This policy describes how we, Pharmacy2U Limited, aim to repay the trust you have shown by sharing your personal information with us.
We are a leading online pharmacy in the UK, registered with the General Pharmaceutical Council (see our registration details at www.pharmacyregulation.org/registers/pharmacy/registrationnumber/9010146)
We run our website at www.pharmacy2u.co.uk (our site) and provide pharmacy services.
Our address is:
Leeds LS15 8GB
You can phone us on 0113 265 0222 or email us from our website at www.pharmacy2u.co.uk/help-and-support.
Your personal information is collected and processed by Pharmay2U Limited, a company incorporated under the laws of England.
Your privacy matters to us, so whether you are new to Pharmacy2U or a long-time patient, please do take the time to get to know our practices – and if you have any questions, please contact us.
The information we collect, the uses and the lawful basis
We will collect store and use your personal information to allow you to access parts of our website, register for an account, to provide our services and solutions. We have identified within the table below the types of information we may collect or receive, how we will use it and why we need your information.
We will never collect special category personal information (aka sensitive information) about you without your explicit consent unless this information was obtained based on other lawful grounds for example, for legal obligations with local authorities.
Your personal information may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency, in the defence of legal claims or in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats, to the physical safety of any person or violations of any of our website terms. We will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
We do not sell your data to third parties.
Pharmacy2U uses the NHS’s Real Time Exemption Checking (RTEC) system to confirm your exemption status. However, if you don’t pay for your NHS prescriptions, it’s your responsibility to keep us up to date with accurate details.
We do not knowingly collect information from children or other persons who are under 18 years old via our website. If you are under 18 years old, you must not submit any personal information to us directly or subscribe for our services.
How long we retain your information
We hold your personal information for as long as we have a legal or business reason to do so, which generally means as long as you remain a Pharmacy2U patient or as required to meet our legal obligations, resolve disputes or enforce our agreements. To fulfil our obligations to the NHS, regulatory or similar bodies, health-related personal information may need to be retained for a period of time after you cease to be a Pharmacy2U patient. We’ll always store your data securely and won’t use it for any other purpose.
Who we share your information with?
We will share personal information with companies, organisations or individuals outside Pharmacy2U if we have a belief in good faith that access, use, or disclosure of the data is reasonably necessary to:
- Detect, prevent or otherwise address fraud, security or technical issues
- Verify your identity
- Meet any applicable law, regulation or enforceable governmental request. For example, where we need to disclose the contact number, call duration along with date and time with the police to assist their investigations
We will never share your personal information unless we have a legitimate and lawful ground to do so.
Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.
We will only transfer data to jurisdictions outside the scope of the European General Data Protection Regulation (GDPR) where the appropriate safeguards set out in the GDPR are in place. For example, we use the US-based Survey Monkey to survey our patient base and the CRM platform Sailthru to deliver our transactional messaging to patients.
Any information transferred outside of the EU is necessary for the performance of a contract between the Client and Pharmacy2U or of pre-contractual measures taken at the client’s request.
How we keep your information secure
We work hard to protect Pharmacy2U and our customers from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
- We encrypt many of our services using SSL. Our app uses SSL which encrypts all transferred data, additionally we encrypt login information (email & password) separately in our database
- When you enter credit card information to the Pharmacy2U website our secure servers ensure that all details are encrypted at your browser before they are sent to us
- During the order process, we store your personal details on in-house secure servers
- We store credit card details separately on servers that are not reachable from the Internet. The servers are physically secured under a locking system
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems
- We restrict access to personal information to Pharmacy2U employees, contractors and agents who need to know that information to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.
Please bear in mind, if you are using Pharmacy2U services on a device or account issued to you by your employer or another organisation, that company likely has its own policies regarding storage, access, modification, deletion, and retention of communications and content which may apply to your use of any Pharmacy2U services. Content that would otherwise be considered private to you or to a limited group of people may, in some cases, be accessible by your account owner or administrator. Please check with your employer or account administrator about the policies in place regarding your communications.
