Frosts Pharmacy Ltd - General Pharmaceutical Council (GPhC) Registration no: 1099047
Oxford Online Pharmacy premises registration no: 9010442 - Apollo Business Park, Unit 7, Ironstone Lane, Wroxton, OX15 6AY, United Kingdom.
Owner and Chief Pharmacist Stuart Gale – General Pharmaceutical Council (GPhC) Registration No: 2039889. Superintendent Pharmacist Robert Bradshaw – General Pharmaceutical Council (GPhC) Registration No: 2036118.
We are committed to protecting and respecting Your privacy. For the purpose of the Data Protection Act 1998/EU data protection regulation 2016/679, FROSTS PHARMACY LTD is the Data Controller (ICO registration number: Z170382X).
In this Statement, references to ‘You’, ‘Your’ and ‘Customer’ are references to the person who visits/ uses/ registers on the Site. When You use the Site to access the Services, You are consenting to the practices set forth in this Statement.
Unless otherwise indicated, all definitions used in the Service Terms & Purchase Terms shall apply to this Privacy Statement.
1. YOUR ACCEPTANCE OF THE STATEMENT
This Statement governs Your use of the Services, including any dispute concerning privacy. By using the Services, You accept this Statement in full. You should read the Statement carefully and ensure that You understand its effect before proceeding to use the Site to access the Services. We reserve the right to make reasonable modifications to this Statement at any time with or without notice by posting the changes on this page. Your continued use of any portion of the Site following the posting of the updated Statement will constitute Your acceptance of the changes.
2. WHAT INFORMATION IS COLLECTED & HOW?
A. PERSONAL DATA
2.2 The following types of Personal Data input by You may be shared between parties: name, gender, email, date of birth, telephone, billing address, delivery address and password.Types of Sensitive Personal Data including physical or mental health or condition and sex life information may be shared with a registered medical doctor (a ‘OOP Partner’) when You fill out a Pharmacy Medicines Form (for Pharmacy Medicines) or a Personal Health Questionnaire (for Prescription-Only-Medicines) or otherwise discuss any medical matter with the OOP Partner doctor to enable them in their capacity as a registered medical doctor to:
• make an informed decision as to whether a medicine can be responsibly and safely prescribed to You; and/ or,
• further advise You.
As part of the process of using our Services to order prescriptions and receive consultations from an OOP Partner, You hereby consent to the processing of this Sensitive Personal Data for the purposes of OOP and its OOP Partners providing You with the requested Services.
When undertaking a consultation as a customer of Frosts Pharmacy Limited trading as Oxford Online Pharmacy the customer consents under the Data Protection Act that Frosts Pharmacy Limited will share answers to questionnaires and patient medical records with Dr Morton’s Limited in order that its doctors have the information needed to safely prescribe and the customer agrees that Dr Morton’s may, under the Data Protection Act, safely store and retain this data as proof of the basis upon which the consultation with the doctor took place.
2.3 As part of the process of using the Site to access the Services, We collect Your Personal Data (and other Data or content of a non-personal nature) in various ways e.g. via our account sign-up process, the Healthcare Questionnaire and the quick Contact Us form.
2.5 As part of the process of using the Site to access the Services, We may also collect the following types of Data about You (as applicable):
• Your visits to the Site and the OOP Content that You download;
• information about Your computer (including Your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and Site navigation);
• any other information that You choose to send to us, including any request for further services, general correspondence, reports of a problem with the Site or the Services.
OOP agrees and warrants that it will adhere to all Data Protection Law and will take appropriate technical and organisational security measures against the unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to Personal Data.
OOP shall process Personal Data only to the extent, and in such a manner, as is necessary for the sole purpose of fulfilling the Services (including making improvements to the Services). For the avoidance of doubt, OOP is the exclusive owner of the Site and the OOP Content.
B. FINANCIAL PERSONAL DATA
2.6 Each monetary transaction made on this website shall be processed by a third party payment processing partner(s) Sagepay and Elavon (or any other third party that OOP may use from time to time). You will be required to provide the third party partner(s) with financial data (i.e. Your banking details) in order to authorise payment from You. To make and complete a financial purchase or to receive a payment via the Site, the policies of the relevant third party gateway or merchant used to process hat payment shall apply.
