Privacy policy

About Us

Pharmacy2U, sometimes using the name of “Chemist Direct”, is a UK online pharmacy registered with the General Pharmaceutical Council (GPhC). You can review our GPhC registration details at:

www.pharmacyregulation.org/registers/pharmacy/registrationnumber/9010146

Who handles our data processing activities

A member of our team, called the Data Protection Officer, oversees our data processing activities and how we handle your personal data. You can contact our Data Protection Officer by:

Email: dpo@pharmacy2u.co.uk

Phone: 0113 265 0222

Post through our head office:

Pharmacy2U Limited,
Lumina,
Park Approach,
Thorpe Park,
Leeds
LS15 8GB

If you have any questions about this policy or our approach to data protection and privacy, please contact our Data Protection Officer.

Purpose and scope of this privacy policy

We use this privacy policy to give you information about how we handle information about you when you visit our websites (pharmacy2u.co.uk, shop.pharmacy2u.co.uk, & chemistdirect.co.uk) and mobile app or use our services, apply to work at Pharmacy2U or use our vaccination and health services centres.

We know that our privacy policy provides you with a lot of information, so we have organised it into sections to make it easier for you to read and understand. Some information is in expandable sections to make it easier to read. You just need to click on the sub-heading and more information about the section this will drop down for you to read.

Your privacy matters to us, so whether you are new to Pharmacy2U or a long-time patient, please do take the time to read this policy. If you have any questions, please let us know by using the contact details provided above.

We respect your right to privacy and are committed to explaining clearly and honestly how we use any information that we have about you. This privacy policy will help you to understand what information we collect, why we collect it, and what we do with it.

We do not knowingly collect information from children or other persons who are under 18 years old via our website. If you are under 18 years old, you must only access our services with the consent of your parent(s)/guardian(s).

How we use your data on our online servers and services

The information we collect, how and why we use it

Automated decision making and Profiling

The above information marked with an asterisk (*) may be used for automated decision making or profiling purposes. We do this to:

• Help us to understand our customers and to help us identify and market to customers with similar characteristics.
• Enable us to determine if you might be interested in other products and services we provide.
• Enable us to determine if products and services of other organisations are likely to be of interest to you.
• Enable us to determine if you are likely to be suitable to take part in clinical trials and medical research we may be involved with from time to time (please refer to the section below).
• Determine if our products and services of other organisations similar products and services may be of interest to you.

The law allows us to collect and use this information on the basis that it is in our legitimate interests of operating and improving our commercial pharmacy services.

We do not use any medical data, information about your health, or any other sensitive personal data for profiling and segmentation, except in some circumstances. Segmentation is the process of creating individual lists or groups based on select criteria. The circumstances where we may undertake profiling of medical data will be to undertake the provision of healthcare and treatment (e.g. establishing if you require flu jabs, vaccinations, eligibility for condition-specific information, or clinical trials). The specifics on this are outlined above.

We will use information about the products and services you order for profiling purposes to help improve our marketing.

The automated decision making that we undertake does not have any legal or other similarly significant effects on our patients. This is because every decision is reviewed by a suitable person before being put into effect. What this means is that we will not make decisions about you that are only determined by computers.

You have the right to object to any processing that is based on our claim of our “legitimate interests” including profiling and automated decision making as outlined in the Your Rights section below.

Online Doctor Service

When you sign up to our Online Doctor Service, we may use your personal data in the following ways:

• To create and maintain your patient record once you have registered;
• To verify your identity. This may be against public databases via our Identification Verification partners. We also use LexisNexis Identify Verification Services to verify that your identity is genuine. It is a regulatory requirement for us to provide an Online Doctor Service. You have the right to access your personal records held by credit reference and fraud prevention agencies and by LexisNexis, please visit the LexisNexis page for more information on how to exercise these rights;
• To provide and follow up on the services you request from us and to request feedback;
• Depending on which treatment you need, we may ask you to complete a more detailed questionnaire to help us get a better understanding of your needs.
• To respond to any queries, refund requests or complaints. We keep a record of these queries to demonstrate how we communicated with you throughout. We do this based on our contractual obligations, legal obligations, and our legitimate interests as businesses in providing you with the best service;
• To communicate with you if any services requested are unavailable or if there is a query or problem with your order for record-keeping purposes;
• To carry out market research so that we can improve the services we offer. We only do this where we have your consent;
• We may (with your consent) use your personal data, preferences and details of your transactions to keep you informed by email, web/social media, text and telephone. We also include relevant products and services including special offers, discounts, promotions, events and competitions tailored to you. You can withdraw your consent to receiving this information at any time, following the process outlined in the ‘Your Rights’ section below;
• To continuously improve our service to our customers by monitoring telephone calls which we receive at our branches and call centres for the purposes of staff training, quality control and service improvement. We will only do this where we have your consent;
• To track and analyse activity on our website and to help keep our website safe and secure;
• To notify you about any changes to our services and to send you service emails;
• To comply with applicable law. For example, in response to a request from a court or regulatory body, where such a request is made in accordance with the law.

