Privacy Policy

Welcome to Pharmacytoday’s Privacy Policy

‍At PharmacyToday we respect your privacy and are committed to protecting your personal data. 

This privacy policy outlines how we collect, use, store, and share your personal information when you interact with our services, including visiting our website, placing an order, or using our healthcare services on our dashboard and app’s. 

We are dedicated to compliance ensuring that your information is handled with the utmost care and security.

‍Our Contact Details -

Company Name:
PharmacyToday Ltd
‍
‍Company Number:
16066226
‍
‍Registered Address:
6 Butts Court, Leeds, England, LS1 5JS
‍
‍Telephone:
0113 5197717
‍
‍Email:
info@Pharmacytoday.co.uk
‍
‍Data Protection Officer (DPO):
Mr Karl McCaffery

Registering an account with us
‍
When you register for an account on our website as a patient and nominate us to be your pharmacy, we will collect and use your personal information in order to maintain and administer your patient account and your NHS prescriptions amongst other services. 

This may be necessary in order for us to perform our contract with you or, otherwise, we have a legitimate interest to manage our patients’ accounts to facilitate purchases and communication between us. 

You may contact us at any time to close your account. However, please bear in mind that we may be required to retain your personal information in order to comply with our legal obligations.

Information we collect
‍
We require you to provide personal information to us where it is necessary for us to provide you with a service or deal with a question. For example, when you contact us. To use our services you are required to register for an account on our website, that nominates us as your registered pharmacy and allows us to fulfill your prescriptions, refer you where needed and for you to undergo online consultations, purchase products, services and visit third parties sites for shopping discounts

How and why do we use your personal information?
‍
‍We use your personal data to:
- Provide you with safe and suitable treatments
- Provide or facilitate a Clinical Consultations
- Fulfil and deliver ordersComply with legal and regulatory requirements
- Communicate with you, including appointment and delivery updates
- Improve our services and website experience
- Send marketing communications about our products and services
- Make referrals

We take data protection law seriously, so below we have set out exactly how and why we use your information, and what our legal basis is to be able to use your information in each way.

Legal Basis for Processing

‍We rely on the following lawful bases for processing your data:
‍
- Contract: To provide you with services you've requested
- Consent: For optional services, like marketing
- Legal Obligation: To meet regulatory or legal duties

‍Legitimate Interests: To manage business operations effectively and safely. We collect and process this personal information to provide a safe, effective, and legally compliant pharmacy service and health tech platform. 

This includes:
‍
- Identity Data: Normal identification information, such as your full name and title, date of birth, age, gender, and marital status
- Contact Details: Contact Information for example, Email address, telephone number, postal address
- Health Information: Information about your health, including your current health and wellbeing status, your medical history and records, and details of any medicines or treatment that you are receiving, current medications, allergies and past prescriptions and other health related data. Order and Transaction Data: Product purchases, order history, payment methods, Information about your purchases.
- Technical Data: IP address, browser type, device identifiers
- Usage Data: Website interactions, pages visited
- Marketing Preferences: Consent to receive marketing communications via AI calls, SMS, Whatsapp, Twitter, Facebook, Facebook messenger, Instagram,(Social Media Platforms), emails, telephone calls, or letters.
- Correspondence: Information provided by you  in your dashboard area (such as prescriber chat messages, pharmacy chat messages or messages you send to our customer care team and documents etc)
- Payment information: This is securely collected and processed by our payment service provider
- Additional information: Information from third party databases and referral company’s such as identity and credit reference agencies and checks to ensure the medication is going to the correct person, which may also include details about your home and finances. Also relevant to your use of our website and services, such as your marketing preferences, survey responses and feedback


Contacting you
‍
We want to stay in touch with you. Sometimes we may need to use the information that we have about you in order to respond to your questions or let you know about important changes. We have a legitimate interest to keep in contact with you, as a customer and  consent for us to contact you and to receive information marketing communications via AI calls, SMS, Whatsapp, Twitter, Facebook, Facebook messenger, Instagram, other social Media Platforms not mentioned, emails, telephone calls, or letters.

By way of example we will use your information in this respect where it is necessary so that we can:

- Sign you up as a customer
- Interact and respond to any communications you send us, including any social media posts that you tag us in.
- Contact you in connection with any orders, including where our clinical team requires further information from you, so that we can notify you of the status of your order, and so that we or our courier partners can inform you when your order is due to arrive. 
- Let you know about any important changes to our business or policies.
- Contact you via methods mentioned in this policy.
- If one of our prescribers needs to contact you regarding your consultation or test result, or needs more information. On some occasions, our clinicians may need to contact you via telephone to discuss your consultation or test result in more detail.
- Contact you regarding promotions
- New products and services
- Referals

If we have made several attempts to reach you by sms email or telephone and have been unsuccessful, we may contact you by sending a written letter to your home address or any of the methods contained in this policy.

