Home Icon

Pharmacy2U Privacy, Cookie and Freedom of Information Policy

About Us

Pharmacy2U is a UK online pharmacy registered with the General Pharmaceutical Council (GPhC). You can review our GPhC registration details at:

www.pharmacyregulation.org/registers/pharmacy/registrationnumber/9010146.

Who handles our data processing activities

A member of our team, called the Data Protection Officer, oversees our data processing activities and how we handle your personal data. You can contact our Data Protection Officer by:

Email: [email protected]
Phone: 0113 265 0222

Post through our head office:

Pharmacy2U Limited,
Lumina,
Park Approach,
Thorpe Park,
Leeds
LS15 8GB

If you have any questions about this policy or our approach to data protection and privacy, please contact our Data Protection Officer.

Purpose and scope of this privacy policy

We use this privacy policy to give you information about how we handle information about you when you visit our website and mobile app or use our services, apply to work at Pharmacy2U or use our vaccination and health services centres.

We know that our privacy policy provides you with a lot of information, so we have organised it into sections to make it easier for you to read and understand. Some information is in expandable sections to make it easier to read. You just need to click on the sub-heading and more information about the section this will drop down for you to read.

Your privacy matters to us, so whether you are new to Pharmacy2U or a long-time patient, please do take the time to read this policy. If you have any questions, please let us know by using the contact details provided above.

We respect your right to privacy and are committed to explaining clearly and honestly how we use any information that we have about you. This privacy policy will help you to understand what information we collect, why we collect it, and what we do with it.

We do not knowingly collect information from children or other persons who are under 18 years old via our website. If you are under 18 years old, you must only access our services with the consent of your parent(s)/guardian(s).

How we use your data on our online servers and services

The information we collect, how and why we use it

Purpose Personal Information Used How we collect this information Lawful Basis
To help us understand how people use our website and access our services so that we can ensure they are developed to meet customer needs. Information about your visit, including information about which pages you visit and for how long, the website you came from and went to before and after visiting our website, and information about the device you used to access our websites such as the type of phone/PC, operating system, and IP address. With your consent, cookies are placed on your device which collects this data. These cookies are only used where we have your consent.
To record Website and App registration to help deliver services to registered users. Information that you submit using our data collection forms, which will include your name, address, and contact information. You provide us with this information when you complete our data collection forms. We have a legitimate interest in enabling you to create an account so you can access our services.
To fulfil the orders that you place with us, we must first verify your identity and then receive your order information and details to complete your order. Information to confirm your identity, your medication, payment details, delivery address, your feedback (if you provide it), safe place for deliveries (if you provide it) You provide us with this information when communicating with Pharmacy2U to place your order. This information is collected to fulfil our contract with you.
To document phone conversations between you and us and record these to:
  • Check and review quality of care
  • Prevent, detect, investigate and prosecute allegations, complaints, claims and / or fraud relating to patients, customers, other organisations or P2U staff
  • Protect staff and patients
Any information that you provide to us over the phone may be recorded on our systems, this may include information about your health and prescriptions. You provide us with this information when communicating with Pharmacy2U. We have a legitimate interest to process the information about yourself that you provide to us to address your queries. We record the conversation for quality management purposes under the legitimate interest of continuously improving the standard of service that we are providing you with. Any health or ‘special category data’ that you provide to us is processed for purposes of ensuring the quality and safety of health care and of medicinal products or medical devices and establishing facts in case of future legal claims.
*To determine if you would be a suitable participant in a clinical trial and to inform you of this. Information relevant to the requirements of the trial, this may be: gender, age band, geographic location, details of health conditions or medications they are researching. We collect this data from our database. Our database will have this information from our previous interactions with you and information that you have submitted to us. We will only provide your information directly to the requesting clinical trial provider where we have your explicit consent to do so. There is a public interest in making you aware of your eligibility for a clinical trial as clinical trials help to ensure the quality and safety of health care and of medicinal products or medical devices..
*To send automated service messages to you about a current contract, services you have requested or past purchases. Your name, contact details, history of your relationship with Pharmacy2U. We collect this data from our database. Our database will have this information from our previous interactions with you and information that you have submitted to us. We have a legitimate interest in keeping our customer base up to date and informed about the service. We also have to communicate some information to you in order to fulfil our contract with you.
To send messages to account users to remind them to check their account details are up to date. Name and contact details. We collect this data from our database. Our database will have this information from our previous interactions with you and information that you have submitted to us. If we do this directly on request of the NHS then this is done under the basis of the public interest. If we do this without being directly instructed, it is under the basis of our legitimate interests to ensure that you are informed of public health services relevant to you.
To send you an e-mail reminder if you only partially complete a prescription order on our website or app. Name, contact details, partially completed subscription order. We collect this data from our database. Our database will have this information from our previous interactions with you and information that you have submitted to us. We will also collect data from your account’s partially completed order. We do this under our legitimate interest to notify you of partially completed applications on our website in case users have forgotten to complete some parts of the form.
To send you direct marketing information about our products and services that we think will be relevant to you. We may do this by post, e-mail, SMS or telephone. Name and contact details. We collect this data from our database. Our database will have this information from our previous interactions with you and information that you have submitted to us. We will only undertake electronically communicated marketing (e.g. e-mail and SMS) with your consent. Telephone and postal marketing will be done under our legitimate interests to inform you of our products and services. We will check the TPS before we contact you. Where you have bought similar products or services and you have not opted out to receiving marketing information, we may send you marketing materials on similar products/services that we believe you may be interested in. We will always provide you with an option to opt-out of receiving these communications.
To undertake direct marketing activities on behalf of other organisations in the following categories: Healthcare Products and Services, Retail, Financial Services, Leisure, Charities, Clinical Trial Operators and Research Organisations. We may send to you direct marketing about the products and services that we offer. Name and contact details. We collect this data from our database. Our database will have this information from our previous interactions with you and information that you have submitted to us. We will only undertake this marketing by electronic means where we have your consent. Telephone and postal marketing will be done under our legitimate interests to inform you of products and services that may be of interest to you. We will check the TPS before we contact you.
To undertake market research about our product on social media to help us develop our products and services. Information that has been uploaded onto social media channels, such as usernames. Social media channels such as Facebook and Twitter may be used for this. This information is collected from content which has been uploaded to social media channels. We process this information under our legitimate interests to expand and develop our products and services. If you have consented to marketing, we may use your personal data to generate targeted marketing on social media sites.
To enable us to provide you with our Online Doctor Service. Your name, address e-mail address, phone number, relevant health information and other details relevant You provide this information to us at the point of registration. As outlined below, we process this information under the lawful bases of our legitimate interests of providing our services to you, to fulfil our contract with you, to comply with legal obligations and with your consent.

