Pharmacytouk.com promises that we’ll do everything we’re required to by EU law to make certain that your private details are kept that way.
The point of this document is to explain all of the ways in which we achieve that, from how we might utilise your data when running our service, to where it’s stored, who has access to it and how long we’re likely to hang on to it for. We’d really recommend that you take the time to read this carefully and remember what it says, as well as checking back here every now and then in case something has changed.
What the law requires us to do to keep your data safe
The Eu’s General Data Protection Regulations say that we can’t process your data at all unless we’ve got an important reason for doing so. Later in this document, we’ll lay out the scenarios in which we need to collect and process data from you. Broadly speaking, the reasons are; in order to fulfil a contract between ourselves and you, the user; to enable us to take payments from you in order that you can purchase products from us; and to allow us to contact you when we need to with news about the services we provide to our customers.
What types of data we collect
The data we collect from you is in several distinct types. These include your name and address, your payment details, how old you are, what sex or gender you are, your telephone number, your email address and various items of medical data. We’ll also keep a record of any correspondence between us, including letters, emails and web chat messages.
Why we collect it
Our legitimate reasons for using your data are inclusive of but not limited to identification, the processing of requested orders, correct and accurate delivery of merchandise, provision of ongoing customer care, observation of and compliance with our legal obligations and the processing and recording of payments in respect of your orders. In addition we extend this to enabling our network of collaborating physicians and pharmacists to discharge their duties efficiently and effectively by accessing relevant information on a confidential basis.
Why we keep it
As long as you’re a customer of ours, we’ll keep your data on file, but not for any longer than we have to. There are certain legal obligations we have which require us to hang on to some data for a set period even after you’re no longer trading with us. For example, accounting laws mean we have to maintain a record of payments for a minimum of seven years after you close your account. For medical data it’s longer still at 15 years. However, rest assured that legal obligations notwithstanding, we don’t keep any personal data longer than needed.
What your rights are
GDPR gives you a number of rights over how your personal data is used, here’s the breakdown:
Accessing your own data
It’s your prerogative to request confirmation from us about whether or not we are storing, processing or using any personal data of yours. You’re also entitled to know whether we’ve shared that data with another company or entity, or transferred your data to another country. To find out the status of any data we might have about you, simply contact us addressing your enquiry to the data controller.
Restricting how we process it
You’re also entirely within your rights to place restrictions on us in terms of how we process and use it, particularly if you think we’ve made a mistake - i.e. the data we’re holding on you is in some way invalid or inaccurate. Contact the data controller if you have an issue with how we’re using your data, and we’ll explain your available options.
How to get it removed
It's your prerogative to issue a request for removal of your personal data, assuming that there is no regulatory or legislative obligation on our part to preserve records. However, should you assert this privilege, our association with you will necessarily be terminated as, having no access to or visibility of the aforementioned data we would be unable to provide the services detailed in this document.
Avoiding automated decisions being made using your data
We don’t use your data to create a profile on your behalf, or otherwise use algorithms to assess the information we hold about you and decide wholly how you may be treated. And it’s your right under GDPR that this doesn’t happen under any circumstances.
Getting hold of your data
If you want your own copy of the personal data we have about you, you’re also entitled to request that, and we’re obliged to provide it to you in a convenient and usable format. So for example, we can deliver the information we have on record about you as a Word document or a spreadsheet file, which allows you to save it to your own device, view it, and transfer it to another company or individual you are dealing with, if you’d like to.
Getting in touch with us regarding your data and rights
To make a formal communication with us relating to any of your rights under GDPR, or for any other queries you may have about the content of this policy, you should send an email to us at firstname.lastname@example.org. We undertake to ensure that you receive a prompt response. Generally this will be within a calendar month.
Where your data is stored
All the data which we store related to you is kept on a secure filesystem, and the hosting infrastructure is protected from inadvertent or malicious access by state of the art firewalls and defensive anti-virus software.
From time to time we may need to transfer some data to other storage media, but where this is the case, we do not remove the media from our secure business premises. As part of our agreement, in doing business with us, you are giving us permission to transfer and store your data in this way.
For our part, we’ll ensure that we do everything in our power to keep your data safe and secure and not to disclose it to any unauthorised party. Highly sensitive data such as contact details, passwords, health information or financial data is routinely encrypted to increase security.
It’s important to recognise that transmitting data via the Internet is never considered to be one hundred percent safe, and there can always be unforeseen circumstances. With that in mind, when you consent to allow us access to your data, and the ability to process and trnasfer it, you do assume any risk yourself.
We agree that we’ll continuously protect the data of yours which we hold as effectively as reasonably possible, employing all appropriate measures and safeguards to meet the requirements of the GDPR and to satisfy the current laws and regulations within the territories in which we operate, and wherein your data is stored and used.
Should the unthinkable occur, and we suffer a data breach or other security failure, we will of course continue to comply with all appropriate data protection rules. In this case, this will usually include notifying users, i.e. yourself, as well as the relevant supervisory authorities.
How to contact us
If you do need to get in touch, for whatever reason, you can send us an email here: email@example.com
Data Protection Officer
Within our own company we have a nominated contact to deal with any issues around data and to ensure that on a day to day basis we continue to provide an excellent service when it comes to data handling and processing. Our Data Protection Officer can be contacted at firstname.lastname@example.org and will be able to answer any questions you have, either regarding the contents of this document or other queries about data handling.