1. WHO WE ARE
The data controller is Online Express Medicines Ltd, a company incorporated in England and Wales with registered number 09834329, whose registered office is at K2 Beckingham Business Park, Beckingham Street, Tolleshunt Major, CM9 8LZ, and is responsible for your personal data.
We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO in writing at Online Express Medicines Ltd, Unit K2 Beckingham Business Park, Beckingham Street, Tolleshunt Major, CM9 8LZ or by email to firstname.lastname@example.org .
2. INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
a) Information you give us. You may give us information about you by completing the order form or medical consultation form on our site, or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site. The information you give us may include your name, address, e-mail address and phone number.
b) Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
i. technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
ii. information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
3. HOW WE COLLECT YOUR INFORMATION
We use different methods to collect information from and about you including through:
a) Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
i. order medication on our site;
ii. create an account on our site;
iii. subscribe to our service;
iv. request marketing to be sent to you; or
v. give us some feedback.
b) Automated technologies or interactions. As you interact with our site, we may automatically collect data about your computer equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
5. USES MADE OF THE INFORMATION
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
a) where we need to perform the contract we are about to enter into or have entered into with you;
b) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests ; and
c) where we need to comply with a legal or regulatory obligation.
In addition to clause 5.1, we use information held about you in the following ways:
a) Information you give to us. We will use this information:
i. to assess whether the medication ordered is suitable in light of your medical history and symptoms experienced;
ii. to verify your identity against other mediums we deem relevant for our checks;
iii. to store in our customer database;
iv. to notify you about changes to our service;
v. to provide marketing material about services or medication that may be of interest to you (consent to such material can be withdrawn); and
vi. to ensure that content from our site is presented in the most effective manner for you and for your computer.
b) Information we collect about you. We will use this information:
i. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research and statistical;
ii. to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
iii. to allow you to submit orders for medication to us, when you choose to do so; and
iv. as part of our efforts to keep our site safe and secure.
6. DISCLOSURE OF YOUR INFORMATION
Some of the third parties referred to in clause 6.1 above are based outside the European Economic Area (‘EEA’) so their processing of your personal data will involve transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
a. we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
b. where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
c. where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield framework, which requires them to provide similar protection to personal data shared between the Europe and the US.
We may disclose your name and email address only to third parties who intend to purchase Online Express Medicines Ltd (or any part thereof), or substantially all of our assets, in which case personal data held by us about our customers will be one of the transferred assets.
All the data we collect from you in our database is encrypted and are processed in accordance with local law and we do not sell any data to third parties.
7. WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We are responsible for transactions placed on our site and deploy an SSL certificate so that all data is transferred securely using SSL. Our site is directly integrated with Elavon/Realex who are our payment gateway service providers.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. HOW LONG WE WILL USE AND RETAIN YOUR PERSONAL DATA FOR
Your personal data will be retained indefinitely on our secure servers, as required by regulation regarding healthcare provision
We will retain your personal data for at least the minimum retention periods stated for each type of medical record retained in the Records Management Code of Practice for Health and Social Care 2016, published by the Information Governance Alliance (as updated from time to time). For further information on our data retention policy, please contact us in writing for the attention of the Data Protection Officer (DPO) at Online Express Medicines Ltd, K2 Beckingham Business Park, Beckingham Street, CM9 8LZ or by email to email@example.com, or visit the NHS Choices page ‘How long should medical records (health records) be kept for?’ using the following link https://www.nhs.uk/CHQ/Pages/1889.aspx.
Notwithstanding clauses 8.1 and 8.2 above, your account with us can be disabled at any time upon written request, however we will retain the personal data regarding your medical records for the periods referred to under clauses 8.1 and 8.2 above.
9. YOUR RIGHTS
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
You have the right to rectify or correct any personal data we hold for you if it is inaccurate or incomplete.
You can exercise these rights at any time by contacting us in writing at Online Express Medicines Ltd, Unit K2 Beckingham Business Park, Beckingham Street, Tolleshunt Major, CM9 8LZ or by email to firstname.lastname@example.org .
10. ACCESS TO INFORMATION
You have the right to access information held about you. Your right of access can be exercised by contacting us in writing at Online Express Medicines Ltd, Unit K2 Beckingham Business Park, Beckingham Street, Tolleshunt Major, CM9 8LZ or by email to email@example.com .
Such requests shall be free of charge save where the request is manifestly unfounded or excessive, including (but not limited to) if the request is repetitive or complying with requests for further copies of the same information previously provided by us. In such circumstances, we reserve the right to charge you a reasonable fee in dealing with such requests, or alternatively, we may refuse to comply with your request in these circumstances.
We will aim to respond to such requests within one month of receipt of your written request. However, we are able to extend this period of time to two months if your request is complex or numerous. We will notify you of this extension where applicable, including the reasons why we are extending this time period to two months, within one month of receipt of your original request.
11. YOUR CONSENT
By providing your expressed opt-in consent, in the form of your electronic acceptance of the Declaration, you consent to the use of that information as set out in this policy.
By providing your expressed opt-in consent, in the form of your electronic acceptance of the Declaration, you are aware and consent to us contacting you via email or telephone with details about your order, including medication details.
You agree to take all reasonable steps to ensure your information is kept secure and private at all times and maintain adequate security of your account including the use of a strong password which is changed at regular intervals and alert us to any potential breach or suspicious activity that you are aware of.
You may withdraw consent at any time where we are relying on consent to process your personal data in writing at Online Express Medicines Ltd, Unit K2 Beckingham Business Park, Beckingham Street, Tolleshunt Major, CM9 8LZ or by email to firstname.lastname@example.org . However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain medication or services to you. We will advise you if this is the case at the time you withdraw your consent.
This policy was last updated on 08/05/2018 and historic versions can be obtained by contacting us in writing at Online Express Medicines Ltd, Unit K2 Beckingham Business Park, Beckingham Street, Tolleshunt Major, CM9 8LZ or by email to email@example.com
You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.