Automated decision making and Profiling

The above information marked with an asterisk (*) may be used for automated decision making or profiling purposes. We do this to:

  • Help us to understand our customers and to help us identify and market to customers with similar characteristics.
  • Enable us to determine if you might be interested in other products and services we provide.
  • Enable us to determine if products and services of other organisations are likely to be of interest to you.
  • Enable us to determine if you are likely to be suitable to take part in clinical trials and medical research we may be involved with from time to time (please refer to the section below).
  • Determine if our products and services of other organisations similar products and services may be of interest to you.

The law allows us to collect and use this information on the basis that it is in our legitimate interests of operating and improving our commercial pharmacy services.

We do not use any medical data, information about your health, or any other sensitive personal data for profiling and segmentation, except in some circumstances. Segmentation is the process of creating individual lists or groups based on select criteria. The circumstances where we may undertake profiling of medical data will be to undertake the provision of healthcare and treatment (e.g. establishing if you require flu jabs, vaccinations, eligibility for condition-specific information, or clinical trials). The specifics on this are outlined above.

We will use information about the products and services you order for profiling purposes to help improve our marketing.

The automated decision making that we undertake does not have any legal or other similarly significant effects on our patients. This is because every decision is reviewed by a suitable person before being put into effect. What this means is that we will not make decisions about you that are only determined by computers.

You have the right to object to any processing that is based on our claim of our “legitimate interests” including profiling and automated decision making as outlined in the Your Rights section below.

Online Doctor Service

When you sign up to our Online Doctor Service, we may use your personal data in the following ways:

  • To create and maintain your patient record once you have registered;
  • To verify your identity. This may be against public databases via our Identification Verification partners. We also use LexisNexis Identify Verification Services to verify that your identity is genuine. It is a regulatory requirement for us to provide an Online Doctor Service. You have the right to access your personal records held by credit reference and fraud prevention agencies and by LexisNexis, please visit the LexisNexis page for more information on how to exercise these rights;
  • To provide and follow up on the services you request from us and to request feedback;
  • Depending on which treatment you need, we may ask you to complete a more detailed questionnaire to help us get a better understanding of your needs.
  • To respond to any queries, refund requests or complaints. We keep a record of these queries to demonstrate how we communicated with you throughout. We do this based on our contractual obligations, legal obligations, and our legitimate interests as businesses in providing you with the best service;
  • To communicate with you if any services requested are unavailable or if there is a query or problem with your order for record-keeping purposes;
  • To carry out market research so that we can improve the services we offer. We only do this where we have your consent;
  • We may (with your consent) use your personal data, preferences and details of your transactions to keep you informed by email, web/social media, text and telephone. We also include relevant products and services including special offers, discounts, promotions, events and competitions tailored to you. You can withdraw your consent to receiving this information at any time, following the process outlined in the ‘Your Rights’ section below;
  • To continuously improve our service to our customers by monitoring telephone calls which we receive at our branches and call centres for the purposes of staff training, quality control and service improvement. We will only do this where we have your consent;
  • To track and analyse activity on our website and to help keep our website safe and secure;
  • To notify you about any changes to our services and to send you service emails;
  • To comply with applicable law. For example, in response to a request from a court or regulatory body, where such a request is made in accordance with the law.