3. HOW IS THE INFORMATION USED?
3.1 You hereby expressly consent to Your Personal Data being passed on to third party service providers for the sole purpose of OOP fulfilling the Services only (including making improvements to the Services) and not for the purposes of those third parties sending marketing communications to You (‘OOP Service Providers’).
3.2 You are under no obligation to provide Your Personal Data to the Site. However, if You choose not to, some of the Services may not be available to You.
3.3 You acknowledge that Your Personal Data may be used by OOP to contact You by post, phone or by Electronic Mail when necessary in connection with Your use of the Site to access the Services e.g. in respect of a change to any of our legal terms and conditions to which You are subject.
3.4 From time to time, OOP may contact You by Electronic Mail (or by telephone) by way of sending You various confirmations, notifications, feedback requests or any other newsletter or information or offers regarding upcoming promotions, services or surveys. If You change Your mind, You can opt out of receiving some but not all of this as some are required as a necessary part of continuing to receive access to the Services.
3.5 You can opt out of receiving direct marketing communications from OOP as described below.
3.6 OOP will use the information You provide with other information We obtain about You to administer and provide the OOP Services that You request. We will not share Your Personal Data (or any Sensitive Personal Data) with any person or business without Your express consent. When You request the OOP Services, You will provide Your consent for Us to share this data with those directly involved in delivering the OOP Services, namely the dispensing pharmacy, OOP and our OOP Partners (who comprise our doctors who deliver the OOP Online Doctor Service and our partner laboratories who carry out testing and investigations for You).
3.7 With Your consent and provided that You send us in writing the name, email and fax number for Your GP, We will always offer to inform Your GP of any POMs that our OOP Partner doctors prescribe.
3.8 Notwithstanding the above, in certain situations, We may need to contact a healthcare professional, social services or the emergency services without Your consent. This includes but is not limited to situations where We may believe that You are, or someone else is, at risk of neglect, sexual, physical or emotional abuse; a serious crime has occurred or may occur, or where it is considered that someone may be at risk of significant harm or serious addiction as a result of the information We receive; if We have significant concerns about Your health and/or wellbeing; or where this is otherwise required by law.
3.9 Any Personal Data that is held with OOP shall be retained in accordance with the Data Protection Law and/ or our retention and destruction policy culminating in its permanent deletion.
3.10 If Personal Data has been passed to third parties with Your consent, You may need to contact them separately if You change Your mind in relation to their use of Your Personal Data.
OPTING OUT FROM RECEIVING MARKETING COMMUNICATIONS FROM US:
If You do not wish to be sent future marketing communications, We will give You the opportunity to unsubscribe to the receipt of such communications in every Electronic Mail communication that is sent to You (or shall procure that any of our OOP Service Providers such as Mailchimp and Infusionsoft shall do the same). Alternatively, and additionally, You can contact OOP by sending an email to email@example.com with “UNSUBSCRIBE REQUEST” in the subject line or send Your request by post to Stuart Gale at the contact address below.
4. WHO HAS ACCESS TO YOUR PERSONAL DATA?
4.1 To minimise the risk of unauthorised access to Your Personal Data, We use some of Your Personal Data to authenticate Your identity when You use the Site to access the Services.
4.2 For our daily operations, We may use the services of OOP Service Providers to provide some of our business and operational functions as referred to at Clause 3.1. Consequently, some of the Services are provided by OOP Service Providers and We need to disclose Your information to them.
4.3 Disclosure of Your Personal Data in Compliance with Laws
You should be aware that We may release Your Personal Data when We believe it is necessary to comply with laws or regulations, to assist law enforcement, to enforce the terms under which You transact or communicate with OOP or with a OOP Doctor via the Site, or to protect the rights, property or safety of OOP, or with a OOP Doctor or other third parties.
