PRIVACY POLICY
PRIVACY NOTICE FOR CUSTOMERS OF PharmaExpo LTD
1.OUR APPROACH
This Privacy Notice (the “Notice“) describes how PharmaExpo LTD (trading as My London Pharmacy) (“PharmaExpo LTD“, “us“, “our” or “we“) processes personal information about you (the “Customer” or “you“) when you use our website and when you place an order with us via our website mylondonpharmacy.co.uk (our “Site“). We are the data controller of the personal information we handle and are therefore responsible for ensuring that our systems, procedures, suppliers, and employees comply with data protection laws. If you do not agree with this Notice, please do not send us any information.
In order to fulfil your order, we must also transfer your information to other data controllers, including a partner pharmacy, My London Pharmacy (“My London Pharmacy” or “Pharmacy“), and the clinicians. Together, My London Pharmacy and our clinical partners (Dispensing pharmacies, NMC, GMC, GPhC prescribing doctors) will be referred to as “Partners.”
Read this Notice to learn more about PharmaExpo LTD’s responsibilities and how and why we collect and use your personal information. This Notice also describes how Partners will collect and use your personal information. Our Cookie Policy provides additional information about how we utilise cookies. If anything in this Notice is unclear or if you have any questions, please contact us at help@mylondonpharmacy.co.uk.
2.HOW WE COLLECT INFORMATION AND WHAT INFORMATION WE COLLECT
Personal data or personal information refers to any information that can be used to identify an individual.
We may collect, store, and use any or all of the following information types:
System Specifics (Website Visitors, Account Holders and Customers)
When you visit our website, we automatically collect information regarding your use of the platform, such as the pages you view and the resources you access. This information may include website traffic data, IP address, viewed pages, location data, browser, operating system, referring source, visit duration, clickstream data, and other communication data. This information is typically not personally identifiable based on our methods and systems. In instances where this information could be combined with other sources to make it personally identifiable, we restrict access to ensure its anonymity.
When you interact with our platform via our Site or otherwise, we collect System Information.
Identification Data (Account Holders and Customers)
When creating an account on our website, logging in, updating an existing account, or placing an order, the following personal information will be collected:
Name, title, addresses, telephone numbers, and email addresses; date of birth and other physical characteristics including age, weight, and gender; billing information and account settings
Subject to your explicit consent, we will also collect, store, and utilise your health information, including prescription needs. This is a special category of more sensitive information. When we process health information, we will treat it confidentially and never use it for direct marketing.
We collect Identity Information that you voluntarily provide or that is provided by a partner. For example, when you use Google to log in to our website, or when you register with or use our platform to purchase medication, we collect your Google Account information (by entering your prescription details for review).
When you contact us (via email, telephone, or otherwise) with a question or a request for information, we also collect Identity Information.
Data of a Special Category (Prescription Customers)
To provide our services, we will need to process special category data, such as your health information from your questionnaire or prescription. The data protection law requires us to meet certain additional conditions whenever we process special category data. We will only process data from special categories with your explicit consent. For example, if you consent to our accessing your health information contained in your prescription so that we can provide you with our services and products.
3.HOW WE WILL USE YOUR PERSONAL DATA The provision of our services
As part of providing our services, we use the personal information collected from you to:
sign you up as a user of our service.
process your orders and provide your details: to our clinicians to assess your medication requirements; and to the Pharmacy or partner dispensing pharmacies to enable you to purchase the medication from them
manage our relationship with you (for example by notifying you about changes to our terms or asking for feedback on our service)
Observing, managing, and bettering
We use your personal information to help us monitor our performance, administer our service, and improve it by:
using data analytics to enhance customer relationships and experiences by monitoring and analysing customer activity to identify patterns and help us improve our website and communications,
conducting data analysis, testing, system maintenance, support, reporting, and data hosting, analysing data so that we can prioritise relevant and popular features educating, training, and developing the performance of our staff ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing the distribution of malicious software
Other aspects of business administration such as management and planning, including accounting and auditing, are related to fraud prevention.
With your prior explicit consent and occasionally based on Legitimate Interest, we may use your data to send you specialised information about our products and services that may be of interest to you. If you would like to revoke your consent at any time, please contact us at support@mylondonpharmacy.co.uk or click Unsubscribe in any of our emails.
4. OUR PARTNERS’ USE OF YOUR PERSONAL DATA
As stated previously, in order to provide you with our services, we may share your personal information with our Partners, who will act as the data controllers for that information. For more information on our Partners’ roles, please refer to our general Terms of Service and Sales Conditions.
4.1 THE PHARMACY
The name of the pharmacy dispensing your order is:
My London Pharmacy Pharmacy, our in-house pharmacy, is 45 Newman Street, Soho, London, W1T 1QE
Use of your personal information by the Pharmacy
As part of the provision of the Pharmacy’s services, it will use your personal information that we transfer to it for the following purposes:
process your orders and sell, supply, dispense, and post prescription medicines to you in accordance with the Terms of Sale and the Website Terms and Conditions;
manage its relationship with you (such as by responding to your questions);
4.2 OUR ASSOCIATED DOCTORS
Our partner clinicians are a number of individuals registered in the United Kingdom with the General Pharmaceutical Council, General medical Council, Nursing and Midwifery Council, each holding accredited prescribering qualifications and being trained in providing remote consultations and issuing online prescriptions. The clinicians will evaluate the clinical appropriateness of your request for the prescribed treatment. Please refer to our Terms of Sale for more information regarding the consultation procedure.