Retention of your information

We only keep your personal details for as long as we need it to:

  • Provide you with our services;
  • Send you marketing and promotional materials;
  • Meet our legal obligations and/or protect or defend our business.

We keep a document which tells us how long we need to keep this information for in order to meet the above purposes. If you want more detail on this, please get in touch using the contact details given in the ‘Contact us’ section.

Disclosing your personal information

In order to provide you with our products and services, we use other organisations to help carry out some of the processing activities on our behalf.

These types of organisations may include:

  • Laboratories;
  • Technology hosts;
  • Printing companies;
  • Providers of digital advertising services;
  • Providers of marketing and sales software solutions;
  • Mailing houses; and
  • Identity verification partners.

In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this Privacy Policy.

We also collect, use and share Aggregated/Anonymised Data such as statistical or demographic data for any purpose.

Aggregated Data may be produced from your personal data, however it does not individually identify you, directly or indirectly, and so it is not considered to be personal data. For example, we may aggregate your usage data with other users’ data to calculate the percentage of users accessing a specific website page. Additionally, we may aggregate your data to create marketing personas/lookalikes to help improve our advertising.

However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data. This combined data will be used in accordance with this privacy policy.

Please note, where we aggregate data for marketing purposes, it will not be combined with your personal data, and you will not be able to be directly or indirectly identified as a result.

Our Recruitment Process

The information we collect, how and why we use it

Purpose Personal Information Used How we collect this information Lawful Basis
To allow us to assess your application during the shortlist stage
  • Your name and contact details (ie address, home and mobile phone numbers, email address);
  • Details of your qualifications, experience, employment history (including job titles, salary and working hours) and interests;
  • Information regarding your criminal record;
  • Details of your referees
We collect this information from you when you make your application to us. We collect information relating to your criminal record on the basis of your consent. We process the rest of this information under our legitimate interest to review job applications to ensure that we interview candidates who are appropriate for the available job.
To allow us to assess your application after the shortlisting stage and before making a final decision to recruit.
  • Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals,
  • time and attendance, from references obtained about you from previous employers and/or education providers;
  • Information regarding your academic and professional qualifications;
  • Information regarding your criminal record, in Disclosure and Barring Service (DBS) checks and enhanced Disclosure and Barring Service (DBS) checks
  • Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information;
  • A copy of your driving licence.
We may collect this information from you, your referees (details of whom you will have provided), your education provider, the relevant professional body, the Disclosure and Barring Service (DBS), the Home Office We process this information for the following reasons:
  • We have a legitimate interest in ensuring that we are recruiting individuals who are suitable for the available job;
  • To take steps to enter into a contract;
  • For the performance of a task carried out in the public interest;
  • For compliance with a legal obligation (e.g. our obligation to check that you are eligible to work in the United Kingdom).

Retention of your information

We only keep your personal details for no longer than is necessary for the purposes for which it is processed. For information relating to your recruitment (including interview notes) we will take into account the limitation periods for potential claims such as race or sex discrimination, after which the information will be destroyed.

If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so. However, we shall first consider whether the records can be anonymised, and the longer period for which they will be kept.

If your application is successful, we will keep only the recruitment information that is necessary in relation to your employment. For further information, see our data protection privacy notice employment.

We keep a document which tells us how long we need to keep this information for in order to meet the above purposes. If you want more detail on this, please get in touch using the contact details given in the ‘Contact us’ section.

Disclosing your personal information

We may also need to share some of the above categories of personal information with other parties, such as HR consultants and professional advisers.

Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We may also be required to share some personal information with our regulators or as required to comply with the law. In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this Privacy Policy.

Sensitive personal information and criminal records information

Further details on how we handle sensitive personal information and information relating to criminal convictions and offences are set out in our PY056 Data Protection Criminal Records Information Policy.

This policy is available from our HR department or DPT or within the confluence library. Alternatively you can contact us using the contact details below to ask us for a copy of this policy.

Vaccination Centres Privacy Notice

Pharmacy2U is proud to be part of the national response to the coronavirus (COVID-19) pandemic and is operating vaccination centres across England as a ‘lead provider' under the National Immunisation Management Service (NIMS). The NIMS is the NHS England’s centralised service for the management of both the COVID-19 and seasonal flu vaccination programmes.

The key purposes of this central NHS system are to enable identification of priority groups, to send invitations to book appointments for vaccination, to manage and monitor the progress of the programme. Further information can be found at: https://www.england.nhs.uk/contact-us/privacy-notice/national-flu-vaccination-programme/

The list of people that have been identified and invited by the NIMS for a COVID-19 vaccination is sent to the NHS National Booking System, which invitees can use to book an appointment online. This system is managed by NHS Digital (data controller). You can contact NHS Digital at: [email protected] or call 0300 303 5678.

NHS Digital is sharing the details of the individuals booked for a specific time at this vaccination centre with Pharmacy2U (data processor). You can contact Pharmacy2U’s information governance team at: [email protected].

NHS Digital sends daily updates to GP systems to allow them to update their local record and monitor progress for their patients.

