Express Pharmacy Ltd, (“We, us or our”), are committed to protecting and respecting your privacy. This policy together with our website terms of use (TERMS) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. The website www.expresspharmacy.uk (“our site”) is not intended for children and we do not knowingly collect data relating to children. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By providing your express opt-in consent in the form of your electronic acceptance of the declaration under clause 15 of this policy (“Declaration”), you are accepting and consenting to the practices described in this policy.
1. WHO WE ARE
The data controller is Express Pharmacy Ltd, a company incorporated in London, whose registered office is at 17 Church Rd, London W3 8PU, United Kingdom, and is responsible for your personal data.
We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO in writing at Express Pharmacy Ltd, 17 Church Rd, London W3 8PU, United Kingdom or by email to info@expresspharmacy.uk.
2. INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
a) Information you give us. You may give us information about you by completing the order form or medical consultation form on our site, or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site. The information you give us may include your name, address, e-mail address and phone number.
b) Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
i. technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
ii. information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
3. HOW WE COLLECT YOUR INFORMATION
We use different methods to collect information from and about you including through:
a) Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
i. order medication on our site;
ii. create an account on our site;
iii. subscribe to our service;
iv. request marketing to be sent to you; or
v. give us some feedback.
b) Automated technologies or interactions. As you interact with our site, we may automatically collect data about your computer equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
4. COOKIES
Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. For further information about cookies visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.
5. USES MADE OF THE INFORMATION
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
a) where we need to perform the contract we are about to enter into or have entered into with you;
b) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests ; and
c) where we need to comply with a legal or regulatory obligation.
In addition to clause 5.1, we use information held about you in the following ways:
a) Information you give to us. We will use this information:
i. to assess whether the medication ordered is suitable in light of your medical history and symptoms experienced;
ii. to verify your identity against other mediums we deem relevant for our checks;
iii. to store in our customer database;
iv. to notify you about changes to our service;
v. to provide marketing material about services or medication that may be of interest to you (consent to such material can be withdrawn); and
vi. to ensure that content from our site is presented in the most effective manner for you and for your computer.
b) Information we collect about you. We will use this information:
i. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research and statistical;
ii. to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
iii. to allow you to submit orders for medication to us, when you choose to do so; and
iv. as part of our efforts to keep our site safe and secure.
6. DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use (TERMS) and other agreements; or to protect our rights, property, safety, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction, customer feedback, email communication, delivery & courier services and website development and management.
Some of the third parties referred to in clause 6.1 above are based outside the European Economic Area (‘EEA’) so their processing of your personal data will involve transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
a. we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
b. where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
c. where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield framework, which requires them to provide similar protection to personal data shared between the Europe and the US.
We may disclose your name and email address only to third parties who intend to purchase Express Pharmacy Ltd (or any part thereof), or substantially all of our assets, in which case personal data held by us about our customers will be one of the transferred assets.
All the data we collect from you in our database is encrypted and are processed in accordance with local law and we do not sell any data to third parties.
7. WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We are responsible for transactions placed on our site and deploy an SSL certificate so that all data is transferred securely using SSL. Our site is directly integrated with Elavon/Realex who are our payment gateway service providers.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. HOW LONG WE WILL USE AND RETAIN YOUR PERSONAL DATA FOR
Your personal data will be retained indefinitely on our secure servers, as required by regulation regarding healthcare provision
We will retain your personal data for at least the minimum retention periods stated for each type of medical record retained in the Records Management Code of Practice for Health and Social Care 2016, published by the Information Governance Alliance (as updated from time to time). For further information on our data retention policy, please contact us in writing for the attention of the Data Protection Officer (DPO) at Express Pharmacy Ltd, 17 Church Rd, London W3 8PU, United Kingdom or by email to info@expresspharmacy.uk, or visit the NHS Choices page ‘How long should medical records (health records) be kept for?’ using the following link https://www.nhs.uk/CHQ/Pages/1889.aspx.
Notwithstanding clauses 8.1 and 8.2 above, your account with us can be disabled at any time upon written request, however we will retain the personal data regarding your medical records for the periods referred to under clauses 8.1 and 8.2 above.
9. YOUR RIGHTS
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
You have the right to rectify or correct any personal data we hold for you if it is inaccurate or incomplete.
10. ACCESS TO INFORMATION
Such requests shall be free of charge save where the request is manifestly unfounded or excessive, including (but not limited to) if the request is repetitive or complying with requests for further copies of the same information previously provided by us. In such circumstances, we reserve the right to charge you a reasonable fee in dealing with such requests, or alternatively, we may refuse to comply with your request in these circumstances.
We will aim to respond to such requests within one month of receipt of your written request. However, we are able to extend this period of time to two months if your request is complex or numerous. We will notify you of this extension where applicable, including the reasons why we are extending this time period to two months, within one month of receipt of your original request.
11. YOUR CONSENT
By providing your expressed opt-in consent, in the form of your electronic acceptance of the Declaration, you consent to the use of that information as set out in this policy.
By providing your expressed opt-in consent, in the form of your electronic acceptance of the Declaration, you are aware and consent to us contacting you via email or telephone with details about your order, including medication details.
You agree to take all reasonable steps to ensure your information is kept secure and private at all times and maintain adequate security of your account including the use of a strong password which is changed at regular intervals and alert us to any potential breach or suspicious activity that you are aware of.
12. CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our privacy policy in the future will be posted on our site and, where appropriate, notified to you by e-mail. Please check our site frequently to see any updates or changes to our privacy policy.
13. COMPLAINTS
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
14. CONTACT
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed in writing.
15. DECLARATION
I hereby confirm that I have read and understood Express Pharmacy Ltd’s privacy policy above and that I hereby agree and consent to Express Pharmacy using and processing my personal data for the purposes required by Express Pharmacy, as set out in Express Pharmacy Ltd’s privacy policy above.