Legal

Privacy Policy


About Us



Prince Pharmacy is a UK online pharmacy registered with the General Pharmaceutical Council (GPhC). You may review our GPhC registration details on GPhC website



Our head office address is:

Prince Pharmacy,

99 Edgware Road

London

W2 2HX



Managing our data processing activities



We have appointed a Data Protection Officer to oversee our handling of personal data. You may contact the Data Protection Officer by email at info@princepharmacy.com, by phone at 020 7262 7855, or in writing at our head office address above. If you have any questions about our privacy policy or our approach to data protection and privacy, please contact our Data Protection Officer.



Purpose and scope of this privacy policy



This privacy policy provides information about how we handle information about people who visit our website and mobile app, and who use our services. Our privacy policy provides you with a lot of information. We have organised it into sections to make it easier for you to read and understand. Some information is in expandable sections to make it easier to read.

Your privacy matters to us, so whether you are new to Prince Pharmacy or a long-time patient, please do take the time to read this policy. If you have any questions, please contact us. We respect your right to privacy and are committed to explaining clearly and honestly how we use the information we hold about you. This privacy policy will help you to understand what information we collect, why we collect it, and what we do with it. We do not knowingly collect information from children or other persons who are under 18 years old via our website. If you are under 18 years old, you must not submit any personal information to us directly or subscribe to our services.



The information we collect, how and why we use it



Website and app visitors



When you visit our website we collect information about your visit, including information about which pages you visit and for how long, the website you came from and went to before and after visiting our website, and information about the device you used to access our websites such as the type of phone/PC, operating system, and IP address. We may also place cookies on the device you use to access our website, further information about this is in our cookie policy. We collect this information to help us to understand how people use our website and access our services so that we can ensure they are developed to meet customer needs.



The law allows us to collect and use this information for these purposes pursuant to our legitimate interests of operating a commercial business and providing high-quality web services. We retain this type of information for no longer than we need it. The information we collect is used as anonymised, high-level data to help us understand website traffic trends. Our website is currently hosted by third party providers who may on occasion have access to the information we collect.

We may also disclose information collected for the purposes listed above with our professional advisors such as marketing agencies and security advisors.



Website



We collect, store, and use information about people who register to use our services. The information we collect comprises the information that you submit using our data collection forms, which will include your name, address, and contact information. You will know what information we are collecting as this is what you submit into our data collection forms on our website.

We use this information to create an account that enables you to use our services. We collect the following information during the registration process:



Type of information & purpose(s)



Name and address

To enable us to identify you

Personalise your experience on our website

Correspond with you

Send your orders to you

To create an account for you on our website and database

To verify who you are when you complete an online consultation (we may need to ask for your passport or driving licence if we cannot identify you through your name and address)



Date of birth and gender



To enable us to identify you



Email address and phone numbers



To communicate with you



GP surgery/NHS number



To confirm your medical details with the NHS and your GP, so we can process your orders



Orders, medications, and prescriptions



We collect, store, and use information about orders placed with us. You may place orders for products on our website. Because medications can be dangerous, we only take orders from account holders about whom we have collected relevant medical and personal information. When you place an order with us, we will ask you a series of questions to verify your identity. Once we are satisfied that we have verified your identity, you may submit an order with us providing information about the medications you require and other data concerning your health.

We use this information along with other information we hold about you to check that the medications are suitable for you and your medical condition(s), and to fulfil your order. We collect the following information in a typical order:



Type of information & purpose(s)



Your medication



To enable us to fulfil any orders you may place and to assess the suitability of products that are ordered, and provide health advice; to send you reminders to order your products and provide general health advice



Payment details



To take payment for your order, if you are required to pay for the services we provide to you



Your feedback



To enable us to answer any complaints or issues you might have, gather and share customer reviews with other customers and prospects to build confidence in our services and make us accountable to customers and focus our efforts on service improvements



Safe place for deliveries



so we know where to deliver your medication and keep it safe in the event that you are not present to accept the delivery, have consented to the use of a safe place, and the parcel contains items that are appropriate for this delivery method

The law allows us to collect and use this information to enable us to fulfil the orders that you place with us. Any data concerning your health that we collect is used for the provision of healthcare or treatment, the management of healthcare systems and services, and to check that the medications are suitable for you. We use the information to prevent fraud and to enable us to fulfil any orders for products that you place with us. You need to give us order and payment information, if you pay for the services we provide, to enable us to fulfil your order. If you are not able to provide this then we will not be able to process any orders for you.