Retention of your information

We only keep your personal details for as long as we need it to:

• Provide you with our services;
• Send you marketing and promotional materials;
• Meet our legal obligations and/or protect or defend our business.

We keep a document which tells us how long we need to keep this information for in order to meet the above purposes. If you want more detail on this, please get in touch using the contact details given in the ‘Contact us’ section.

Disclosing your personal information

In order to provide you with our products and services, we use other organisations to help carry out some of the processing activities on our behalf.

These types of organisations may include:

• Laboratories;
• Technology hosts;
• Printing companies;
• Providers of digital advertising services;
• Providers of marketing and sales software solutions;
• Mailing houses; and
• Identity verification partners.

In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this Privacy Policy.

We also collect, use and share Aggregated/Anonymised Data such as statistical or demographic data for any purpose.

Aggregated Data may be produced from your personal data, however it does not individually identify you, directly or indirectly, and so it is not considered to be personal data. For example, we may aggregate your usage data with other users’ data to calculate the percentage of users accessing a specific website page. Additionally, we may aggregate your data to create marketing personas/lookalikes to help improve our advertising.

However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data. This combined data will be used in accordance with this privacy policy.

Please note, where we aggregate data for marketing purposes, it will not be combined with your personal data, and you will not be able to be directly or indirectly identified as a result.

Our Recruitment Process

The information we collect, how and why we use it

Retention of your information

We only keep your personal details for no longer than is necessary for the purposes for which it is processed. For information relating to your recruitment (including interview notes) we will take into account the limitation periods for potential claims such as race or sex discrimination, after which the information will be destroyed.

If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so. However, we shall first consider whether the records can be anonymised, and the longer period for which they will be kept.

If your application is successful, we will keep only the recruitment information that is necessary in relation to your employment. For further information, see our data protection privacy notice employment.

We keep a document which tells us how long we need to keep this information for in order to meet the above purposes. If you want more detail on this, please get in touch using the contact details given in the ‘Contact us’ section.

Disclosing your personal information

We may also need to share some of the above categories of personal information with other parties, such as HR consultants and professional advisers.

Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We may also be required to share some personal information with our regulators or as required to comply with the law. In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this Privacy Policy.

Sensitive personal information and criminal records information

Further details on how we handle sensitive personal information and information relating to criminal convictions and offences are set out in our PY056 Data Protection Criminal Records Information Policy.

This policy is available from our HR department or DPT or within the confluence library. Alternatively you can contact us using the contact details below to ask us for a copy of this policy.

Vaccination Services

Pharmacy2U is proud to be part of the national response to the coronavirus (COVID-19) pandemic and is operating vaccination centres across England as a ‘lead provider’ under the National Immunisation Management Service (NIMS). The NIMS is the NHS England’s centralised service for the management of both the COVID-19 and seasonal flu vaccination programmes.

The key purposes of this central NHS system are to enable identification of priority groups, to send invitations to book appointments for vaccination, to manage and monitor the progress of the programme. Further information can be found at: https://www.england.nhs.uk/contact-us/privacy-notice/national-flu-vaccination-programme/

The list of people that have been identified and invited by the NIMS for a COVID-19 vaccination is sent to the NHS National Booking System, which invitees can use to book an appointment online. This system is managed by NHS Digital (data controller). You can contact NHS Digital at: enquiries@nhsdigital.nhs.uk or call 0300 303 5678.

NHS Digital is sharing the details of the individuals booked for a specific time at this vaccination centre with Pharmacy2U (data processor). You can contact Pharmacy2U’s information governance team at: dpo@pharmacy2u.co.uk.

NHS Digital sends daily updates to GP systems to allow them to update their local record and monitor progress for their patients.

The information we collect, how and why we use it

Please note that Pharmacy2U does not process or store any information gained under the NIMS for any other purpose than administering the vaccination (including pre-vaccination and post-vaccination communication) and does not share it internally or externally for any other services or purposes.

