GDPR Privacy Policy
This Privacy Policy sets out how the Pharmacy (hereinafter Company) collect, store and use information about you when you use our service. This Privacy Policy is effective from 25th May 2018.
GDPR PRIVACY POLICY SUMMARY
This section summarizes how we obtain, store and use information about you. It is intended to provide a very general overview only. It is not complete in and of itself and it must be read in conjunction with the corresponding full sections of this Privacy Policy.
• How we collect or obtain information about you:
• when you provide it to us (e.g. by contacting us, placing and order on our website and signing up for our email newsletter, from your use of our website and using cookies).
• Information we collect: name, contact details, IP address, information from cookies, information about your computer or device (e.g. device and browser type), information about how you use our website (e.g. which pages you have viewed, the time when you view them and what you clicked on, the geographical location from which you accessed our website (based on your IP address), company name or business name (if applicable).
• How we use your information: for administrative and business purposes (particularly to contact you and process orders you place on our website), to improve our business and website, to fulfil our contractual obligations, to advertise our goods and services, to analyze your use of our website, and in connection with our legal rights and obligations.
• Disclosure of your information to third parties: only to the extent necessary to run our business, to our service providers, to fulfil any orders from you, where required by law or to enforce our legal rights.
• We do not sell information about you to third parties.
• How long we retain your information: for no longer than necessary, taking into account any legal obligations we have, any other legal basis we have for using your information. For specific retention periods in relation to certain information which we collect from you, please see the main section below entitled How long we retain your information.
• How we secure your information: using appropriate technical and organizational measures such as storing your information on secure servers, encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, encrypting payments you make on or via our website using Secure Sockets Layer (SSL) technology, only granting access to your information where necessary.
• Use of cookies: we use cookies and similar information-gathering technologies such as web beacons on our website including essential, functional, analytical.
• Transfers of your information outside the European Economic Area: we will only transfer your information outside the European Economic Area if we are required to do so by law OR in certain circumstances we transfer your information outside of the European Economic Area, including to the following countries: Australia and New Zealand. Where we do so, we will ensure appropriate safeguards are in place, including insert safeguards used for data transfers outside the European Economic Area e.g. the third parties we use who transfer your information outside the European Economic Area have self-certified themselves as compliant with the EU-AU Privacy Shield.
• Use of automated decision making and profiling: we do not use automated decision making and/or profiling on any of our websites.
• Your rights in relation to your information
• to access your information and to receive information about its use
• to have your information corrected and/or completed
• to have your information deleted
• to restrict the use of your information
• to receive your information in a portable format
• to object to the use of your information
• to withdraw your consent to the use of your information
• to complain to a supervisory authority
• Sensitive personal information: we do not knowingly or intentionally collect what is commonly referred to as ‘sensitive personal information’. Please do not submit sensitive personal information about you to us. For more information, please see the main section below entitled Sensitive Personal Information.
INFORMATION WE COLLECT WHEN YOU VISIT OUR WEBSITE
We collect and use information from website visitors in accordance with this section and the section entitled Disclosure and additional uses of your information.
Web server log information
We use a third-party server to host our website called Pfebc host. Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system. Our server is located in the European Union.
Use of website server log information for IT security purposes.
We AND/OR our third-party hosting provider collect(s) and store(s) server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity.
Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.
A legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation).
Legal obligation: we have a legal obligation to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure.
A Legal basis for processing: our and a third party’s legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interests: we and our third-party hosting provider have a legitimate interest in using your information for the purposes of ensuring network and information security.
Use of website server log information to analyze website use and improve our website. We use the information collected by our website server logs to analyze how our website users interact with our website and its features. For example, we analyze the number of visits and unique visitors we receive, the time and date of the visit, the location of the visit and the operating system and browser used.
We use the information gathered from the analysis of this information to improve our website. For example, we use the information gathered to change the information, content, and structure of our website and individual pages based according to what users are engaging most with and the duration of time spent on particular pages on our website.
Legitimate interest: improving our website for our website users and getting to know our website users’ preferences so our website can better meet their needs and desires.
INFORMATION WE COLLECT WHEN YOU CONTACT US
We collect and use information from individuals who contact us in accordance with this section and the section entitled disclosure and additional uses of your information.
Email Information
When you send an email to the email address displayed on our website we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so).
Transfer and storage of your information
We use a third-party email provider to store emails you send us. Our third-party email provider is Google. Their privacy policy is available here
Contact Form
When you contact us using our contact form, we collect name, email address, phone number, web address, IP address. If you do not provide the mandatory information required by our contact form, you will not be able to submit the contact form and we will not receive your enquiry.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so).