Information we collect about you from other sources

Sometimes you will have given your consent on other websites, partner sites, services or third parties to provide your information to us and have agreed to create an account with us.

Whenever we receive your information about you from these third parties, in order to create an account, we may collect information about you from other sources. 

This may include the following:
‍
- Publicly available information, from sources such as the Electoral Roll or Companies House
- Information you have shared publicly, including on social media (particularly in respect of job applications)
- Information from third party databases and referral companies such as identity and credit reference agencies, which may include details about your home
- Information from your other healthcare providers (only with your consent, or where it is necessary for us to provide our service, such as fulfilling your or a relative’s NHS prescriptions, or comply with our legal obligations)
- Referral Partners where you have agreed to create an account with us and sign up to our services.

Who do we share your personal information with?
‍
We share the information that you provide to us with our staff so that we can provide our products and services to you. 
‍
We may also share the information that you provide to us with other companies within our group, network and/or the other websites that we contract with and/or operate. 
‍
In particular, the following persons have access to the data that you provide to us:
‍
- Our UK pharmacy prescribers, also responsible for reviewing your order
- Our clinical lead, who supervises our practice
- Our patient services team, which processes your order
- Employees of our company, which manages the website and handles some of our customer care operations
- Delivery partners 
- Our contracted Pharmacy network facilitators

We may share your data with selected third parties. For example, we may share your information with:
‍
- Our payment service provider, to process payments on our behalf. We will share your full name, address, phone number, email address and details of your order for this purpose. Our payment provider will collect and process your payment details; we will not store or have access to your full credit or debit card details.
‍
- A credit reference agency, for carrying out identity checks. All orders made through our site are subject to identity checks, in order to prevent online fraud. Your full name, date of birth and home address will be shared for this purpose.
- Third party couriers (e.g. DPD, Royal Mail or UPS) in order to arrange delivery or your order. We will only share your full name, postal address and phone number or email address.
‍
- Your private or NHS GP or Consultant. For patients accessing our private service, we will ask you during consultation if you would like us to inform your GP about the consultation you have taken and the treatment you have ordered or, for patients accessing our referral service, whether you would like to be referred to a specialist consultant for treatment. If you do, we will share with such doctor(s) the type and quantity of treatment you have purchased and/or been prescribed, the date the treatment was prescribed and, where appropriate, details of the consultation. If there is any specific part of your record or consultation you would prefer not to be shared, you can let us know and we will respect this. We strongly recommend that you permit us to inform your GP of the treatment you have received, so that they can continue to provide you with the best possible care. For patients accessing our NHS service, we will share details about you and the treatment(s) you have ordered with your NHS GP, so that they can issue the required prescription(s) for us to fulfil. If you are using our service to manage and request repeat NHS prescriptions on behalf of someone else, we will share details about the individual(s) whose prescriptions are being requested for with that individual’s GP, again so that they can issue the appropriate prescription(s) for us to fulfil.
‍
- A Pathology service, for processing samples where you order any test kit from us. The data we will share with them includes your name, your date of birth, and your test reference number. Their systems meet all current EU requirements on encryption, storage and disposal of data.

- Clinical auditors and regulatory bodies. Our pharmacy is registered with the General Pharmaceutical Council. Our prescribers are registered with the General Pharmaceutical Council. Medicines are regulated by the Medicines and Healthcare Products Regulatory Agency. As such, our practices are routinely inspected by these regulatory bodies on a periodic basis. During an inspection, we may be required to share information about your consultation with an approved auditor.

- Contact management systems, to send emails, instant messages, social media messages and SMS messages and other communications listed.

- Our Third party medical technology systems in order to fufill our services 

There are certain other exceptional circumstances in which we may disclose your information to third parties. This would be where we believe that the disclosure is:
‍
- Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings.
- Necessary to protect the safety of our employees, our property or the public.
- Necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction.
- Proportionate as part of a merger, business or asset sale, in the event that this happens we will share your information with the prospective seller or buyer involved.

Information to supply medicines and other products/ services
‍
It is necessary for us to use personal information about you to enter into and perform the contracts that we make with you, such as when you purchase OTC medicines or other products on our website. Using your information in this context is necessary so that we can:
‍
- Provide you with information about our products and services
- Administer your order, including take payments and arranging delivery
- Provide you with information about your purchase and your contract with us
- Make decisions about your purchase, including about the suitability of any medicines
- Provide you with alerts regarding repeat prescription orders, medication updates and adrenaline pen expiration
- Verify your identity
- Deal with any complaints you may haveContact you about any changes that we make to our products or services
- Administer our website, including troubleshooting problems, analysing statistics, conducting research and tests and keeping the website secure
- When you purchase any test kits from us, we will use the information you provide to notify you of your result and, if appropriate, suggest a course of treatment.
- If you wish to purchase medicines on our site, you may be required to complete an online clinical consultation questionnaire. This information is reviewed by one of our GPhC-registered pharmacy prescribers. If our clinicians feel that they require further information from you after reviewing your answers, they will ask you to provide this via a secure chat facility.
- The information you provide during the consultation is essential to the clinical decision-making process. Our prescribers and pharmacists need to know about your current health, your medical history and any other treatment you are receiving, so that they can make sure that the treatment being consulted for is safe and suitable for you. Your current health and medical status may also determine the dose of the medication they prescribe, the length of treatment required, and whether or not you need to seek medical attention in person.