You can opt out of receiving marketing emails through the My Account section of our site, or by clicking on the ‘unsubscribe’ link at the bottom of our emails. You can ask us to stop sending you any information about us and our services by contacting us at www.pharmacy2u.co.uk/help-and-support
Your data protection rights
- You can ask us for a copy of all the personal information we hold about you. We will respond to your request within one calendar month and free of charge, unless additional copies of the information are requested
- You will need to give enough information for us to identify you (for example, your full name, address and date of birth). Under the General Data Protection Regulations, you have the following rights concerning your personal information
- Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your personal information. This enables you to receive a copy of the personal information we hold about you and certain other information about it
- Correction: you are entitled to request that any incomplete or inaccurate personal information we hold about you is corrected
- Erasure: you are entitled to ask us to delete or remove personal information in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal information about you, for example if you want us to establish its accuracy or the reason for processing it
- Transfer: you may request the transfer of certain of your personal information to another party
- Objection: where we are processing your personal information based on a legitimate interest (or those of a third party) you may challenge this. However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims. You can object to marketing by contacting us to add you onto the suppression list and certain cookies such as tracking cookies
- Automated decision making and profiling: we do not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you
- You can ask us for a copy of all the personal information we hold about you. We respond to your request within one calendar month and free of charge, unless additional copies of the information are requested
- You will need to give enough information for us to identify you (for example, your full name, address and date of birth). You will need to provide ID (for example, your passport, full driving licence, or credit card or debit card) before we send you any information, where we are unable to verify your identity using basic personal information. Under the General Data Protection Regulations, you have the following rights concerning your personal information.
Physical and electronic security
- We have designed our site to protect the information we collect from unauthorised access. We protect your private information by following appropriate physical, electronic and managerial procedures. To further protect your security, we also take reasonable steps to confirm your identity before we give you access to your account or allow you to make changes to your personal details. We are committed to protecting your privacy and have security measures in place to prevent unauthorised access to your personal information.
Improving our service
- We will never sell, trade or rent your personal information to others. To better tailor our services to our customers' needs, we use non-identifying general information to help us make decisions on how to improve our services. We also share this general information with our advertisers and other interested, reputable parties we have a formal business relationship with. We do not give advertisers information that identifies individual customers. We also do not use or share identifiable information given to us in any other way without giving our customers the choice to opt out.
- Cookies are small text files that are transferred to your computer's or device’s hard drive through your web browser, to enable our systems to recognise you and provide shopping features such as recommend products and loyalty discounts, as well as storing items in your shopping basket between visits. The help menu in most common browsers will tell you how to:
- Prevent your browser from accepting new cookies;
- Have the browser let you know when you receive a new cookie; and
- Disable cookies altogether.
- Analytic tools
- Social media plug-ins
- Social media ‘plug-ins’ for Facebook and Twitter gather information for tracking purposes. This includes the ability to track a user across devices for advertising purposes, in line with the terms of each social-media platform.
- Lodge a complaint with the Information Commissioner’s Office: You have a right to lodge a complaint with the Supervisory Authority should you feel that we have not handled your information in line with legislative and regulatory requirements. This is the Information Commissioner's Office (ICO) in the UK:
Information Commissioner's Office
(t) 0303 123 1113
Compliance with data protection and related regulations
We are committed to complying with applicable data protection laws including the Data Protection Act 2018), Privacy and Electronic Communications Regulations (PECR, 2003) and the General Data Protection Regulation (GDPR, 2018).
As a Data Controller, we try to be open about our holding and use of your personal data. It also entitles you to find out from us what personal data we hold on you, to have that information corrected or erased if it is inaccurate, and to claim compensation if you can prove you have suffered damage from inaccuracy or breach of security.
You can contact our team at firstname.lastname@example.org for any data protection related queries, to action your rights or for anything else.
Changes to this policy
This notice will be changed from time to time.
If we change anything important about this notice (the information we collect, how we use it or why) we will provide a prominent link to it for a reasonable length of time following the change on the website or notify you by email.
|11 June 2015
||First draft in current format with substantial changes since the previous version.
|20 July 2015
||Additions to the ‘Getting to know you better’ section to make it clear that we may share your personal information and the profiling information with service providers to help us identify prospective customers.
|24 September 2015
||Addition of the summary of main points, to make key information more easily available. Minor changes to wording, following a review by the Plain English Campaign, to make sure this document is clear and understandable.
|12 August 2016
||Addition relating to marketing the products and services of other companies in our group of companies.
|29 November 2016
||Addition of provision to market products and services of selected partners.
|24 May 2018
|16 April 2019
||Addition relating to marketing consent for our group of companies and selected partners.
|23 April 2019
||Added information on the Freedom of Information Act 2000
|31 October 2019
||Added table explaining data processing and revise layout of policy
|20 April 2020
||Updated information on data usage for NHS's Real Time Exemption Checking