Supplier purpose(s)



We retain information about orders only for as long as we need it, and for the period we are required to retain it, to comply with relevant legal and professional guidance. This type of information is shared with the NHS, your GP, and organisations we use to check, dispatch, and take payment for your order. We may also disclose information collected for these purposes with our professional advisors such as medical advisors, and security advisors. We collect customer reviews using specialist third party services including Google and Trustpilot in pursuit of our interests of promoting our services and in the interests of our customers to provide them with a mechanism for rating the quality of service they received and/or raising service issues with us. We will only give these providers your email address, so they can ask you to leave a review. Customer reviews are retained for as long as the reviewer wishes (or deleted if they are deemed incorrect or fraudulent). Trustpilot and their sub-processors may carry out data transfers, however, data processing agreements are in place, which contains EU SCCs with all sub-processors located outside the EEA and they are reinforced by additional safeguards.



Callers



You might telephone us for a variety of purposes and we may record the call and we may make notes on our system about the call. The law allows us to collect and use this information in pursuit of our legitimate interests of operating a business and to respond to any enquiry or complaint you might make. We record calls for the purpose of monitoring our call handlers, providing appropriate training for them, and keeping an accurate record of what was said during a telephone conversation in the event of further issues or complaints. We may use call recordings or transcripts to defend ourselves in the event of legal, regulatory, or similar action. We retain call recordings for 6 months or until they are no longer needed by us.



Profiling and segmentation



We use information to profile our customers and segment our database:

To help us to understand our customers, and to help us identify and market to customers with similar characteristics

To enable us to determine if other Prince Pharmacy products and services are likely to be of interest to you

To enable us to determine if products and services of other organisations are likely to be of interest to you


The law allows us to collect and use this information in pursuit of our legitimate interests of operating and developing our commercial pharmacy services. We do not use any medical data, information about your health, or any other special categories of personal data for profiling and segmentation except in relation to the provision of healthcare and treatment such as establishing if you require flu jabs, vaccinations, or eligibility for condition-specific information. We will use information about the products and services you order for profiling.



We retain database segmentation and customer profile information only for the period we need it which is generally only as long as you have an account with us. This type of information is shared with our professional advisors such as marketing agencies.



Communication



Service Messages



We send automated communications to customers in addition to manual communications which react to a specific inquiry or order. In line with ICO guidance, routine customer service messages do not count as direct marketing – in other words, correspondence with customers to provide the information they need about a current contract, services they requested, or past purchases. You will receive these messages, even if you have not opted into marketing or unsubscribed from our email communication.



The ICO also clarifies that general branding, logos, or straplines in these messages do not count as marketing. The sending of service messages without explicit consent is lawful as it is communication in regards to the fulfilment of our contract with you and it is in our legitimate interest to keep our customer base up to date and informed about the service, pursuant to Art.6.1(f) UK GDPR, whereby processing is lawful where it is necessary for the legitimate interest of the controller. Further information is also available on the ICO website.



Marketing



Prince Pharmacy is a commercial business and our success is based not only on the trust of our customers but on adopting a responsible approach to marketing. We use the information we hold about our customers for direct marketing purposes including sending direct marketing materials about our products and services that we believe may be of interest to you via mail, email, SMS, and telemarketing. We also may customise the adverts you see on our website. Usually, adverts are customised through automated decision making, based on the pages you have visited on our site previously.



The law allows us to undertake direct marketing in pursuit of our interests in promoting our business. You may object to our using information about you for direct marketing purposes as outlined below. We will only send direct marketing materials to you via email or other electronic messaging if you have consented to us to do so or if they relate to our own products and services similar to those that you have previously expressed an interest in or ordered. We maintain records of consent: you may withdraw your consent at any time.



We retain information about your interaction with our direct marketing activities only for as long as we need it which is generally no longer than 2 years from the end of a campaign. We may retain anonymised campaign statistics for a longer period of time to allow us to monitor our direct marketing activities year on year. Like many organisations, we use specialist service providers to help us to carry out our direct marketing including marketing agencies, printing and mailing companies, email/SMS broadcasting providers, telephone marketing agencies and other similar professional advisors which means information about you may be disclosed to them.



Social media



We may obtain information about you from social media channels including Facebook, Instagram, Twitter and Snapchat. We use content aggregators such as gorgias to manage social media content that refers to us so that we can monitor market sentiment towards our brand and address any complaints or brand issues raised on social media.



We may also process your data in order to identify people like you to send them marketing information. Should we use your data in this way your personal information will be anonymised.

