harrowbypharmacy.com

Privacy Policy

harrowbypharmacy values your privacy and is strongly committed to protecting your personal information. 

The purpose of this Privacy Notice is to explain how Pharmacy 1st Ltd handles personal information about you and to outline the rights that you have under applicable data protection legislation. We respect your privacy and want to be transparent about how your personal information will be processed, stored and used when you visit our website, use our online services, our App or our Platform or otherwise engage with us as a customer, a patient, a supplier, a retailer or have any other commercial contract with us. 

Please read the following carefully to understand our practices regarding your personal information and how we will treat it. 

This Privacy Notice, together with our terms and conditions, as set out at  and any additional terms of use, applies to your use of any of the services which are accessible through the website, the App, our Platform or any other website of ours. 

It is important that the personal information that we hold about you is accurate and current. Please keep us informed if your personal information changes during our relationship with you.

Compliance with Data Protection Legislation

All personal information that we collect or are provided with will only be held and stored in accordance with this Privacy Notice and the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and any other legislation relating to the protection of personal information (data protection laws).

This notice covers the following areas:

  1. Information about who we are
  2. What information do we collect about you?
  3. If you fail to provide personal information 
  4. Third party links 
  5. Information you provide to us 
  6. Information we receive from others 
  7. Online Account, App and our Platform
  8. Payment information 
  9. Why do we process your personal information and what is our legal basis?
  10. Automated decision making 
  11. Who do we share your information with and why?
  12. Marketing 
  13. Where is your personal information processed?
  14. What are my privacy rights?
  15. How do we protect your personal information?
  16. Cookies
  17. How long do we retain your personal information?
  18. Can this Privacy Notice change?
  19. How can we help you further?
  • Information about who we are

We are Pharmacy 1st Ltd (“we”, “us” or “our”). 

We are registered with the Information Commissioner’s Office (“ICO”) under reference: 06048758

Pharmacy 1st Ltd will be the controller of your personal data unless otherwise stated. 

You may contact us at:

Postal address: 186-188 Canterbury Street, GILLINGHAM, Kent, ME7 5XG, UK

Email address: pharmacy1st@outlook.com

  • What information do we collect about you?

Personal information or personal data means any information about an individual from which that person can be identified and is generally referred to throughout this Privacy Notice as “personal information”. It does not include data where the identity has been removed (anonymous data).

Personal information we may collect, use, store and transfer about you, are as follows:

  • Identity data, which includes your name, age/date of birth and gender, for pharmacy professionals and pharmacy administrators. We also collect your job title, professional qualifications, work experience, organisational or institutional affiliations, or publications;
  • Contact data, which includes postal address including billing and delivery addresses, your location, telephone numbers (including mobile numbers) and email address;
  • Special category data, also known as sensitive personal data, which includes information about your physical or mental health, health conditions, and other clinical metrics including environmental, socio-economic, and behavioural information pertinent to health and wellness;
  • Transaction data, which includes purchases and/or orders which are made by you and your payment card or bank transfer details;
  • Technical data, which includes your online browsing activities on our website, App and our Platform, profile and device information including IP address, browser type, version and language, identifiers associated with cookies or other technologies that may uniquely identify your device or browser;
  • Profile Data, which includes your account login details for website and/or our online account, including your username and password(s), your interests, preferences, feedback and survey responses; 
  • Marketing and communications data, which includes your marketing preferences from us and our third parties, your communication preferences and your correspondence to and communications with us; and
  • Other publicly available personal information, including any which you have shared via a public platform (such as an X (formerly known as Twitter) feed or public Facebook page ).

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Privacy Notice.  Some of the above personal information is collected directly, for example when you set up an online account on our website or send an email to us or contact us via social media.

All your personal information will be processed in accordance with this Privacy Notice, and in compliance with all applicable confidentiality guidelines.

In some circumstances, we may anonymise your personal information (so that it can no longer be associated with you). This can be for research or statistical purposes; in which case we may use the anonymised information indefinitely without further notice to you. Anonymised information may also be used to develop insights and statistics as to the use of our services, and to identify trends within the pharmacy sector more broadly.

  • If you fail to provide personal information  

Where we need to collect personal information by law, legitimate interest or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the requested services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

  • Third party links

Our website, App and/or our Platform may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or policies. 

When you leave our website, App or our Platform, we encourage you to read the privacy policy or privacy notice of every website you visit.

