Privacy and Cookie Policy

This policy explains how eShop Pharmacy uses your personal data. By consenting to this privacy notice, you are confirming that you have read and understood this policy; including how and why we use your information. Personal information is any information that can be used to identify you, or that can be linked to you. By using our services, you are agreeing to abide by this policy. Throughout this Privacy Policy, ‘we’, ‘us’ , ‘eShop Pharmacy’ or ‘Everything Medical’ means Everything Medical Ltd (A company incorporated in England under number 12938949 and whose contact details can be found below). We may change this policy from time to time to reflect updated regulations, so please check this policy regularly.

The type of personal information we collect

We currently collect and process the following information:

• Personal data about yourself: such as your name, home address, phone numbers, email address, gender and date of birth.
• We may also collect other addresses, such as a shipping address
• Proof of identity such as a copy of your passport or driving license.
• Credit card and debit card details
• Information relating to your health and medical history and medicines prescribed and dispensed to you by us
• Details on your GP or regular prescriber
• Information on your purchases (including purchasers from our other sites or partner sites), emails and other digital communications we send to you, including information about which emails you open, and what links you might click on.
• Information related to your browsing activities including your IP address
• Information you provide through communication with us such as emails or telephone calls
• Information posted publicly for example on social media sites
• Information provided by other people on your behalf or information you provide about other people, such as a name of a partner

The above is a non-exhaustive list of personal data we collect about you but provides an overall picture of the information we collect in general.

For the exhaustive list of cookies we collect see the List of cookies we collect section.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

• We use the information that you have given us in order to provide our products and services or to fulfill our legal obligations. Some personal information you provide is essential for us to provide these products and services. Some personal information we collect helps us run our business efficiently and effectively or to provide you with more relevant and personalised offers and information.
• As permitted under soft-opt-in and the GDPR, we use the information to correspond with you from time to time to our business. We may also correspond with existing or registered customers or subscribers to our newsletter of the products and services we offer, any new business or offers directly with eShop Pharmacy or other businesses within Everything Medical. You can choose to opt out of such marketing at any time using the unsubscribe option or the preferences in your online customer account.
• We also collect sensitive personal data from you such as your date of birth, gender, health and medical history. This is to ensure we can offer certain products and services, such as prescribing and dispensing medications legally, safely and accurately; offering health advice and consultations, and other healthcare services you may request from us from time to time  
• Due to Pharmacy regulations, we are required to confirm the identity of our customers who order pharmacy and prescription only medications and certain other health care related products. We use credit agencies to confirm your identity in the form of a soft credit search. We currently use LexisNexis but we are entitled to use other companies from time to time without prior notice. If we are unable to verify your identity, we may request proof of identification in the form of a passport or driving license. We may use other services to verify the authenticity of the identification document provided, such as an MRZ search.
• We may collect and store payment card information so we can process your order and take payment for the products and services you wish to purchase.
• We do collect some personal information automatically from you when you visit this website and other related websites within Everything Medical, using cookies and tools such as Hotjar, Google analytics and Facebook. Please refer to our cookie policy below for further details. In using these technologies, we may therefore collect details about the type of device you use to access our website, its operating system and version, your IP address, your general geographic location, your browser and the webpages / content you view. We also monitor website sessions to see how users interact with forms and pages. The information that we collect automatically is used to protect our websites and improve them.

We may also receive personal information indirectly, from the following sources in the following scenarios:

Information and data obtained from other commercially-available sources, like the electoral roll and companies such as Experian and Equifax that collate and update data. This helps us keep our records up to date, and learn more about our customers so we can continue to improve our products and services to them. We only work with organisations that obtain their data legally from publicly available or consent-based sources.

Information and data obtained from companies within Everything Medical and closely related companies under common control, as defined under 03570 (CTM03570) of HMRC’s Company Tax Manual (CTM)

Occasionally, for marketing purposes, we may obtain lists of potential customers from external companies. We’ll only deal with reputable companies that take privacy and data protection as seriously as we do, and have obtained consent to share this data with us. We’ll always let you choose not to receive further marketing material from us. 