Transfer and storage of your information
Messages you send us via our contact form will be stored in the European Economic Area on our third-party hosting OR email provider’s servers in the US. Our third-party email or hosting provider is Google. Their privacy policy is available here:
For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled
Messages you send to us via our contact forms will be stored within and outside the European Economic Area on our contact form provider’s servers.
For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transfers of your information outside the European Economic Area.
Phone
When you contact us by phone, we collect your phone number and any information provide to us during your conversation with us. We do not record phone calls.
Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)
Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.
Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so).
INFORMATION WE COLLECT WHEN YOU PLACE AN ORDER
We collect and use information from individuals who place an order on our website in accordance with this section and the section entitled Disclosure and additional uses of your information.
Information collected when you place an order
MANDATORY INFORMATION
When you place an order for goods or services on our website, we collect your name, email address, billing address, shipping address, phone number.
If you do not provide this information, you will not be able to purchase goods or services from us on our website or enter into a contract with us.
Legal basis for processing: necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: we need the mandatory information collected by our checkout form to establish who the contract is with and to contact you to fulfil our obligations under the contract, including sending you receipts and order confirmations.
Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).
Processing your Payment
After you place an order on our website you will need to make payment for the goods or services you have ordered. In order to process your payment, we use Payment Express (Netpharmacy) and Stripe (M&R Essentials & The Raw Pharmacist).
Your payment will be processed by these 3rd party providers. Payment Express and Stripe collects, uses and processes your information, including payment information, in accordance with their privacy policies. You can access their privacy policies via the following link(s): here AND here
Legal basis for processing: necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation).
Reason why necessary to perform a contract: to fulfil your contractual obligation to pay for the goods or services you have ordered from us.
Marketing Communications
At checkout, you will have the option of receiving marketing communications from us.
Our goods and services
You can opt in to receiving marketing communications from us in relation to our goods and services by email, by ticking a box indicating that you would like to receive such communications.
We will send you marketing communications in relation to our goods and services only if you opt-in to receive them.
Legal basis for processing: consent (Article 6(1)(a) of the General Data Protection Regulation).
Legitimate interests: direct marketing and advertising our products and services.
Consent: you give your consent to us sending you information about our goods and services by signing up to receive such information in accordance with the steps described above.
Use of web beacons in emails
We use technologies such as web beacons (small graphical files) in the emails we send to allow us to assess the level of engagement our emails receive by measuring information such as the delivery rates, open rates and click-through rates which our emails achieve. We will only use web beacons in our emails if you have consented to us doing so.
For more information about our third-party mailing list provider and they use web beacons, please see their privacy policies which are available here here and here
HOW WE SECURE YOUR INFORMATION
Measures taken to secure your information
We take appropriate technical and organizational measures to secure your information and to protect it against the unauthorized or unlawful use and accidental loss or destruction, including:
• only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible;
• using secure servers to store your information
• verifying the identity of any individual who requests access to information prior to granting them access to information;
• using Secure Sockets Layer (SSL) software to encrypt any information you submit to us via any forms on our website and any payment transactions you make on or via our website
• only transferring your information via closed system or encrypted data transfers
Transmission of information to us by email
Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.
We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
TRANSFERS OF YOUR INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA
Your information will be transferred and stored outside the European Economic Area (EEA) in the circumstances set out below. We will also transfer your information outside the EEA or to an international organization in order to comply with legal obligations to which we are subject (compliance with a court order, for example). Where we are required to do so, we will ensure appropriate safeguards and protections are in place.
Google Analytics
Information collected by Google Analytics (your IP address and actions you take in relation to our website) is transferred outside the EEA and stored on Google’s servers. You can access Google’s privacy policy here
Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.
SENSITIVE PERSONAL INFORMATION
What is Sensitive Personal Information?
‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
Our policy on Sensitive Personal Information
We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us.
If however, you inadvertently or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purposes of deleting it.
CHANGES TO OUR PRIVACY POLICY
We update and amend our Privacy Policy from time to time.
Minor Changes to our Privacy Policy
Where we make minor changes to our Privacy Policy, we will update our Privacy Policy with a new effective date stated at the beginning of it. Our processing of your information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.
Major changes to our Privacy Policy or the purposes for which we process your information
Where we make major changes to our Privacy Policy or intend to use your information for a new purpose or a different purpose than the purposes for which we originally collected it, we will notify you by email (where possible) or by posting a notice on our website.
We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose.
Wherever required, we will obtain your prior consent before using your information for a purpose that is different from the purposes for which we originally collected it.