  • Information you provide to us 

Most of the personal information we process is provided to us directly by you for the purpose of providing you with our  services. 

Some information, including some of your personal information, is required when using our services, our website, the App and/or our Platform.

We collect personal information from you to manage and facilitate those services. When you provide us with your personal information, it is for the following reasons:  

Account and contact details: When you create an account, you provide us with at least your login credentials, as well as some basic details necessary for the service to work and to set up your profile. These include your full name, email address, phone number, date of birth, gender, marketing preferences and profile picture.

Special category personal information: Some of the information you provide whilst using the App and/or our Platform may be considered “special” or “sensitive” in certain jurisdictions. When you interact with us on the App or our Platform, for example when booking consultations and/or ordering prescriptions; or when notes are added to your account, the information provided may infer or identify information relating to your health. 

Video consultations: where you book a video consultation through the App or our Platform, we will not retain or record the video content of consultation, but we will be able to add notes to your account, which will be retained.

Billing or bank details: When you make a payment, you provide us or our chosen payment service provider with certain information which is necessary to process your payment, including your debit or credit card number, card holder name, card expiry, CVV and billing address. 

Customer service: You can contact our customer services team via the App, our Platform, email or via the Chatbot. We collect the information that you give to us during the interaction. Sometimes, we monitor or record these interactions for training purposes and to ensure a high quality of service.

  • Information we receive from others

In addition to the information you provide us directly, we may receive information and personal information about you from third parties. We will only use this information and the combined information where we have a lawful basis.

Doctors’ Surgeries / Hospitals: Surgery and/or hospital staff may provide information about you, for the purposes of facilitating the services. Your surgery or hospital is the controller for any personal information that you provide to it. 

Other Partners: We may receive information about you from our third-party partners. For instance, in relation to advertising, we may receive personal information and information where advertisements are published on a partner’s websites and/or platforms (in which case, they may pass along details on a campaign’s success).

Any data which is obtained from third parties will be kept in accordance with this Privacy Notice, and with any additional restrictions imposed by the third party that shared your personal information with us.

  • Online Account, App and Platform:  

Our website, App and our Platform have been designed to improve the online accessibility of appointments, video consultations, manage prescriptions and other advice/services available to you from the comfort of your own home.

When you sign up to use our online services, App or our Platform, we require some of your personal information, including your name and contact details. 

You are able to access your account and update your personal information within the App or our Platform. 

Where you have logged on via your NHS login, you can access and update your medical and/or NHS records by contacting us directly. 

We may collect additional information, for example, when you provide feedback, when you provide information about your personal circumstances, change email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with us, or other support functions including customer services.

We may also collect information from and about the device(s) used to access the App or our Platform.

We collect information about your activity on our website, App and our Platform, for instance how you use and interact with our website/application (e.g., date and time you logged in, features you have been using, searches, clicks and pages which have been shown to you, referring web page address, advertising that you click on) and how you interact with our staff (e.g. interactions, time and date of your exchanges, number of messages you send and receive).

If you give us your consent, we can collect your precise geolocation (latitude and longitude) through various means, depending on the service and device you are using, including GPS, Bluetooth or Wi-Fi connections. The collection of your geolocation may occur in the background even when you are not using the services if the permission you gave us expressly permits such collection. If you decline permission for us to collect your geolocation, we will not collect it.

Please note that our App and our Platform is an NHS integrated app. When you access the App or our Platform using your NHS login details, the identity verification services are managed by NHS England. 

  • Payment information

We may process your personal information to process any payments made for the provision of services. The information may include information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code.

Any payment transactions carried out by us, or our chosen third party provider of payment processing services will be kept secure and encrypted where possible. Our payment partners are currently  as follows:

  1. Ryft Pay – Please see Ryft Pay’s privacy policy here: 

  1. Stripe – Please see Stripe’s privacy policy here:  . Stripe is being phased out and will eventually be replaced fully with Ryft Pay.

  • Why do we process your personal information and what is our legal basis?

We will only use your personal information if we have a proper reason to process it and the law allows us to do so. 

When collecting your personal information, we will always make it clear to you which information is necessary in connection with the particular activity.

