1. Data Controller and Data Protection Officer
2. Patient medical records
Your medical information and order history is completely confidential and only accessible by the pharmacy staff and doctors. We will never disclose this information unless required to do so by law.
3. The information we collect about you
When you visit our website we may collect the following personal information from you:
- The information about your use of our website such as details of the pages you visit, traffic data including the location, your IP address and the source used to visit our website.
- The information that you provide voluntarily. For example when filling out a medical questionnaire, making a purchase or registering with our website, we would save information like your name, gender, delivery address, email address, date of birth, telephone number, GP address, patient notes, consultation notes, payment records and details of the medicines you have ordered.
- The information that you provide when contacting us.
4. Use of your information
How we use your personal information:
- So we can provide our services to you (such as, process your registration, medical consultations, provide the products or services requested, processing payments, request feedback and remind you of refills) and to comply with regulatory requirements.
- If you agree, we collect your information to be able to send you information about other products, services and special offers we think may be of interest to you, or those of other companies that operate within our group. If and when you change your mind, you can withdraw this permission for us to contact you for marketing purposes by sending an email to us at email@example.com. Sending this email would not affect the services we provide to you.
We share your personal information:
- With other third parties relating to our services, and where it is necessary.
- This includes exchanging information for fraud protection and verifying your identity by a third-party provider namely, LexisNexis Risk Solutions UK Ltd (Registration number 07416642).
- With other business entities that operate within the Varioline Health group.
5. How we protect your information
We have put in place security procedures, both technical and organisational measures to safeguard your personal information and we will use all reasonable efforts to ensure that your personal information is stored securely.
However, you should be aware that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which you choose to send us or we send you via the Internet.
6. Retention time
We would retain your personal information for as long as we have legal or business reasons to do so. This is just as long as you remain our customer or if we are required to keep it to meet our legal obligations, resolve disputes or enforce our agreements. In order to carry out our obligations to the General Pharmaceutical Council, the Department of Health and Social Care, and other regulatory or similar bodies, we may further need to retain your health-related personal information for a certain time duration. While we hold your data, we promise to keep it properly secured.
7. Disclosing Your Information
- We may need to share your personal information with our suppliers and other third parties to enable them carry out their services. For example, we could provide your postal address to a courier or we may share your name, address and age with a third party service provider in order to verify your age and identity.
- If you agree for us to keep your GP informed of what we are doing
- To other business entities within and among the Varioline Health group.
- If you have given us the order to share your personal information to our third parties for the purpose of marketing.
- In a situation where the law mandates us to disclose your personal information, for instance, with National Health Service Providers or other regulatory bodies.
We may also have to disclose your personal information to third parties in the following circumstances:
- If we happen to embark on a joint venture, collaboration, financing, sale, merger or reorganization of the company.
- To help in protecting against fraud and to reduce the risk of fraud.
Click Pharmacy use Lexis Nexis RISK SOLUTIONS UK LIMITED to check that our patients are genuine. This is a regulatory requirement and may be carried out only when placing an order for the first time.
Lexis Nexis RISK SOLUTIONS UK LIMITED will check the following three data sources for the purpose of fulfilling the above: Credit agencies, electoral register and telephone database.
You agree as follows:
- I authorise Lexis Nexis and/or any of their appointed agents to carry out all necessary searches, including searches of consumer credit records, in order to verify my information.
- I agree, to the maximum extent permitted by applicable law, that I will not hold LexisNexis, its officers, employees agents and/or customers liable for any direct, indirect, incidental, special, consequential or punitive damages, and to hold harmless LexisNexis, its officers, directors, employees, agents and customers from and against any and all claims, liabilities, damages, losses or expenses, including reasonable legal fees and costs, arising out of or in any way connected with use of LexisNexis's website (and other online properties) or any of the services provided by LexisNexis.
- I confirm that to the best of my knowledge and having exercised due skill and care, that the information I have given is complete, true and correct and I agree to the use of my information as detailed in this Declaration of Consent.
If you have any questions about the ID verification process please do not hesitate to contact us.
8. Your rights
As a subject, you have a couple of rights under the General Data Protection Regulation (GDPR), they are as follows:
Request access for your personal data that is in our possession (commonly known as a "data subject access request" or DSAR). This would enable you receive a personal copy of the data we hold about you.
Request correction of the personal data that we hold about you. This would help you to be able to request a correction of your data in our possession if you deem it to be wrong. Before any correction, we will need to verify the accuracy of the new data.
Request erasure of your personal data that we hold about you. This is your right to ask us to delete or remove personal data if there is no longer any reason for us to hold it. You are also able to ask us to delete your personal data if we have already successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. You should however note that we may not be able to erase your data at the moment you request it because of certain legal reasons we would notify you of, if such is applicable at the time of request.
Object to processing of your personal data if we are relying on a legitimate interest (or those of a third-party) and if there is something peculiar about your situation that may make you decide to object to processing because of this as you feel it impacts on your fundamental rights and freedom. You are also free to object if we are using your data for direct marketing purposes. In certain situations, we may show that we have legitimate grounds to process your information which overrides your rights and freedoms.
Request restriction of processing of your personal data. This would help you request us to suspend the processing of your personal data in the following circumstances: (a) if you want us to ensure the data is correct; (b) when our using the data is unlawful but you would not allow us to delete it; (c) where you may require us to hold on to the data for longer even though we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have prevented us from using your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third-party. We will furnish you or your preferred third party with your personal data in a structured, commonly used, machine-readable format. You should note that this right is only applicable to automated information which you have already given us consent to use, or if we have used the information to work for you.
Withdraw consent at any time if we need your consent to process your personal data. This however, will not affect the lawfulness of any job or processing that was carried out before you withdrew your consent. But you should note that we may not be able to provide certain products or services to you if you withdraw your consent.
9. Third Party Links
If you do not wish to receive these cookies, you can change the settings on your computer to reject these cookies. You can do this easily by clicking on the reject cookie setting on your computer or browser.
11. Your right to complain
You have the right to complain any time you have issues to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can reach the ICO here. We would, however, prefer to handle your concerns at first instance, before you approach the ICO, so you should endeavor to contact us first.
12. Contacting Us