Part of our service as a pharmacy involves notifying you when your medicine is due to run out. We may therefore send a courtesy email, sms, call, ai call, whatts app and app updates if you are on a continuous prescription. We estimate when to send you these reminders based on the quantity you have ordered or need on repeat. We may send this for treatments which are taken on a repeat basis.
‍
Telling you about other products or services that we think may be of interest to you

We may use your information to identify and tell you about our products or services that we think may be of interest to you. We will only do this where you have informed us that you would like to receive marketing communications, such as where you subscribe to our newsletter. You may update your preferences at any time by Contacting Us. We may also use your information to invite you to participate in patient feedback surveys and other market research. If we do contact you about market research, you do not have to participate. If you tell us that you do not want to receive market research communications, we will respect this.
‍
Whether you choose to receive marketing communications, or market research communications is entirely up to you. You can choose to receive both, none, or just one or the other. Your choice will not affect any products or services that you have purchased from us, nor will it affect any quotes for products or services you buy in future.

Telling you about products or services that are similar to ones that you have already bought
‍
If you have already bought medicines or other products from us, we may contact you with information about similar products and services that we offer. We have a legitimate interest to contact you for this purpose, but you may object to receiving these forms of contacts and updates at any time. Simply follow the unsubscribe instructions in any message, or contact us.

Making our business better
‍
We always want to offer the best products, services and user experience that we can. Sometimes this means we may use your information to find ways that we can improve what we do, or how we do it.
‍
We have a legitimate interest to use your information to improve our business, and we will only use your information where it is necessary so that we can:
‍
- Review and improve our existing products and services and develop new ones
- Review and improve the performance of our systems, processes and staff (including training)
- Improve our website to ensure that content is presented in the most effective manner for you and for your computer
- Measure and understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.

Research and analysis

We may use anonymised data related to your order or use of our site for research or public-facing purposes, for example in: statistical analyses of users accessing our service for a specific purpose; or statistical analyses of test results.

Verifying your identity

We may use your information where it is necessary for us to do so in order to meet our legal obligations and to detect and prevent fraud, money-laundering and other crimes.

Protecting you and others from harm

We may use your information where it is necessary to protect your interests, or the interests of others, in accordance with our legal obligations and the pursuit of legitimate interests. This may include in the event of criminality such as identity theft, piracy or fraud.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose we will notify you and we will explain the legal basis which allows us to do so.
‍
Please note that we may process your personal information without your knowledge or consent, in compliance with the rules of this policy, where this is required or permitted by law.
‍
Data Security

‍We may use administrative, technical, and physical measures to protect your personal information, including:

- Encrypted Data Transfer: SSL encryption via Cloudflare / ComodoSSL
- Secure Servers and Restricted Access
- Employee Confidentiality Agreements
- Monitoring and Breach Response Protocols

‍Despite safeguards, the use of third-party content on our site may carry some risk. We advise keeping your passwords private and reviewing online security advice.

‍Payment Security

We may use Stripe or other payment methods to process payments securely. We do not store full card details, but limited transaction information may be retained for legal and operational reasons. These providers comply with data protection laws and may process data internationally under proper safeguards.

- For more information please see Stripe’s Privacy Policy on their website

‍Refunds (e.g., from order cancellations or pharmacist rejections) are made automatically to the original payment method.

‍Third-Party Links

‍Our website may link to third-party sites and plugins. We do not control these and are not responsible for their privacy policies. Please review their policies before sharing data.

Communication

‍We use your contact details to communicate about your care. This may be by phone, email, or SMS, whatsapp or any of the communications listed above. We avoid sending sensitive details by email unless you explicitly request it. Sensitive issues are usually discussed by phone to protect your confidentiality.

‍Changes to Your Personal Information

‍Any changes to your personal data are recorded (what, when, and by whom). It's important that your data remains current and accurate. You can update your personal details via your account settings.