Most commonly, we will use your personal information in the following circumstances:

  • Where you have consented before the processing.
  • Where we need to perform a contract, we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where it is necessary to protect your vital interests where you are physically or legally incapable of giving consent, for example in an emergency if you are incapacitated.
  • For reasons of substantial public interest or the management of health or social care systems and services.  
  • Where we need to comply with a legal or regulatory obligation.

Whenever you have given us your consent to use your personal information, you have the right to change your mind at any time and withdraw that consent. However, this will not affect the lawfulness of any processing which is carried out before you withdraw your consent.  Also, if we are not relying on consent as the lawful basis for processing your personal information, then we may still continue to process it.

The table below sets out all the ways in which we plan to use your personal information, which are the legal bases on which we rely to do so and, where relevant, what the legitimate business interests are. There may be more than one lawful basis depending on the specific purpose for which we are using your data. 

To provide our services: 

The personal information we collect

Why we use this personal information  

The lawful basis relied upon: 

• Account and contact details;

• NHS details;

• Information relating to your health (to the extent such information is provided by you);

• Billing details;

• Customer service information;

• Name;

• Email;

• Address; and

• Phone number

• Making our website, the App and our Platform available to you;

• Creating and managing your account;

• Tailoring our services and advice to you;

• Customer support;

• Communicating with you about our services, including order management and billing;

• Delivery services; and  

• NHS login 

We rely on to process your personal information is article 6(1)(b) and (f) of the UK GDPR, which allows us to process personal information when this is necessary for the performance of a contract with you and where the processing is necessary for the purposes of a legitimate interest pursued by us.

Where the information contains health information the lawful basis, we rely on to process it is article 9(2)(h) or (i) of the UK GDPR, which is for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services or pursuant to contract with a health professionals.

Where we process information for the NHS the lawful basis we rely on article 6(1)(e) of the UK GDPR, which allows us to process personal information when this is necessary to perform public tasks. Where the information contains health information the lawful basis we rely on to process it is article 9(2)(g) of the UK GDPR, which also relates to public tasks.

To manage our relationship with you 

  • Account and contact details; and
  • Customer service information

• Notifying you of changes in our terms and conditions or privacy notice; and

• Asking you to leave a review or take part in a survey

We rely on to process your personal information is article 6(1)(b) and (f) of the UK GDPR, which allows us to process personal information when this is necessary for the performance of a contract with you and where the processing is necessary for the purposes of a legitimate interest pursued by us.

Where the information contains health information the lawful basis, we rely on to process it is article 9(2)(h) or (i) of the UK GDPR, which is for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services or pursuant to contract with a health professionals.

  • Automated Decision Making

You will be notified if we make a solely automated decision which produces a legal effect or significantly affects you.

Unless otherwise agreed with you, we will not use any of your personal information for automated decision making or profiling. Please note you also have a right to object to profiling, and solely automated decision making as detailed below. 

  • Who do we share your information with and why?

We sometimes share your personal information with trusted third parties. 

The reasons we may share your information with third parties are:

  • to provide you with our services;
  • if we are under a legal or regulatory duty to do so;
  • if it is necessary to do so to enforce our terms of use or other contractual rights;
  • to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity;
  • where such disclosure is necessary to protect the safety or security of any persons; and/or 
  • otherwise as permitted under applicable law.

We may share your personal information to help us provide our services, including via the App, our Platform and our website. We have contracts with companies which provide us with services such as IT support, data storage, payment processing, delivery services and email automation services. 

We only provide third parties with the information they need to know to perform their specific services. 

We work closely with all the third parties to ensure that your personal data is secure and protected at all times. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Our contracts with third parties make it clear that they must hold information securely, abide by the principles and provisions of data protection, and only use information as we instruct them to.

In corporate transactions

We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy or other change of ownership or control.

When required by law

We may disclose your personal information if reasonably necessary:

(i) to comply with a legal process, such as a court order, government / law enforcement investigation or other legal requirements;

(ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or

(iii) to protect the safety of any person.

To enforce legal rights

We may also share information:

(i) if disclosure would mitigate our liability in an actual or threatened lawsuit;

(ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; 

(iii) to enforce our agreements with you; and 

(iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

  • Marketing 

We strive to provide you with choices regarding certain personal information uses, particularly around marketing and advertising.

If you have given your consent to receive marketing emails, you can withdraw this at any time, or if we are relying on our legitimate interests to send you marketing, you can object. 