How our clinicians will use your private data
As part of the clinician’s services, they will use your personal information, which we provide to them, to:
If your ordered treatment is clinically appropriate, your physician will evaluate your health information and write you a prescription.
Obtain additional information from you, if necessary, in order to inform their decision, by contacting you using the information provided.
Information on fair processing
On behalf of the clinicians, we are obligated by law to provide you with the following information:
Who are the clinicians?
Individuals registered in the United Kingdom with the General Pharmaceutical Council, Genral Medical Council, Nurse & Midwifery Council, each holding accredited prescriber qualifications and being trained to provide remote consultations and dispense prescription medications online.
Contact details (which you should use to exercise any of your rights listed at Paragraph 11 of this Notice)
Please contact us at support@mylondonpharmacy.co.uk if you wish to obtain the contact information for our clinicians.
Objective of the processing
Similar to “How clinicians will utilise your personal information”
The processing is required for health-related purposes, subject to pertinent conditions and safeguards, and is performed by a health professional.
The length of time a clinician will retain your personal information.
The duration of personal data storage will be determined in accordance with applicable law and regulatory guidance issued by the Department of Health
Your legal rights in regards to the physician
Similar to below, paragraph 11
5.OUR GROUNDS FOR PROCESSING
Data protection law stipulates that we are only permitted to use your personal information if we can identify a legal basis for doing so. Our primary legal basis is your consent to the processing outlined in this Notice. Occasionally, we may also rely on an additional legal basis. Typical examples include:
where we need to use the information to fulfil a contract we have with you where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests where we must comply with a legal or regulatory obligation.
6. INFORMATION SECURITY
The Internet lacks security features. Nonetheless, as described in this Notice, we have implemented a number of security measures.
Please be aware that Internet-based communications, including emails and instant messages, are not secure unless they are encrypted. The Internet’s design necessitates that your communications may pass through multiple nations before being delivered. We cannot accept liability for any unauthorised access to or loss of personal data that is beyond our control.
We believe we have in place the policies, rules, and technical safeguards necessary to protect the personal data under our control from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction, or accidental loss, taking into account the nature and quantity of the data.
7. PERSONAL INFORMATION DISCLOSURE
We will not share your personal information with or to third parties, except as otherwise provided in this Notice (such as with our Partners) and under the following limited circumstances when we want or are required to share your personal information, including:
with third-party service providers or suppliers in order to deliver our services (for example payment processors, webhosts, ID verification partners etc). Where we share data with service providers, we require them to sign a contract that, among other things, requires them to have stringent security measures in place, comply with our instructions, and help us to comply with data protection law; to another legal entity on a temporary or permanent basis, in connection with a business transaction, such as a merger, financing, acquisition, or sale of our business; where we are required to do so by law; and where you have provided your consent.
with third party clinic partners such as hair transplant clinics to perform our joint services for you and to enable them to contact you as part of our joint service.
8.TRANSFER OF PERSONAL INFORMATION INTERNATIONALLY
To fulfil our obligations under our contract with you, we may transfer your personal information outside the European Union. When this occurs, we will ensure that your personal information receives an adequate level of protection, and we will take the necessary steps to ensure that it is handled in accordance with EU and UK data protection regulations. Contact us at support@mylondonpharmacy.co.uk if you require additional information about these precautionary measures.
9. SECURITY AND RETENTION
We have implemented appropriate security measures to prevent your personal information from being lost, misused, accessed in an unauthorised manner, altered, or disclosed.
We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are required to do so by law.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, such as satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether these purposes can be achieved through alternative means, and the applicable legal requirements.
10. YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA
You have the legal right under certain conditions to:
Commonly known as a “data subject access request,” a request for access to your personal information. This permits you to obtain a copy of the personal information we hold about you and to verify that we are lawfully processing it.
Request corrections to the personal data we maintain about you. This allows you to have corrected any incomplete or inaccurate information we hold about you.
Request that your personal data be erased. This enables you to request the deletion or removal of your personal information when there is no compelling reason for us to continue using it.
Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground.
Request that your personal information not be processed further. This enables you to request that we suspend the processing of your personal data, for instance if you want us to verify its accuracy or the reason for processing it.
Request the transfer of your personal data to a third party.
Accessing your personal information will not cost you anything (or to exercise any of the other rights). However, if your request for access is manifestly excessive or without justification, we reserve the right to charge a fee. Alternatively, we may refuse to comply with the request in such circumstances.
We might ask you for specific information to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an additional appropriate security measure to ensure that personal information is not divulged to unauthorised parties.
If you would like to exercise your rights with respect to the processing of your information by any of our Partners, please contact help@mylondonpharmacy.co.uk
11. LINKED WEBSITES OR APPLICATIONS
We are not responsible for the privacy policies and practises of other websites, even if you reached them via a link on our website. Check the policy of each website you visit prior to deciding whether or not to proceed, and contact the website’s owner or operator if you have any questions or concerns.
12. CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Notice at any time, and we will provide you with a new Notice if we make significant changes. The processing of your personal information may also be communicated to you in other ways from time to time.
My London Pharmacy is the controller of all personal information it receives and stores. A data protection Officer (“DPO”) has been appointed to oversee questions regarding this Policy. If you have any questions regarding this Policy, including requests to exercise your legal rights, please contact the DPO using the information provided below:
Full name of the organisation:
PharmaExpo LTD
Title or name of the DPO:
Yousef Yaghoubi
Mail address:
Postal address:
45 Newman Street, Soho, London, W1T 1QE
The telephone number is:
020 3154 4734
If you have any questions, concerns, or complaints regarding our use of Your Data, please contact the DPO.
You may file a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters. We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.