Your rights

Right of Access

You have the right to obtain confirmation from Pharmacy2U as to whether personal data concerning you are being processed and, where that is the case, access to that data.

Right to Rectification

You have the right to oblige Pharmacy2U to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement.

Right to Erasure (Right to be Forgotten)

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to erase personal data concerning you.

Right to Restriction of Processing

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you.

Right to Data Portability

You have the right (in some circumstances, but not all) to oblige Pharmacy2U to provide you with the personal data about you which you have provided to Pharmacy2U in a structured, commonly-used and machine-readable format.

You also have a right to oblige Pharmacy2U to transmit those data to another controller.

Right to Withdraw Consent

If the lawful basis for processing is consent, you have the right to withdraw that consent.

Right to Object to Direct Marketing

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing.

Rights in Relation to Automated Decision-Making and Profiling

Pharmacy2U may perform some automated decision-making based on personal data, as outlined above in the ‘Automated decision-making and profiling’ section. However, this will not produce any legal effects on you.

You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply to you. This is because they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, any automated decision making that we carry out in relation to your personal data does not have any legal effects on you. However, some rights will always apply. For example, your right to withdraw consent or object to processing for direct marketing are absolute rights.

NHS National data opt-out for research and planning purposes

You may choose to opt out of the NHS using your data for planning and research purposes – details are obtained by:
• visiting the www.nhs.uk/your-nhs-data-matters website portal; using the NHS App; or
• writing an email to enquiries@nhsdigital.nhs.uk, or
• writing by post to National Data Opt Out, Contact Centre, NHS Digital, HM Government, 7 and 8 Wellington Place, Leeds, LS1 4AP; or by
• calling the NHS Digital contact centre - 0300 303 5678 (open workdays Monday-Friday, 9am-5pm).

Your Right to Lodge a Complaint with a Supervisory Authority

If you wish to exercise any of your rights concerning your personal data, you should contact Pharmacy2U’s Data Protection Officer at the address shown below in the ‘Contact us’ section.

If you are not happy with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

e-mail: icocasework@ico.org.uk

You can find out more information about your legal rights can be found on the Information Commissioner’s website at: https://ico.org.uk/for-the-public/

Changes to this policy

We may change our privacy policy from time to time.

If we change anything important (the information we collect, how we use it or why), we will undertake reasonable efforts to make you aware of the changes such as by providing a link to the change on the website or telling you by email.

Contact us

You can phone us on 0113 265 0222 or webchat with us from our website at www.pharmacy2u.co.uk/help-and-support.

If you have any questions about our privacy policy or our approach to data protection and privacy you may send an email to dpo@pharmacy2u.co.uk, phone us or write to us.

Cookie policy

We, Pharmacy2U Limited, run our website at pharmacy2u.co.uk (our site). Our site uses cookies to help differentiate you from other users. This helps us to provide you with a good experience when you browse our site and allows us to improve our site. Some cookies are needed to run our website, these are outlined below as ‘necessary’ cookies. We also use analytical cookies, such as statistics and marketing cookies, to help get a better understanding of the people who use our website so that we can work on improving our website, products and services. We will only collect personal identifiable information with our analytical cookies where we have your consent to do so.

Protecting our customers and their information is very important to us. This means that any functional or necessary cookies on our site will not collect your personal information. However, our analytical cookies will collect your IP address to help distinguish you from other website users. An IP address is considered personal data and so we use and hold this information in line with data protection law.

We use cookies on our site to help make your visits more effective, so we'd like to explain more about how and why we use them. A cookie cannot read information from your hard drive or read cookie files created by other websites. The use of cookies is very common and can be found on most major websites.

We can change the use of cookies at any time and for any reason. Any changes will be outlined on this policy and will take effect straight away. We will take any necessary steps to bring these changes to your attention. If any changes are made to cookies that require consent then new consent will be obtained.

How Cookies can make our website work better

Cookies are small text files which websites, and sometimes emails, place on your device. They provide useful information to companies, which helps in all sorts of ways. For you, it means you can use our site more efficiently and save time by not having to re-enter your details each time you visit. For us, cookies help us to analyse how our customers use our website so we can make improvements.

We use three types of cookies on our site:

• Session cookies that are deleted after each visit. They do not store any personal information and are deleted when you close your web browser.
• Permanent cookies that remain on your device after you have closed your browser. These cookies allow us to recognise you and remember your preferences next time you visit our site.
• Third-party cookies that are used by our approved business partners. You can delete the cookies from your browser at any time if you want to (see below for more information on how to do this), but this will restrict the functions that you're able to carry out on our site.