If you have received a direct marketing email from us and no longer wish to receive these marketing emails, the easiest way to let us know is to click on the unsubscribe link at the bottom of our marketing emails. We provide opt out or unsubscribe links at the bottom of these emails to allow you to opt out at any time.

  • Where is your personal information processed?

Sometimes, we will need to share your personal information with third parties and suppliers outside the UK, such as Europe and the USA. 

In the event we need to transfer your personal information outside the UK, for instance to our third party service providers, we will ensure we have in place adequate safeguards to do so. Our safeguards ensure that your personal information receives the same protection as if it were being processed inside the UK. For example, our contracts with third parties stipulate the standards they must follow at all times.

Any transfer of your personal information will follow applicable laws and we will follow the guiding principles of this Privacy Notice.

  • What are my privacy rights?

You are also able to exercise your rights over the personal information which we process which include:

The right to be informed.

We aim to be transparent within our Privacy Notice and provide you with information about how we use your personal information. 

Right of access.

You have the right to request a copy of any information that we hold about you. We try to be as open as possible as we can be in terms of giving people access to their personal data. 

You can find out if we hold any personal information by making a subject access request.

The right to rectification.

You have the right to request the correction of your personal data when it is incorrect, out of date or incomplete. You can contact us, and we can amend inaccurate personal data, however, please note that in some circumstances we may ask for documentary proof that the amendment is necessary. 

The right to erasure.

You can request the erasure of your personal data when it is no longer necessary, you withdraw consent, or you object to its processing. Some information held by us is required by law to be held for a period of time. You can contact us if you wish to make a request.

The right to restrict data.

You can request that we restrict the processing of your personal data. This can be done in circumstances where we need to verify the accuracy of personal data, if you do not wish to have personal data erased or you object to the processing and we are considering this request.

The right to data portability.

Under some circumstances, you can request a copy of the personal data you provided to us in a machine-readable format or ask that this data be transferred to another third party.

The right to object.

In some circumstances, you can stop the processing of your personal data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data. Where your details are used for marketing, you can opt out at any time. 

The right not to be subject to automated decision making and profiling.

You have the right to not be subject to solely automatic decisions (i.e. decisions that are made about you by computer without any human input) in relation to your treatments, care or other processes that have a legal or similarly significant effect on you.

When you request to exercise your rights

You will not have to pay a fee to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded or excessive, including where requests are repetitive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information  or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

  • How do we protect my personal information?

We have implemented, and will maintain current, reasonable physical, technical, and organisational security measures to protect your personal information from loss, misuse, and unauthorised access, disclosure, alteration, or destruction.

We use encryption to add an extra layer of protection to your data while it is stored on the App or our Platform and for personal information which is transmitted by the App or our Platform. 

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we have security measures in place to protect your personal information, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk.

  • Cookies. What cookies and similar technologies do we use?

We use and may allow others to use cookies and similar technologies (e.g. web beacons, pixels) to recognise you and/or your device(s).

Some of these cookies are essential to our service, for example they ensure that the App or our Platform loads properly, they remember your cookie preferences, enable you to use payment functionalities, and enable our administrative users to log in to the App and our Platform. Others are of an analytical nature allowing us to better understand how you use our website, the App and our Platform.

You can find more information about the individual cookies we use, the purposes for which we use them, and how you can better control their use in our Cookie Notice.

You can also set your browser to accept or reject all specific cookies. You can set your browser to alert you each time a cookie is presented to your device or opt out of Google Analytics by installing Google’s opt-out browser add-on. You can delete cookies that have been stored on your device, but if you prevent us from placing cookies on your device, or if you subsequently delete a cookie, it may not be possible for you to use our website, the App and our Platform effectively. Please see our Cookie Notice for additional information pharmacy1st.co.uk/cookie-policy .

  • How long do we retain your personal information?

Your personal information will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this policy or as otherwise required by applicable law or NHS mandate.

  • Can this Privacy Notice change?

This Privacy Notice may be amended from time to time. We will post any changes we may make on this page and, where appropriate, notify you via email. 

  • How can we help you further?

If you have any questions or comments, please contact us at pharmacy1st@outlook.com 

For further information on data protection, please visit the Information Commissioner’s Office (ICO) website.

The ICO regulates data protection. If you feel that your information has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the ICO.

You can contact them by calling 0303 123 1113 or visit the website.

 
 

Leave a Reply

Your email address will not be published. Required fields are marked *