The information we collect, how and why we use it

Purpose Personal Information Used How we collect this information Lawful Basis
To record details of vaccinations administered and any adverse reactions. Information is entered onto applications provided by NHS England. The NIMS is updated with this information. These applications obtain details of the current immunisation status from the NIMS so that the immuniser can make an informed decision on whether it is safe to administer the immunisation or not. Vaccination providers that use these applications are able to obtain reports from them on the people they have vaccinated, to enable them to conduct the second dose COVID vaccination recall.
  • Carer
  • Social care worker
  • Health care worker
  • Care home worker
  • Care home resident
  • Ethnic category
  • Vaccination location
  • Care home details
  • Emergency contact details
We collect this information from you at the point of care (providing you with the vaccination). We collect this information for the following reasons:
  • To comply with a legal obligation;
  • To perform official tasks in the public interest in providing and managing a health service;
  • For the management of health/social care systems or services;
  • For reasons of public interest in public health;
  • For health or social care purposes;

Please note that Pharmacy2U does not process or store any information gained under the NIMS for any other purpose than administering the vaccination (including pre-vaccination and post-vaccination communication) and does not share it internally or externally for any other services or purposes.

Your rights

Right of Access

You have the right to obtain confirmation from Pharmacy2U as to whether personal data concerning you are being processed and, where that is the case, access to that data.

Right to Rectification

You have the right to oblige Pharmacy2U to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.

Right to Erasure (Right to be Forgotten)

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to erase personal data concerning you.

Right to Restriction of Processing

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.

Right to Data Portability

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to provide you with the personal data about you which you have provided to Pharmacy2U in a structured, commonly-used and machine-readable format.

You also have a right to oblige Pharmacy2U to transmit those data to another controller.

Right to Withdraw Consent

If the lawful basis for processing is consent, you have the right to withdraw that consent.

Right to Object to Direct Marketing

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.

Rights in Relation to Automated Decision-Making and Profiling

Pharmacy2U may perform some automated decision-making based on personal data, as outlined above in the ‘Automated decision-making and profiling’ section. However, this will not produce any legal effects on you.

You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply to you. This is because they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, any automated decision making that we carry out in relation to your personal data does not have any legal effects on you. However, some rights will always apply. For example, your right to withdraw consent or object to processing for direct marketing are absolute rights.

Your Right to Lodge a Complaint with a Supervisory Authority

If you wish to exercise any of your rights concerning your personal data, you should contact Pharmacy2U’s Data Protection Officer at the address shown below in the ‘Contact us’ section.

If you are not happy with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

e-mail: [email protected]

You can find out more information about your legal rights can be found on the Information Commissioner’s website at: https://ico.org.uk/for-the-public/

Changes to this policy

We may change our privacy policy from time to time.

If we change anything important (the information we collect, how we use it or why), we will undertake reasonable efforts to make you aware of the changes such as by providing a link to the change on the website or telling you by email.

Contact us

You can phone us on 0113 265 0222 or webchat with us from our website at www.pharmacy2u.co.uk/help-and-support.

If you have any questions about our privacy policy or our approach to data protection and privacy you may send an email to [email protected], phone us or write to us.

Cookie policy

We, Pharmacy2U Limited, run our website at pharmacy2u.co.uk (our site). Our site uses cookies to help differentiate you from other users. This helps us to provide you with a good experience when you browse our site and allows us to improve our site. Some cookies are needed to run our website, these are outlined below as ‘necessary’ cookies. We also use analytical cookies, such as statistics and marketing cookies, to help get a better understanding of the people who use our website so that we can work on improving our website, products and services. We will only collect personal identifiable information with our analytical cookies where we have your consent to do so.

Protecting our customers and their information is very important to us. This means that any functional or necessary cookies on our site will not collect your personal information. However, our analytical cookies will collect your IP address to help distinguish you from other website users. An IP address is considered personal data and so we use and hold this information in line with data protection law.

We use cookies on our site to help make your visits more effective, so we'd like to explain more about how and why we use them. A cookie cannot read information from your hard drive or read cookie files created by other websites. The use of cookies is very common and can be found on most major websites.

We can change the use of cookies at any time and for any reason. Any changes will be outlined on this policy and will take effect straight away. We will take any necessary steps to bring these changes to your attention. If any changes are made to cookies that require consent then new consent will be obtained.

How Cookies can make our website work better

Cookies are small text files which websites, and sometimes emails, place on your device. They provide useful information to companies, which helps in all sorts of ways. For you, it means you can use our site more efficiently and save time by not having to re-enter your details each time you visit. For us, cookies help us to analyse how our customers use our website so we can make improvements.

We use three types of cookies on our site:

  • Session cookies that are deleted after each visit. They do not store any personal information and are deleted when you close your web browser.
  • Permanent cookies that remain on your device after you have closed your browser. These cookies allow us to recognise you and remember your preferences next time you visit our site.
  • Third-party cookies that are used by our approved business partners. You can delete the cookies from your browser at any time if you want to (see below for more information on how to do this), but this will restrict the functions that you're able to carry out on our site.