Our cookies fall into the following categories:

Necessary cookies: These are cookies that are needed for our site to work properly. For example, cookies that enable you to log in to secure areas of our site. These will usually be session cookies (see above).

Preferences cookies: These are cookies that enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistics cookies: These cookies allow us to recognise and count the number of visitors to our site, and to see how visitors move around our site when they are using it. This helps us to improve the way our site works (for example, by making sure that users can easily find what they are looking for).

We use cookies to produce visitor statistics such as:

• how many people have visited our site;
• how visitors reached our site;
• what type of technology visitors are using (for example, Mac or Windows), which helps us to identify when our site isn't working as it should for particular technologies;
• how long visitors spend on our site;
• what pages visitors look at;

This helps us to continuously improve our site.

Marketing cookies: These cookies record your visit to our site, the pages you have visited, and the links you have followed. We and third parties use this information to make our site, and the advertising on it, more relevant to you.

Advertisements displayed on our site may be provided through an advertising-management company. When you view a web page that contains advertising provided by an advertising-management company, that company may place a cookie on, or collect a cookie from, your device (if you have enabled cookies).

Please note that third parties may also use cookies, which we have no control over. These cookies are likely to be analytical/performance cookies or targeting cookies. These cookies will only be used with your consent.

Blocking cookies

You can block cookies from any website through your browser settings. If you share a computer with other users, accepting or rejecting the use of cookies will affect all users. The Help function in your browser should tell you how to do this. For more information about how to change your browser settings, go to www.aboutcookies.org.

Please note that doing so is likely to limit the functions of our site. For information on how to do this on your mobile phone browser, please see the manual for your phone.

Cookies

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time provide or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent. Your consent applies to the following domains: www.pharmacy2u.co.uk

Your current state: Deny.

Your consent ID: htpcYMD6Y+Q6u994u2DBsL2HLuvNDF5sYOwet4/qnAGLu6KGzfVYCw==Consent date: Tuesday, June 28, 2022, 12:30:06 PM GMT+1

Change your consent

Cookie declaration last updated on 17/06/2022 by Cookiebot:

Cookies Used

Necessary (43)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preferences (6)

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistics (24)

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing (35)

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Freedom of Information Policy

The Freedom of Information Policy ensures that Pharmacy2U acts in compliance to the Freedom of Information Act 2000 (FoIA). As we are a privately owned company, FoIA does not apply to the majority of the work that we undertake. However, FoIA does apply to the work that we do on behalf of NHS and so we will respond to FoIA requests in line with this policy.

Scope - Policy Aim

The aim of this Policy is to;

• Promote more openness;
• Promote a better informed public debate;
• Improve public confidence in operations of public healthcare services;
• Improve decision making to promote accountability;
• Improve regulation;
• Increase public participation to enhance democracy;
• Promote the FoIA, in terms of accuracy and objectivity;
• Improve information management;

FoIA Summary

The FOIA provides public access to information held by us in relation to activities we do on behalf of the NHS. It does this in two ways:

• Pharmacy2U have to publish certain information about our activities on the NHS services we offer; and
• Members of the public are entitled to request information from Pharmacy2U’s NHS services.

The Freedom of Information Act covers any documented information held by a public authority. However, FoIA does not give people access to their own personal data. If you would like access to this, please follow the process outlined above in the Privacy Policy.

Pharmacy2U has continued to demonstrate its commitment to all aspects of the FOIA and will continue to promote its values and ensure that it is compliant with legislation.

Policy Statement

Pharmacy2U will take efforts to ensure that it maintains the principles of openness, transparency and accountability and will continue to improve access to information.

How to make a FoIA Request

A request for information under the FOIA must be:

• in writing;
• Stating the name of the applicant and an address to communicate through;
• Description the information requested;

Fees

Wherever possible, Pharmacy2U will provide information, for which FoIA applies, free of charge. However, in some cases this may not be possible and so we may charge you for information under Section 9 of the FoIA. Pharmacy2U will issue a Fees notice which must be paid within three months. If no payment is received, we will close the request for information. Please contact dpo@pharmacy2u.co.uk for details of our charges or a copy of our charging guidance.