‍How long do we keep your personal information?
‍
We will only store your personal information for as long as we need it for the purposes for which it was collected.
‍
Where we provide you with any service, such as where you register an account as a patient on our website, we will retain any information you provide to us at least for as long as we continue to provide that service to you.
‍
We retain personal data relating to patient health care and prescriptions in accordance with the guidance issued by the NHS. On the expiry of these periods, we will review the information that we hold and, unless we have a legitimate reason to keep holding that information (in accordance with our legal obligations and the purposes set out in this policy), it will be securely deleted. Generally, we may retain personal data relating to prescriptions issued and dispensed and other care records for a period of 13 years (for adult patients) or 25 years (for any patient who is pregnant).
‍
In all other circumstances (such as where you contact us without making a purchase), we will keep your information for a period of no more than 3 years.
‍
How do we protect your personal information?
‍
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
‍
We try to ensure that all information you provide to us is transferred securely via the website (always check for the padlock symbol in your browser, and “https” in the URL, to ensure that your connection is secure).
‍
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
‍
All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
‍
Any data you send to us using the NHS app goes through encryption in transit, to protect your privacy.
‍
What rights do you have in respect of your personal information?

If you require any further information about your rights as explained below, or if you would like to exercise any of your rights, please contact us.

You may exercise these rights for free. We aim to respond within 1 month. Contact us or log in to your account to manage your information.

You have the right to be informed

We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it. We have prepared this policy to do just that, but please contact us if you have any questions.

You have the right to access your personal data

You have the right to ask us to confirm whether or not we hold any of your personal information. If we do, you have the right to have a copy of your information and to be informed of the following:
‍
- Why we have been using your information.
- What categories of information we were using.
- Who we have shared the information with.
- How long we envisage holding your information.

In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold. The first copy of your information that you request from us will be provided free of charge, if you require further copies we may charge an administrative fee to cover our costs. Please contact us to request access to your data.

You have the right to correct any inaccurate or incomplete personal data

‍If you believe that any of the information we hold about you is inaccurate, incomplete, or out of date, you have the right to require us to rectify that information. You can update or change your personal information in the patient area on our website. Alternatively, please contact us so that we can correct our records.

You have the right to have your data transferred to you or a third party in a common format

‍Also known as data portability, you have the right to require us to transfer your personal information, in a structured, commonly used and machine-readable format, either to you or to another service provider. If you would like us to do this, please contact us. There is no charge for you exercising this right.
‍
You have the right to object to direct marketing
‍
You can tell us at any time that you would prefer that we do not use your information for direct marketing purposes. If you would not like to receive any direct marketing from us, please contact us or use the links provided in any of our marketing communications.
‍
You have the right to object to us using your information for our own legitimate interests
‍
Sometimes, we use your personal information to achieve goals that will help us as well as you. This includes when we tell you about products or services that are similar to ones you have already bought; when we use your information to help us make our business better; and when we contact you to interact, communicate or to let you know about changes we are making.
‍
We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object. Unless we have a compelling reason to continue, we must stop using your personal data for these purposes. If you have any objections to our using your personal data for our legitimate interests, please contact us.
‍
You have rights related to automated-decision making and profiling

Any automated decision-making or profiling we undertake is solely for the purpose of tailoring the information which we provide to you. We will not use automated decision-making or profiling to make any decisions which will have a legal effect upon you or otherwise significantly affect you, and you have the right not to be subject to such decisions. If you have any concerns or questions about this right, please contact us.

You have the right to restrict how we use your personal data

You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:
‍
- You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify this
- You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection
- We have used your information in an unlawful way, but you do not want us to delete your data
- We no longer need to use the information, but you need it for a legal claim
‍
For example, you may wish for us to retain your contact details on our “do not contact” list to ensure that we do not send marketing emails to you in the future. If you wish to exercise this right please contact us.

You have the right to withdraw your consent

In most cases, we do not require your consent to use your personal information in the ways set out in this policy. However, where we do rely on your consent (such as where you subscribe to our newsletter), you have the right to withdraw that consent at any time. You can use the “unsubscribe” links in any of the communications that we send you, or contact us to withdraw your consent.

You have the right to be forgotten

There may be times where it is no longer necessary for us to hold personal information about you. This could be if:
‍
- The information is no longer needed for the original purpose that we collected it for
- You withdraw your consent for us to use the information (and we have no other legal reason to keep using it)
- You object to us using your information and we have no overriding reason to keep using itWe have used your information unlawfully
- We are subject to a legal requirement to delete your information
‍
In these situations you have the right to require us to delete your personal data (although please be aware that we may be required to retain certain information in order to comply with our legal obligations). If you believe one of these situations applies to you, please contact us.

Complaints

If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.
‍
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO.

‍Changes to This Privacy Policy

‍We may update this policy from time to time. Significant changes will be posted on our website and, where appropriate, emailed to you. Please check this page regularly for updates.

‍Contact Us, Questions or Concerns?
‍
If you have any questions about your privacy or our use of your personal data, please contact our Data Protection Officer.

‍ If you have any other questions or concerns not covered here, please contact us.