected], phone us or write to us. 

The Freedom of Information Policy ensures that Pharmacy2U acts in compliance to the Freedom of Information Act 2000 (FoIA). As we are a privately owned company, FoIA does not apply to the majority of the work that we undertake. However, FoIA does apply to the work that we do on behalf of NHS (such as GP and pharmacy) and so we will respond to FoIA requests in line with this policy. 

Scope - Policy Aim 

The aim of this Policy is to; 

• Promote more openness; 

• Promote a better informed public debate; 

• Improve public confidence in operations of public healthcare services; 

• Improve decision making to promote accountability; 

• Improve regulation; 

• Increase public participation to enhance democracy; 

• Promote the FoIA, in terms of accuracy and objectivity; 

• Improve information management; 

FoIA Summary 

The FOIA provides public access to information held by us in relation to activities we do on behalf of the NHS. It does this in two ways: 

• Pharmacy2U have to publish certain information about our activities on the NHS services we offer; and 

• Members of the public are entitled to request information from Pharmacy2U’s NHS services. 

The Freedom of Information Act covers any documented information held by a public authority. However, FoIA does not give people access to their own personal data. If you would like access to this, please follow the process outlined above in the Privacy Policy. 

Pharmacy2U has continued to demonstrate its commitment to all aspects of the FOIA and will continue to promote its values and ensure that it is compliant with legislation. 

Definitions 

The FOI Act is defined as any item of recorded material held by or on behalf of an organisation who provide services (such as GP and pharmacy) and hold information in paper or electronic form. This includes but is not limited to, all draft documents, agendas, minutes, emails, diaries, handwritten notes, text messages, messaging Apps (e.g., WhatsApp, MS Teams), personal email accounts and messages (where used in a work context) and all other recorded information, such as audio-visual. 

Policy Statement 

Pharmacy2U will take efforts to ensure that it maintains the principles of openness, transparency and accountability and will continue to improve access to information. 

How to make a FoIA Request 

A request for information under the FOIA must be: 

• in writing; 

• Stating the name of the applicant and an address to communicate through; 

• Description the information requested; 

Fees 

Pharmacy2U reserves the right to issue fees notice in line with section 9 of the FOI Act to cover the costs of disbursements (e.g. photocopying, postage etc.) 

Under ‘The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004’, Pharmacy2U is permitted to charge a fee to comply with requests made under the FOI Act, where the cost of compliance is estimated to exceed the appropriate limit (as set by Regulation 3 of The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004) of £450. Pharmacy2U reserves the right to issue a fees notice subject to these where it is considered necessary. In most cases where the Appropriate Limit would be exceeded however, Pharmacy2U would be likely to refuse to comply with the request. 

Pharmacy2U will ensure that fees notices are issued as soon as possible, and in any event within 20-working days of the original request being received by the organisation. The 20-working day timeframe will ‘pause’ at the point the fees notice is issued and will not recommence until the necessary payment has been received by the organisation (including the time taken for cheques to clear). 

If the applicant does not make the required payment within three months of the date of the fees notice, Pharmacy2U will regard the request as being ‘withdrawn’. The request will be closed on Pharmacy2U’s case management system and no response will be sent to the applicant. 

Our Response Time 

Pharmacy2U has systems and procedures to ensure that it complies with the duty to confirm or deny whether it holds requested information and to provide a response to requests within the statutory timeframe of twenty working days from the point of a valid request being received by the organisation. The timescales may be extended in limited defined circumstances set out in the legislation or Codes of Practice. 

If the information requested by the applicant incurs a charge or a fee and the applicant has paid this, the period from when the applicant received the fees notice to when they paid the fee is disregarded for the purposes of calculating the twentieth working day following receipt. 

Pharmacy2U may choose to apply an exemption or exception to any information where the exemption or exception applies, or to refuse a request if it is vexatious, repeated, manifestly unreasonable, or exceeds the appropriate limit for costs of compliance. A formal refusal notice which informs the applicant of this decision must be issued within twenty working days. 

Vexatious or Repeated Requests 

FoIA provides an exemption for Pharmacy2U to not comply with ‘vexatious’ requests where there is a strong likelihood that the request is being made to intentionally cause disproportionate or unjustified levels of disruption, irritation or distress. 

Pharmacy2U will not complete a request if we have already received an identical or similar request from the same individual unless a reasonable amount of time has passed since the original request was responded to and the new request was made. 

Advice and Assistance 

Pharmacy2U will provide advice and assistance to all requests for information, as far as reasonably practicable. 

Codes of Practice with FoIA 

The FoIA is supported by two codes of practice: 

• Access Code (Section 45) - Outlines good practice for Freedom of Information. 