Our cookies fall into the following categories:

Necessary cookies: These are cookies that are needed for our site to work properly. For example, cookies that enable you to log in to secure areas of our site. These will usually be session cookies (see above).

Preferences cookies: These are cookies that enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistics cookies: These cookies allow us to recognise and count the number of visitors to our site, and to see how visitors move around our site when they are using it. This helps us to improve the way our site works (for example, by making sure that users can easily find what they are looking for).

We use cookies to produce visitor statistics such as:

  • how many people have visited our site;
  • how visitors reached our site;
  • what type of technology visitors are using (for example, Mac or Windows), which helps us to identify when our site isn't working as it should for particular technologies;
  • how long visitors spend on our site;
  • what pages visitors look at;

This helps us to continuously improve our site.

Marketing cookies:These cookies record your visit to our site, the pages you have visited, and the links you have followed. We and third parties use this information to make our site, and the advertising on it, more relevant to you.

Advertisements displayed on our site may be provided through an advertising-management company. When you view a web page that contains advertising provided by an advertising-management company, that company may place a cookie on, or collect a cookie from, your device (if you have enabled cookies).

Please note that third parties may also use cookies, which we have no control over. These cookies are likely to be analytical/performance cookies or targeting cookies. These cookies will only be used with your consent.

Blocking cookies

You can block cookies from any website through your browser settings. If you share a computer with other users, accepting or rejecting the use of cookies will affect all users. The Help function in your browser should tell you how to do this. For more information about how to change your browser settings, go to www.aboutcookies.org.

Please note that doing so is likely to limit the functions of our site. For information on how to do this on your mobile phone browser, please see the manual for your phone.

Cookies

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time provide or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent. Your consent applies to the following domains: www.pharmacy2u.co.uk

Your current state: Deny. 

Your consent ID: htpcYMD6Y+Q6u994u2DBsL2HLuvNDF5sYOwet4/qnAGLu6KGzfVYCw==Consent date: Tuesday, June 28, 2022, 12:30:06 PM GMT+1

Change your consent

Cookie declaration last updated on 17/06/2022 by Cookiebot:

Cookies Used

Necessary (43)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name Provider Purpose Expiry Type
.ASPXAUTH pharmacy2u eCommerce - checks if the user is signed in and able to access secure parts of the website such as user accounts. Session HTTP Cookie
__cf_bm Vimeo This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. 1 day HTTP Cookie
__cfduid [x2] legitscript nextopia LegitScript - determines if Pharmacy2U is LegitScript certified and displays the LegitSript certificate. 1 day HTTP Cookie
__sharethis_cookie_test__ Vimeo This cookie determines whether the browser accepts cookies. Session HTTP Cookie
ABTasty Abtasty This cookie is used by the website’s operator in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation/edition of the site. 1 Year HTTP Cookie
ABTastyData Abtasty This cookie is used by the website’s operator in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation/edition of the site. Persistent HTML Local Storage
ABTastySession Abtasty This cookie is used by the website’s operator in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation/edition of the site. 1 day HTTP Cookie
ASP.NET_SessionId [x2] home-e31.niceincontact.com static.pharmacy2u.co.uk Preserves the visitor's session state across page requests. Session HTTP Cookie
AWSALB [x2] api-e31.niceincontact.com home-e31.niceincontact.com Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimise user experience. 7 days HTTP Cookie
AWSALBCORS [x2] api-e31.niceincontact.com home-e31.niceincontact.com Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimise user experience. 6 days HTTP Cookie
chkcookie static.pharmacy2u.co.uk Pharmacy2U ecommerce session cookie Session HTTP Cookie
condition-form www.pharmacy2u.co.uk Stores information during Online Doctor consultation to ensure data is passed between pages Session HTML Local Storage
CONSENT [x2] Google Youtube Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 2 Years HTTP Cookie
CookieConsent Cookiebot Stores the user's cookie consent state for the current domain 1 Year HTTP Cookie
first_land static.pharmacy2u.co.uk Determines if it's a users first time on site, used to determine user journey 1 day HTTP Cookie
icAuthBasic home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
icAuthUri home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
icBusNo home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
icCoBrand home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
icPointOfContact home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
icRaygunApiKey home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
icResolveSourceAddr home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
icToken home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
isChatProfileCalled home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML Local Storage
isPopOut Google Used for Live Chat feature to maintain the chat session Session HTML Local Storage
JSESSIONID New Relic Preserves users states across page requests. Session HTTP Cookie
OTCLoggedIn pharmacy2u Lets the system know if the current user is logged in to the prescription service Session HTTP Cookie
p2u.shopper pharmacy2u eCommerce - unique ID created to remember contents of the shopping basket throughout the session and to correctly attribute users to their actions on the site for example during checkout. 10 Years HTTP Cookie
P2U_variation pharmacy2u Used for A/B testing to determine which version of a page to display 10 Years HTTP Cookie
pharmacy2u.basket.guid pharmacy2u Creates a unique ID for what items a user has in their basket. If a user returns to the site within the cookies expiry date and logs in, those items will still be present 30 days HTTP Cookie
PODLoggedIn pharmacy2u Lets the system know if the current user is logged in to the Online Doctor service Session HTTP Cookie
podLoginReferralUrl static.pharmacy2u.co.uk Cookie used to determine which consultation a user has seen in order to send them to the correct screens Session HTML local storage
raygun4js-userid home-e31.niceincontact.com This cookie is used to detect errors on the website - this information is sent to the website's support staff in order to optimize the visitor's experience on the website. Persistent HTML local storage
rc::a Google This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. Persistent HTML local storage
rc::c Google This cookie is used to distinguish between humans and bots. Session HTML local storage
sessionParameter home-e31.niceincontact.com Used for Live Chat feature to maintain the chat session Session HTML local storage
sitewide_banner pharmacy2u Check to see if a user has dismissed a sitewide banner used for daily service alerts. 1 day HTTP Cookie