Our Response Time

Pharmacy2U aims to comply with requests for information as quickly as possible. The law tells us that we must respond to a request promptly and, in any event, no later than 20 working day after the date of receipt. Working day means any day other than Saturday, Sunday or bank holidays. This time limit for compliance may change if:

• Pharmacy2U seeks clarification under Section 1(3) of the FoIA.
• There is a need for an extension to consider the Public Interest Test under Section 10(3) of the FOIA, or
• A fees notice is issued under Section 9.

Appropriate Costs Limit

Under Section 12 of the FOIA, Pharmacy2U does not have to comply with requests where the cost of complying with exceeds the appropriate limit. Section 12 applies if the following factors would cost the council more than £450 or 18 hours of officer time:

• Determine whether the information is held.
• Locating the information.
• Retrieving the information.
• Extracting the information.

Under Section 13 of the FOIA and the Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 Pharmacy2U can charge for the costs of expenses.

Vexatious or Repeated Requests

FoIA provides an exemption for Pharmacy2U to not comply with ‘vexatious’ requests where there is a strong likelihood that the request is being made to intentionally cause disproportionate or unjustified levels of disruption, irritation or distress.

Pharmacy2U will not complete a request if we have already received an identical or similar request from the same individual unless a reasonable amount of time has passed since the original request was responded to and the new request was made.

Advice and Assistance

Pharmacy2U will provide advice and assistance to all requests for information, as far as reasonably practicable.

Codes of Practice with FoIA

The FoIA is supported by two codes of practice:

• Access Code (Section 45) - Outlines good practice for Freedom of Information.
• Lord Chancellors Code (Section 46) – Outlines good practice for record management.
• Pharmacy2U will take steps to ensure that the codes of practice are applied wherever possible.

Freedom of Information Refusals

In some cases, Pharmacy2U may refuse requests for information under Section 17 of the FoIA. Pharmacy2U may issue a refusal notice if:

• Information is not held; or
• An exemption applies to this information.

In some cases we may not hold the information requested - it may be that it is held by another party, most likely the NHS. If possible, Pharmacy2U will provide the requestor with information to redirect the request. However, Pharmacy2U are unable to not transfer the FoI request themselves to the other organisation.

Exemptions

There are some circumstances where Pharmacy2U is not obliged to release information. Pharmacy2U may decide to apply exemptions under the FoIA and not provide the requestor with some information. If Pharmacy2U rely upon an exemption it will be explained to you in our refusal notice.

A list of the exemptions to the FOIA can be found on the Information Commissioner’s Office website.

Some of the exemptions are 'absolute', and so the exemption applies to all information which falls under the exemption. Other exemptions are 'qualified' and so will require a public interest test to determine if the exemption applies. Pharmacy2U will ensure that the public interest test is carried out for each of the qualified exemptions. If an exemption is applied it will be authorised by a senior officer.

Internal Review

If you are unhappy with a decision that Pharmacy2U has made, you can request for us to complete an internal review. Pharmacy2U’s internal review will be undertaken by a senior officer. Pharmacy2U has 20 working days to complete the review.

Data Protection

A FoI request may include personal data of the requestor or third parties. Pharmacy2U may refuse the request if disclosing the information in relation to third parties would be an actionable breach of confidence or data protection law.

In cases where the request relates to personal data of the requestor, Pharmacy2U will refuse the request under the FoIA and shall ask for the request to be submitted as a Data Subject Access Request. This process is detailed in the above Privacy Policy, in the section titled ‘Your Rights’.

Re-use of Public Sector Information Regulations 2005

The regulations implement an EU directive that encourages the re-use of public information for purposes other than its original purpose.

The regulations do not oblige Pharmacy2U to make their information available for re-use unless there is a statutory obligation to do so.

The regulations apply to any recorded information (Freedom of Information), including whole or part of documents. Requests for re-use should be in writing and Pharmacy2U will aim to respond within 20 working days.

Information Commissioner’s Office

Pharmacy2U will consult with the Information Commissioner’s Office (ICO) when necessary. Pharmacy2U will refer to the ICO guidance and ensure that it is compliant with any measures of good practice that the ICO promotes. The ICO will investigate complaints in relation to Freedom of Information.

Freedom of Information Publications Scheme

Every public authority has a duty to have and maintain a Publication Scheme in order to allow for pro-active release of information. Pharmacy2U’s Publication scheme is available to view below. Our Publication Scheme contains the following types of information:

• Who we are and what we do.
• What we spend and how we spend it.
• What our priorities are and how we are doing.
• How we make decisions.
• Our polices and procedures.
• List and register.
• The service we offer.

Version Control