We may share this information with companies which we are legally obliged to provide details to as part of our regulations, non-eShop Pharmacy brands such as companies within the Everything Medical group and closely related companies under common control, as defined under 03570 (CTM03570) of HMRC’s Company Tax Manual (CTM) including but not limited to eShop Health, AllCheckedUp, DfC Marketing and EEUK Limited. We may pass your personal data to companies that provide services on our behalf. Some personal information is necessary in order to provide the products and services to you or improving them. All third parties are obliged to keep your details securely and to use them only to fulfil the services they provide on our behalf. Examples of the functions that may be carried out by external companies:

• Mailing houses and printers
• Credit reference agencies
• Online and social media advertising
• Direct outbound calling for appointment booking
• Delivery services such as couriers
• Market research
• Manufacturers or suppliers
• Laboratories
• Payment providers
• Content providers etc.
• Fraud and money laundering checks
• IT services & support inclusive of web hosting, data storage, data cleansing, content providers

We may also share your sensitive personal details with NHS bodies, such as GP and hospitals, prescribers, clinicians and other health-care professionals for the purposes of making a medical diagnosis to prescribe your medicines and to share information about your health in-line with current pharmacy regulations. When third parties no longer need your data to fulfil this service, they will dispose of the details in line with eShop Pharmacy procedures.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

• Contractual obligation.Such as processing data for the purposes of a contract to which you are party to. This can include when purchasing a product or service from us, we are required to obtain your personal information such as your name and delivery address to fulfill the order.
• Legal obligation.We process data necessary to meet our legal obligations as a Pharmacy and medical service provider. Such as complying with regulations on holding your health and medical information and obligations to HMRC and other government bodies.
• Consent. We process data to provide direct marketing on the basis of consent. You can opt out at any time by following the unsubscribe link or by contacting us on the details below
• Legitimate Interest. Such as processing personal data for direct marketing purposes, to prevent fraud or to ensure the network and information security of our IT systems.
• Vital interest.Such as if we have an obligation under regulations as a pharmacy to report a safeguarding matter to protect someone’s life
• To perform a public task.

We process sensitive personal information about you such as your medical history because it is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health or social care or treatment, or to manage health-care or social-care systems (including to monitor whether we are meeting expectations relating to our clinical and non-clinical performance).

We carry out analytics on data about the medicines we dispense. If we carry out this analysis, we anonymise data it in line with the ICO Anonymisation Standards, so it’s not linked to you and you cannot be identified from it. We analyse data as it helps us get a better understanding of how our dispensing activity operates, which may include audits as part of our obligations to meet Pharmacy standards set by the General Pharmaceutical Council (GPhC) and other healthcare regulators including but not limited to the Care Quality Commission (CQC). It also helps us understand how our business is operating and helps us to improve our products and services.

We may share information with countries inside and outside of Europe such as Republic of Ireland, Germany, US, Vietnam, China, India and Thailand.  Not all countries outside the EEA have data-protection laws that are equivalent to those in the EEA, the European Commission may not consider such countries as providing an adequate level of data protection. In consenting and using our services voluntarily you understand the risks involved. We take all reasonably necessary steps to make sure that your data is treated securely and in accordance with this privacy policy.  

How we store your personal information

Your information is securely stored. We process data you provide in line with General Data Protection Regulation (GDPR). You can view and update your personal data by editing your details on your online account or by contacting us on the contact details below.

We keep your personal information including health and medical history for the time we are required to under current law as a Pharmacy and in any case for longer than is necessary. We will then dispose your information in line with GDPR regulations. This may include deleting any electronic data held and shedding of any paper records.

To ensure we keep your personal data secure, we may ask you to complete an additional security verification check. We use Secure Sockets Layer (SSL) to protect the information you provide to us. We also use an encryption email service to secure data sent via email; however we cannot take responsibility for the security of data from the receiving party. You should be aware sending information via e-mail is not completely secure and anything you send is done so at your own risk. We take measures to prevent information about you being subject to loss, theft, misuse, unauthorised access, disclosure, alteration and destruction, however no system is impenetrable to data breaches inter alia.

All personal data we hold is subject to this privacy notice and our internal data retention policy. If you have a question about types of personal information we process about you, please contact us on the details below.

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.

Your data protection rights

Under data protection law, you have rights including:

• Your right of access - You have the right to ask us for copies of your personal information.
• Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us on the details below if you wish to make a request.

What information am I entitled to?

Your data rights are explained below, all of which are free of charge and should be concluded within a 30-day time frame.

• You have a to right to obtain a copy of all the information that we hold about you, such as personal details, correspondence, marketing preferences, consent information, complaints and queries
• You have a right to request that we stop certain data processing activities that involve your personal data. This isn’t an automatic right, what we are able to do will depend on the type of data that we hold about you and why.
• You have a right to request information on how long the data we hold on you will be stored.
• You have a right to request that we delete your personal data we hold. This isn’t an automatic right, what we are able to delete will depend on the type of data and the reason for processing.
• You have a right to request the source of personal data if it wasn’t collected directly from you.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at:

Name: Everything Medical Ltd

Address: Forward House, 14 Duke Street, Macclesfield, SK11 6UR

Phone Number: 01625568178

E-mail: [email protected]  

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

List of cookies we collect

The table below lists the cookies we collect and what information they store.