Preferences (6)

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Name Provider Purpose Expiry Type
ABTastyGeoloc Abtasty Identifies a specific user to ensure the correct contrent is served, IP address and geolocation are immediately anonymised in order to protect user privacy. Session HTML local storage
i18nextLng home-e31.niceincontact.com Identifies a specific user to ensure the correct contrent is served, IP address and geolocation are immediately anonymised in order to protect user privacy. Persistent HTML local storage
p2u.user.firstname pharmacy2u Used for personalisation of the site 1 Year HTTP Cookie
p2u.user.surgerysegment pharmacy2u Used for personalisation of the site 1 Year HTTP Cookie
p2u.user.type pharmacy2u Used for personalisation of the site 1 Year HTTP Cookie
P2U_Variation www.pharmacy2u.co.uk Stores which on site experience a user has been served in order to keep it consistent for returning users. 1 Year HTTP Cookie

Statistics (24)

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Name Provider Purpose Expiry Type
da_da_sessionId Decibel Insight Works with Decibel script, used to collect information about how people use the website. This allows us to make sure the website meets your needs, and helps us understand what we could improve. Session HTML local storage
_dc_gtm_UA-# Google Used by Google Tag Manager to control the loading of a Google Analytics script tag. 1 day HTTP Cookie
_ga Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 Years HTTP Cookie
_ga_# Google Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. 2 Years HTTP Cookie
_gid Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day HTTP Cookie
_pk_id# All Response Media Collects statistics on the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been read. 1 year HTTP Cookie
_pk_ses# All Response Media Used by Piwik Analytics Platform to track page requests from the visitor during the session. 1 day HTTP Cookie
ABTastyUA Abtasty Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. Session HTTP Cookie
bounce Appnexus Determines if a user leaves the website straight away. This information is used for internal statistics and analytics by the website operator. Session Pixel Tracker
collect Google Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. Session Pixel Tracker
da_intState Decible Insight Pending 1 day HTTP Cookie
da_lid [x2] Decible Insight Pending 1 year HTTP Cookie
da_sid [x2] Decible Insight Pending 1 day HTTP Cookie
di_ajax Decible Insight Pending Persistent HTML Local Storage
di_ga_tracked Google Pending Session HTML Local Storage
di_last_session_time Decible Insight Works with Decibel script, used to collect information about how people use the website. This allows us to make sure the website meets your needs, and helps us understand what we could improve. Session HTML Local Storage
di_page_counter Decible Insight Pending Session HTML Local Storage
di_res_list Decible Insight Pending Session HTML Local Storage
di_tab_active Decible Insight Works with Decibel script, used to collect information about how people use the website. This allows us to make sure the website meets your needs, and helps us understand what we could improve Session HTML Local Storage
di_tab_hash Decible Insight Works with Decibel script, used to collect information about how people use the website. This allows us to make sure the website meets your needs, and helps us understand what we could improve. Session HTML Local Storage
events/1/# New Relic Used to monitor website performance for statistical purposes. Session Pixel Tracker
vuid Vimeo Collects data on the user's visits to the website, such as which pages have been read. 2 Years HTTP Cookie

Marketing (35)

