PILLSORTED
Website Privacy Notice
1. Who we are
2. This privacy notice
3. Our collection and use of your personal data
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
---|---|---|
To register you (or your organisation if you are a Care Home) as a new patient / customer for our pharmaceutical services | (a) Identity (b) Contact | Performance of a contract with you. Necessary for ours and a third party’s legitimate interests (to set up and manage our patient and customer relationships) |
To collect your prescriptions, dispense, manage and deliver medication to you, provide you with medical advice (as appropriate) or discuss your medication with your medical advisor | (a) Identity (b) Contact (c) Health Data (d) Transaction Data (e) Profile Data | (a) Performance of a contract with you. (b) Necessary to comply with a legal obligation (we must process certain Health Data about you in order to meet our legal and regulatory obligation as a registered and licensed pharmacy)*. *In order to process your health data in this way, we are required to satisfy an additional condition of processing. Our processing of your health data is necessary for the provision of health care or treatment (Article 9(2)(h) UK GDPR). |
To provide products (through our website shop) and/or our delivery services to you, including: (a) to manage payments, fees and charges (b) to collect and recover money owed to us | (a) Identity (b) Contact (c) Financial (d) Transaction | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us and to provide our products/services to our paying customers) |
To manage our relationship with you which will include: (a) Notifying you about changes to our products and/or services, terms or privacy notice (b) Asking you to leave a review or take a survey (c) Responding to queries you may raise | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to manage our customer relationships, keep our records updated and to study how customers use our products and/or services) |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
To deliver relevant website content and marketing materials to you and measure or understand the effectiveness of the marketing we send to you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical | (a) Consent, where we are required to collect it from you (b) Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, marketing, customer relationships and experiences | (a) Technical (b) Usage | Necessary for our legitimate interests (to define types of patients / customers for our products and/or services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about products and/or services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile | Necessary for our legitimate interests (to develop our products and/or services and grow our business) |
4. Who we share your personal data with
5. Transferring your personal data out of the UK and EEA
6. Cookies and other tracking technologies
7. Marketing
8. Your rights
Access | The right to be provided with a copy of your personal data (the right of access) |
Rectification | The right to require us to correct any mistakes in your personal data |
To be forgotten | The right to require us to delete your personal data—in certain situations. Information about a customer may be retained where this is required by law, is part of a fraud investigation or is required for accounting and audit purposes. |
Restriction of processing | The right to require us to restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data |
Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
To object | The right to object: —at any time to your personal data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests. |
Not to be subject to automated individual decision making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |