The collection and use of information by us
What information we may collect from you (the user) when you use our website or services?
- Contact details such as name, email address, mailing address, phone number.
- For pharmacy services we collect information such as your medical history, medication history, gender, NHS number, date of birth, GP details.
- Your preferences information such as product wish lists, order history, marketing preferences, reviews.
- Information that you provide by filling in the forms on this website.
- Information you provide when you report a problem or query.
- Payment details
We try to reduce holding and use of sensitive information.
How we may use your data?
- To provide you with our services
- To process your EPS nominations and repeat prescription requests. This will involve send your request to your GP surgery with your personal details. We may provide some services on our website which are supplied by a third party, such as online doctor or travel clinic booking system. By using these services, the third party providers will have access to your personal details.
- Send you alerts about booked service such as vaccinations, medication review and other private services
- Respond to requests.
- Process your payments for such products and services
- Create and maintain your account
- Send you a newsletter if you have consented
- Respond to your questions and concerns
- Review and enhance the quality of our services and products
- Assist in the detection of fraud.
- To process your booking
Why do we collect, process and store your data?
We needs to collect, process and store your data to enable an efficient and legally compliant delivery of services and products to you (all users).
Legal bases for processing data
We rely on the following legal bases to process your information in line with legal requirements.
- Consent: When you register on our website, you agree and give us consent to process your data for the delivery of products and services to you by us.
- Legitimate interests: To enable us to conduct our necessary business but not when our interests are overridden by your interests or rights.
- Allowing us fulfill a contract: We are required to process your personal information in order to provide you with one of our products or services.
- Vital interests: When processing of your personal data is vital to protect you or someone else’s life.
- Legal obligation: When we are required by law to process your personal information. We will always try to contact you unless we are restricted by law.
How long do we hold your data?
We may hold your data for as long as it's legally required and to enable us to maintain your account. User can request to delete their personal data from our system, please refer to the “User access and choices section” of the policy for details.
We take security of user data very seriously and take appropriate steps to keep it secure. At no point we will sell your personal data to another company.
Where is the user data stored and who has access?
The user data is saved on secured dedicated servers in United Kingdom. With industry level security and firewalls to stop any external threats accessing information. The information is accessed by the us and our IT services providers (Tech Developer Ltd) in European Economic Area (EEA) and outside of EEA, to ensure that the website runs smoothly and to carry out administrative tasks. To provide certain services, such as, repeat prescription requests and EPS nomination, we will need to share your personal details with your GP surgery. By using this website and our services, you agree to the collection, storing and processing of your personal data by us. Also, we may host carefully selected third party service provider on our website, such as online doctor providers and vaccination booking providers. If you decided to use these service, your personal data will be shared with them to enable them to provide you with the service.
How do we protect your data?
We take the security of your personal information seriously. When you enter sensitive information, we encrypt the transmission of that using secure socket layer technology (SSL). We do not store any credit or debit card information. Payments are processed via a third party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We follow generally accepted standards to protect your personal information submitted to us. We take at least a monthly backup of the data stored on our system and is store in UK based dedicated servers.
Commercial sale of your data?
Under no circumstances will we make your personal data available to a third party company for sale. Your data is used to provide products and services to you.
Limitations of internet based systems
We follow generally accepted standards to protect your personal information submitted to us. Due to the nature of digital information transmission, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
User Access and Choice
As a user, under the GDPR rules, you have the following rights over your data that we store and hold.
- Right to correction and completion: you have the right to ask us to correct any of your data which might be inaccurate and complete any data that is incomplete.
- Right to restrict: In some cases you may request to restrict the processing of your personal data. We reserve the right to store enough data to respect your data restriction request in future.
- Right to data portability: You have the right to request your data to be provided to you for your own use. This request applies to when processing is based on consent or performance of contract and where when processing is done through an automated system.
- Right to object: you may object to the processing of your personal data.
- Right to erasure: You may request to have your personal data erased where its not stopping us from complying with legal requirements.
Right to withdraw consent: you have the right to withdraw your consent at any point by contacting us through the details below. In some circumstances, this might not be always possible or you might have to wait for a period of time for this to take place. Contact us for if you would like to discuss this in detail.
If you wish to subscribe to our newsletter(s), you can do at the time of registration. We will use your contact details to send the newsletter and other relevant materials that we believe are of benefit to you.You may choose to stop receiving our newsletter by sending us an email request.
Links to 3rd Party Sites
We ask our customers to provide us with feedback in the form of rating and a comment about their experience. This information will be displayed on our website, with the customer first name, in the form of a testimonial. If you wish to update or delete your testimonial, you can request this by emailing us.
Social media widgets
General Privacy Information
Tracking Technologies / Cookies
Changes to this Policy
Earls Barton Pharmacy
26-28 The Square, Earls Barton, Northampton, NN6 0NA
T: 01604 812736