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Name Provider Purpose Expiry Type
_fbp Meta Platforms, Inc. Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 3 Months HTTP Cookie
_gcl_au Google Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. 3 Months HTTP Cookie
_uetsid Microsoft Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. 1 day HTML Local Storage
_uetsid_exp Microsoft Contains the expiry-date for the cookie with corresponding name. Persistent HTML Local Storage
_uetvid Microsoft Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. 1 Year HTML Local Storage
_uetvid_exp Microsoft Contains the expiry-date for the cookie with corresponding name. Persistent HTML Local Storage
ads/ga-audiences Google Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. Session Pixel Tracker
anj Appnexus Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads. 3 Months HTTP Cookie
fbssls_# Meta Platforms, Inc. Third party marketing cookie Session HTML Local Storage
feefoUserId Feefo Used in context with SEO and conversion optimization. Gathers any user reports or behavioral data into reports for the website operator. This service is provided by a third-party analysis-service. Persistent HTML Local Storage
IDE Google Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 year HTTP Cookie
knownTransactionID pharmacy2u Random number used to track email marketing campaigns to see unique users that landed on the site from that campaign and went on to register for the service. 7 Days HTTP Cookie
MUID Microsoft Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains. 1 years HTTP Cookie
pagead/landing [x2] Google Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. Session Pixel Tracker
sailthru_content ak.sail-horizon.com Collects information on user preferences and/or interaction with web-campaign content - This is used on CRM-campaign-platform used by website owners for promoting events or products. 1 year HTTP Cookie
sailthru_pageviews ak.sail-horizon.com Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers. 1 day HTTP Cookie
sailthru_visitor ak.sail-horizon.com Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers. 1 year HTTP Cookie
tag4armcheckfire148 All Response Media Third party marketing cookie Session HTML Local Storage
tags4arm/tag4arm.php All Response Media Third party marketing cookie Session Pixel Tracker
test_cookie Google Used to check if the user's browser supports cookies. 1 day HTTP Cookie
tr Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. Session Pixel Tracker
uuid2 Appnexus Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads. 3 months HTTP Cookie
VISITOR_INFO1_LIVE YouTube Tries to estimate the users' bandwidth on pages with integrated YouTube videos. 179 days HTTP Cookie
YSC YouTube Registers a unique ID to keep statistics of what videos from YouTube the user has seen. session HTTP Cookie
yt.innertube::nextId YouTube Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Persistent HTML Local Storage
yt.innertube::requests YouTube Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Persistent HTML Local Storage
ytidb::LAST_RESULT_ENTRY_KEY YouTube Stores the user's video player preferences using embedded YouTube video Persistent HTML Local Storage
yt-remote-cast-available YouTube Youtube - Cookie determines if device can cast video Session HTML Local Storage
yt-remote-cast-installed YouTube Stores the user's video player preferences using embedded YouTube video Session HTML Local Storage
yt-remote-connected-devices YouTube Stores the user's video player preferences using embedded YouTube video Persistent HTML Local Storage
yt-remote-device-id YouTube Stores the user's video player preferences using embedded YouTube video Persistent HTML Local Storage
yt-remote-fast-check-period YouTube Stores the user's video player preferences using embedded YouTube video Session HTML Local Storage
yt-remote-session-app YouTube Stores the user's video player preferences using embedded YouTube video Session HTML Local Storage
yt-remote-session-name YouTube Stores the user's video player preferences using embedded YouTube video Session HTML Local Storage

Freedom of Information Policy

he Freedom of Information Policy ensures that Pharmacy2U acts in compliance to the Freedom of Information Act 2000 (FoIA). As we are a privately owned company, FoIA does not apply to the majority of the work that we undertake. However, FoIA does apply to the work that we do on behalf of NHS and so we will respond to FoIA requests in line with this policy.

Scope - Policy Aim

The aim of this Policy is to;

  • Promote more openness;
  • Promote a better informed public debate;
  • Improve public confidence in operations of public healthcare services;
  • Improve decision making to promote accountability;
  • Improve regulation;
  • Increase public participation to enhance democracy;
  • Promote the FoIA, in terms of accuracy and objectivity;
  • Improve information management;

FoIA Summary

The FOIA provides public access to information held by us in relation to activities we do on behalf of the NHS. It does this in two ways:

  • Pharamcy2U have to publish certain information about our activities on the NHS services we offer; and
  • Members of the public are entitled to request information from Pharmacy2U’s NHS services.

The Freedom of Information Act covers any documented information held by a public authority. However, FoIA does not give people access to their own personal data. If you would like access to this, please follow the process outlined above in the Privacy Policy.

Pharmacy2U has continued to demonstrate its commitment to all aspects of the FOIA and will continue to promote its values and ensure that it is compliant with legislation.

Policy Statement

Pharmacy2U will take efforts to ensure that it maintains the principles of openness, transparency and accountability and will continue to improve access to information.

How to make a FoIA Request

A request for information under the FOIA must be:

  • in writing;
  • Stating the name of the applicant and an address to communicate through;
  • Description the information requested;

Fees

Wherever possible, Pharmacy2U will provide information, for which FoIA applies, free of charge. However, in some cases this may not be possible and so we may charge you for information under Section 9 of the FoIA. Pharmacy2U will issue a Fees notice which must be paid within three months. If no payment is received, we will close the request for information. Please contact [email protected] for details of our charges or a copy of our charging guidance.

Our Response Time

Pharmacy2U aims to comply with requests for information as quickly as possible. The law tells us that we must respond to a request promptly and, in any event, no later than 20 working day after the date of receipt. Working day means any day other than Saturday, Sunday or bank holidays. This time limit for compliance may change if:

  • Pharmacy2U seeks clarification under Section 1(3) of the FoIA.
  • There is a need for an extension to consider the Public Interest Test under Section 10(3) of the FOIA, or
  • A fees notice is issued under Section 9.

Appropriate Costs Limit

Under Section 12 of the FOIA, Pharmacy2U does not have to comply with requests where the cost of complying with exceeds the appropriate limit. Section 12 applies if the following factors would cost the council more than £450 or 18 hours of officer time:

  • Determine whether the information is held.
  • Locating the information.
  • Retrieving the information.
  • Extracting the information.

