Privacy Notice
Effective Date: 13/08/2024
At MediLife Pharmacy (referred to as “we,” “us,” or “our”), we are committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, share, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Information We Collect
We may collect the following categories of personal data:
· Personal Identification Data: Name, address, date of birth, phone number, email address.
· Health Information: Prescription details, medical history, details of your GP or healthcare provider, and any information necessary to provide medical services.
· Financial Data: Payment details such as credit/debit card information or bank account details, for processing payments.
· Website Data: IP address, browser type, and information about how you use our website (if applicable).
2. How We Use Your Information
We will only process your personal data when it is lawful to do so under the UK GDPR. We rely on the following lawful bases for processing your data:
· Contractual Obligation: To fulfil your prescriptions, provide healthcare services, or process your payment.
· Legal Obligation: To comply with our regulatory requirements under UK healthcare and pharmacy laws.
· Consent: Where you have provided consent, such as for marketing communications or specific health services.
· Legitimate Interests: To improve our services, ensure security, and enhance your customer experience.
The purposes for processing your personal data include:
· Prescription Fulfilment: To dispense prescribed medicines and healthcare products.
· Medical Advice: To offer health-related advice and services such as vaccinations or health screenings.
· Processing Payments: For billing and payment transactions.
· Communication: To send reminders about prescription refills, appointments, or to respond to your queries.
· Compliance with Law: To meet our regulatory and legal obligations, such as maintaining accurate records for the NHS or reporting adverse drug reactions.
3. Sharing Your Information
We may share your personal information with:
· NHS and Healthcare Providers: Including doctors, GPs, and other healthcare professionals to ensure you receive the best possible care.
· Insurance Providers: For verifying your entitlement to healthcare services and processing claims.
· Regulatory Bodies: The General Pharmaceutical Council (GPhC) and other governmental or legal bodies when required by law.
· Service Providers: External vendors or contractors who assist us in providing services (e.g., payment processors or IT support).
· Authorities: Where we are legally obliged to share data, such as with the police or HMRC.
We will never sell your data to third parties.
4. Your Data Protection Rights
Under the UK GDPR, you have the following rights regarding your personal data:
· Right to Access: You have the right to request a copy of the personal data we hold about you.
· Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information.
· Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data, subject to certain exceptions (e.g., legal or medical record-keeping requirements).
· Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.
· Right to Data Portability: You can request to receive your data in a structured, commonly used format, or have it transferred to another organisation.
· Right to Object: You may object to the processing of your data based on legitimate interests, or for direct marketing purposes.
To exercise any of your rights, please contact us using the details provided in Section 8.
5. Retention of Your Data
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.
· Prescriptions: Data related to prescriptions will be retained in line with NHS guidelines.
· Financial Data: Will be stored for a minimum of six years to comply with UK tax law.
· Medical Records: Retained for periods specified by UK healthcare regulations.
6. Cookies and Website Tracking
Our website may use cookies or similar technologies to enhance your experience. Cookies allow us to collect information on how you use our website, such as pages visited, and links clicked. You can control the use of cookies through your browser settings.
For more details, please refer to our Cookie Policy on our website.
7. Security of Your Data
We have implemented appropriate technical and organisational measures to safeguard your personal data against unauthorised access, loss, destruction, or damage. This includes encryption, regular security reviews, and limiting access to only those employees and service providers who need to know the data for their role.
8. Contact Us
If you have any questions about this Privacy Notice or wish to exercise your rights, please contact us:
Medilife Pharmacy
431 Linthorpe Road, Middlesbrough, TS5 6HH
admin@medilifepharm.com
01642 040305
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe we have not handled your data correctly. More information can be found at https://ico.org.uk/.
ICO Contact Information:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk/
Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our data practices or legal obligations. Any updates will be posted on our website, and we will notify you of any significant changes.