• Lord Chancellors Code (Section 46) – Outlines good practice for record management. 

• Pharmacy2U will take steps to ensure that the codes of practice are applied wherever possible. 

Freedom of Information Refusals 

In some cases, Pharmacy2U may refuse requests for information under Section 17 of the FoIA. Pharmacy2U may issue a refusal notice if: 

• Information is not held; or 

• An exemption applies to this information. 

In some cases we may not hold the information requested - it may be that it is held by another party, most likely the NHS. If possible, Pharmacy2U will provide the requestor with information to redirect the request. However, Pharmacy2U are unable to not transfer the FoI request themselves to the other organisation. 

Refusal of requests 

Pharmacy2U has a duty under the legislation to confirm or deny whether information which has been requested is or is not held. 

The duty to confirm or deny does not arise where: 

• an exemption or exception which removes the duty to confirm or deny is applied 

• a fees notice has been issued and the fee has not been 

• an estimate demonstrates that the cost of compliance will exceed the appropriate limit (18 hours of staff time) 

• it can be demonstrated that the request is repeated, vexatious or manifestly unreasonable. 

• it is unclear what information is being requested 

Other than in circumstances where the duty to confirm or deny does not arise, applicants will be advised whether Pharmacy2U holds some, all or none of the requested information. 

Where NHS England does not hold some or any of the requested information, the applicant will be: 

• informed that NHS England does not hold the requested information 

• where only part of the information is not held, it will be made clear which parts are held, and which are not 

• provided with an explanation, where possible, of why the information is not held 

• provided with advice and guidance, wherever possible, regarding potential alternative sources of information 

Where NHS England does hold the requested information, the applicant will be: 

• informed that NHS England holds the requested information. 

• either: 

• provided with the requested information, plus any necessary or helpful explanatory information, or 

• provided with an explanation of why the information is exempt from disclosure, with specific reference to the exemption(s) or exception(s) which applies 

Where NHS England is refusing to comply with a request, the applicant will be: 

• provided with a refusal notice which confirms the reason for the refusal, for instance: 

• the request is invalid 

• the request will exceed time/cost limits 

• the request is vexatious or manifestly unreasonable 

Exemptions 

There are some circumstances where Pharmacy2U is not obliged to release information. Pharmacy2U may decide to apply exemptions under the FoIA and not provide the requestor with some information. If Pharmacy2U rely upon an exemption it will be explained to you in our refusal notice. 

A list of the exemptions to the FOIA can be found on the Information Commissioner’s Office website. 

Some of the exemptions are 'absolute', and so the exemption applies to all information which falls under the exemption. Other exemptions are 'qualified' and so will require a public interest test to determine if the exemption applies. Pharmacy2U will ensure that the public interest test is carried out for each of the qualified exemptions. If an exemption is applied it will be authorised by a senior officer. 

Internal Review 

If you are unhappy with a decision that Pharmacy2U has made, you can request for us to complete an internal review. Pharmacy2U’s internal review will be undertaken by a senior officer. Pharmacy2U has 20 working days to complete the review. 

Data Protection 

A FoI request may include personal data of the requestor or third parties. Pharmacy2U may refuse the request if disclosing the information in relation to third parties would be an actionable breach of confidence or data protection law. 

In cases where the request relates to personal data of the requestor, Pharmacy2U will refuse the request under the FoIA and shall ask for the request to be submitted as a Data Subject Access Request. This process is detailed in the above Privacy Policy, in the section titled ‘Your Rights’. 

Re-use of Public Sector Information Regulations 2005 

The regulations implement an EU directive that encourages the re-use of public information for purposes other than its original purpose. 

The regulations do not oblige Pharmacy2U to make their information available for re-use unless there is a statutory obligation to do so. 

The regulations apply to any recorded information (Freedom of Information), including whole or part of documents. Requests for re-use should be in writing and Pharmacy2U will aim to respond within 20 working days. 

Information Commissioner’s Office 

Pharmacy2U will consult with the Information Commissioner’s Office (ICO) when necessary. Pharmacy2U will refer to the ICO guidance and ensure that it is compliant with any measures of good practice that the ICO promotes. The ICO will investigate complaints in relation to Freedom of Information. 

Freedom of Information Publications Scheme 

Every public authority has a duty to have and maintain a Publication Scheme in order to allow for pro-active release of information. Pharmacy2U’s Publication scheme is available to view below. Our Publication Scheme contains the following types of information: 

• Who we are and what we do. 

• What we spend and how we spend it. 

• What our priorities are and how we are doing. 

• How we make decisions. 

• Our polices and procedures. 

• List and register. 

• The service we offer.