Under Section 13 of the FOIA and the Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 Pharmacy2U can charge for the costs of expenses.

Vexatious or Repeated Requests

FoIA provides an exemption for Pharmacy2U to not comply with ‘vexatious’ requests where there is a stronglikelihood that the request is being made to intentionally cause disproportionate or unjustified levels of disruption, irritation or distress.

Pharmacy2U will not complete a request if we have already received an identical or similar request from the same individual unless a reasonable amount of time has passed since the original request was responded to and the new request was made.

Advice and Assistance

Pharmacy2U will provide advice and assistance to all requests for information, as far as reasonably practicable.

Codes of Practice with FoIA

The FoIA is supported by two codes of practice:

  • Access Code (Section 45) - Outlines good practice for Freedom of Information.
  • Lord Chancellors Code (Section 46) – Outlines good practice for record management.
  • Pharmacy2U will take steps to ensure that the codes of practice are applied wherever possible.

Freedom of Information Refusals

In some cases, Pharmacy2U may refuse requests for information under Section 17 of the FoIA. Pharmacy2U may issue a refusal notice if:

  • Information is not held; or
  • An exemption applies to this information.

In some cases we may not hold the information requested - it may be that it is held by another party, most likely the NHS. If possible, Pharmacy2U will provide the requestor with information to redirect the request. However, Pharmacy2U are unable to not transfer the FoI request themselves to the other organisation.

Exemptions

There are some circumstances where Pharmacy2U is not obliged to release information. Pharmacy2U may decide to apply exemptions under the FoIA and not provide the requestor with some information. If Pharmacy2U rely upon an exemption it will be explained to you in our refusal notice.

A list of the exemptions to the FOIA can be found on the Information Commissioner’s Office website.

Some of the exemptions are 'absolute', and so the exemption applies to all information which falls under the exemption. Other exemptions are 'qualified' and so will require a public interest test to determine if the exemption applies. Pharmacy2U will ensure that the public interest test is carried out for each of the qualified exemptions. If an exemption is applied it will be authorised by a senior officer.

Internal Review

If you are unhappy with a decision that Pharmacy2U has made, you can request for us to complete an internal review. Pharmacy2U’s internal review will be undertaken by a senior officer. Pharmacy2U has 20 working days to complete the review.

Data Protection

A FoI request may include personal data of the requestor or third parties. Pharmacy2U may refuse the request if disclosing the information in relation to third parties would be an actionable breach of confidence or data protection law.

In cases where the request relates to personal data of the requestor, Pharmacy2U will refuse the request under the FoIA and shall ask for the request to be submitted as a Data Subject Access Request. This process is detailed in the above Privacy Policy, in the section titled ‘Your Rights’.

Re-use of Public Sector Information Regulations 2005

The regulations implement an EU directive that encourages the re-use of public information for purposes other than its original purpose.

The regulations do not oblige Pharmacy2U to make their information available for re-use unless there is a statutory obligation to do so.

The regulations apply to any recorded information (Freedom of Information), including whole or part of documents. Requests for re-use should be in writing and Pharmacy2U will aim to respond within 20 working days.

Information Commissioner’s Office

Pharmacy2U will consult with the Information Commissioner’s Office (ICO) when necessary. Pharmacy2U will refer to the ICO guidance and ensure that it is compliant with any measures of good practice that the ICO promotes. The ICO will investigate complaints in relation to Freedom of Information.

Freedom of Information Publications Scheme

Every public authority has a duty to have and maintain a Publication Scheme in order to allow for pro-active release of information. Pharmacy2U’s Publication scheme is available to view below. Our Publication Scheme contains the following types of information:

  • Who we are and what we do.
  • What we spend and how we spend it.
  • What our priorities are and how we are doing.
  • How we make decisions.
  • Our polices and procedures.
  • List and register.
  • The service we offer.

Version Control

11 June 2015 First draft in current format with substantial changes since the previous version.
20 July 2015 Additions to the ‘Getting to know you better’ section to make it clear that we may share your personal information and the profiling information with service providers to help us identify prospective customers.
24 September 2015 Addition of the summary of main points, to make key information more easily available. Minor changes to wording, following a review by the Plain English Campaign, to make sure this document is clear and understandable.
12 August 2016 Addition relating to marketing the products and services of other companies in our group of companies.
29 November 2016 Addition of provision to market products and services of selected partners.
24 May 2018 Privacy Policy updated to include GDPR (EU) 2016/679 legislation.
16 April 2019 Addition relating to marketing consent for our group of companies and selected partners.
23 April 2019 Added information on the Freedom of Information Act 2000.
31 October 2019 Added table explaining data processing and revise the layout of policy.
20 April 2020 Updated information on data usage for NHS's Real Time Exemption Checking.
19 October 2020 Updated information to include profiling and extended amends to the privacy policy.
28 March 2022 Further information about communication and phone recording added.
22 November 2022 Merge between Pharmacy2U and Chemist Direct Privacy Policy