If you have consented to marketing, we may use your personal data to generate targeted marketing on social media sites, for example, Facebook. We send pseudonymised data in a way that only the intended end user can understand. We recommend you routinely review the privacy notices and preference settings that are available to you on social media platforms. If you do not wish to receive such targeted marketing generally, you are able to switch this off within the social media site.



The law allows us to undertake the listed activities on the basis of our legitimate interests of protecting and developing our business. We retain information on our social media pages and aggregators for no more than 2 years. Some of the social media channels we use to transfer personal data to the USA. Whenever we transfer information about you overseas, we will make sure that we implement suitable safeguards including for example using appropriate contracts which hold our suppliers to account and provide protection to your rights and freedoms. For further information about international transfers of personal data please contact our Data Protection Officer.


Disclosing your personal information



In order to provide our products and services, we may, occasionally, appoint other organisations to carry out some of the processing activities on our behalf.


These may include:

laboratories

technology hosts

printing companies

providers of digital advertising services

providers of marketing and sales software solutions

mailing houses

and identity verification partners



In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this Privacy Policy. We also collect, use and share aggregated/anonymised data such as statistical or demographic data for any purpose.



Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature or we may aggregate your data to build marketing personas or lookalikes to help up advertise to our patients better.



However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy. Please note, where we aggregate data for marketing purposes, it will not be combined with your personal data, and you will not be able to be directly or indirectly identified as a result.



Phone call recordings



If you call our customer services centre, we may record or monitor the call. If we call you we will let you know if the call is recorded. We do this for regulatory purposes, for training, to ensure and improve the quality of service delivery, to ensure the safety of our staff and customers, and to resolve queries or issues. Doing so is a legal obligation. In case we analyse calls to improve our service, we do so as a legitimate business interest.



Other processing



Your personal information may also be processed if it is necessary: for disclosure to law enforcement or regulatory authority, body or agency; in the defence of legal claims or in order to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats, to the physical safety of any person or violations of any of our website terms. Personal information relevant to an investigation or a dispute may be retained for longer than our standard retention policy to support any such investigation or action. The law allows us to undertake the listed activities on the basis of our legitimate interests of protecting and developing our business, the legitimate interests of third parties, compliance with legal obligations or detecting and investigating criminal activities



Your rights



The UK’s data protection laws provide you with certain rights: the right to request access to, rectification or erasure and portability of information relating to you as well as the right to request the restriction of our processing/use of information concerning you and the right to object to our processing in certain circumstances. You have the right to withdraw consent at any time for processing that is based on your consent and to information about how we are using information relating to you. You may lodge a complaint about us with the Information Commissioner’s Office (www.ico.org.uk).



Access

You can ask us for a copy of all the personal information we hold about you. We will respond to your request within one calendar month without any charge.

You will need to give us enough information for us to identify you (for example, your full name, address, and date of birth). If we cannot identify you from this basic personal information, you will need to provide us with a copy of your ID (for example, your passport, full driving licence, credit card or debit card) before we send you any information; this can be emailed or posted to us.



Rectification/Correction

You can ask us to correct any incomplete or inaccurate personal information that we hold about you.



Erasure

You can ask us to delete or remove the personal information we hold about you in certain circumstances. There are exceptions set out in the law where we may be able to refuse to delete information (for example, if we need the information to keep to any relevant law or in connection with any claims, legal or otherwise, which may arise).



Restriction

You can ask us to suspend using certain personal information about you (for example, if you want us to make sure it is accurate) or restrict how we can use it.



Objection

You may object to our processing personal data relating to you where that processing is based on our claim of legitimate interests provided that we are not able to demonstrate compelling legitimate grounds that override your interests, rights and freedoms.

You may object to our using your information for direct marketing purposes including profiling to the extent that the profiling is used for direct marketing purposes.

You may also object to our use of information relating to you in scientific research or statistical purposes in some circumstances.

We may contest your objection where we have grounds to do so in the law.



Information Commissioner’s Office

If you think that we have not handled your information in line with any legal or regulatory requirement, you can make a complaint to the Information Commissioner's Office.



Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF



Email: casework@ico.org.uk



Phone: 0303 123 1113



To exercise any of your rights please contact our Data Protection Officer.



Keeping to data-protection and related regulations

We are committed to keeping to all data-protection laws that apply, including the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR, 2003) and the General Data Protection Regulation (GDPR).

If you have any questions about data protection and your rights, you can contact our team at info@princepharmacy.com.

As a ‘data controller’, we try to be open about how we hold and use your personal information. You can claim compensation if you can prove you have suffered as a result of how we have handled your personal information.