4.4 Transfer of Your Personal Data outside of the EEA/ UK
From time to time, We may transfer Your Personal Data to a related company, agent or contractor in order to improve our Services or to assist our security, credit risk or fraud protection activities. Such companies may be located outside of the EEA/ UK and You consent to the transfer of Your Personal Data to such companies for the purposes set out here in accordance with this Statement and as permitted by Data Protection Law from time to time. OOP agrees and warrants that it shall pay due regards to all Data Protection Law when effecting, if any, intra-transfer processing of Personal Data that may be carried out within and between OOP and either its subsidiaries, affiliates or third party partners. You should be aware that in territories outside the EEA, laws and practices relating to the protection of Personal Data are likely to be different and in some cases may be weaker than those within the EEA/ UK. We comply with the safeguards to protect Your Personal Data required by law.
4.5 Transfer of Personal Data in the Event of the Sale of Frosts Pharmacy Ltd or its Assets
In the event that OOP is sold or transfers some of its assets to another party, Your Personal Data could be one of the transferred assets. If Your Personal Data is transferred, its use will remain subject to this Statement. Your Personal Data will be passed on to a successor in interest in the event of a liquidation or administration of Frosts Pharmacy Ltd.
4.6 Other Sites and their Privacy Policies and Cookie Policies
The Site may contain links to other websites or applications. OOP is not responsible for the privacy practices or the content of such websites or applications or for the privacy policies, cookie policies and practices of other third parties, so You should be careful to read and understand those policies independently.
5. HOW WE PROTECT YOUR PERSONAL DATA & FOR HOW LONG
5.1 The privacy and protection of Your Personal Data is important to us. Any OOP Customer statistics that We may collect and may provide to prospective OOP Service Providers or prospective OOP Partners regarding Your usage of the Services are provided in anonymised and aggregate form and do not include any individually identifiable data. It is used primarily to aid the technical administration of the Site, to better understand how the Site is functioning and to draw conclusions upon demographic information.
5.2 OOP uses security technology, including firewalls and Secure Socket Layers (SSL) to protect information submitted through this Site and has procedures in place to ensure paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage. Despite efforts to protect Your Personal Data (including Sensitive Personal Data as applicable), We cannot ensure or warrant the security of Your data transmitted to the Site (including to and via our Message Centre); any Personal Data (including Sensitive Personal Data), You transmit to us or any of our OOP Partners, via, to, or from the Site. Any transmission is at Your own risk. Once We have received Your information, We will use procedures and security features to try to prevent unauthorised access. You should, therefore, ensure that any computer, device or telephone You use to access Your patient records is suitably protected from potential interception.
5.3 How long We keep Your Personal Data collected through the Site depends on the context in which You provide it and the purpose for which We use it. We will only retain it for as long as is necessary for such purposes. We may send You direct marketing communications for as long as You do not opt-out from receiving the same from OOP.
5.4 You accept that OOP cannot be held liable for any breaches of confidentiality that may occur as a result of the use of email. If there is any sensitive or confidential Personal Data which You do not wish to communicate by email, please contact OOP by telephone or post to arrange an alternative method of communication.
5.5 Telephone calls: If You call any of the service telephone numbers We provide, We may record Your call. These recordings are used for training and quality control to ensure that We continuously monitor and improve our service standards.
5.6 We may disclose Your Personal Data to any Subscriber of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
7. COMPLAINTS OR QUERIES
OOP tries to meet the highest standards when collecting and using Personal Data. For this reason, We take any complaints We receive about this very seriously. We encourage You to bring it to our attention. We would also welcome any suggestions for improving our procedures. This Statement does not provide exhaustive detail of all aspects of OOP’s collection and use of Personal Data. However, We are happy to provide any additional information or explanation needed. Any requests for this should be sent to the postal address below. If You are not happy with the way in which Your Personal Data is being handled by us, please consult our Customer Complaints Policy and contact us.
8. ACCESS TO YOUR PERSONAL DATA
OOP tries to be as open as it can be in terms of giving people access to their Personal Data. Individuals can find out if We hold any Personal Data by making a ‘Subject Access Request’ under the Data Protection Act 1998/EU data protection regulation 2016/679. If We do hold Personal Data about You, We will let You have a copy of that Personal Data. To make a request to OOP for any Personal Data that We may hold, You need to put the request in writing addressing it to the postal address provided below. A charge may apply. In order to make a Subject Access Request to any OOP Partner, You will need to contact them directly.
9. HOW TO CONTACT US
Requests for information about our Statement or a Subject Access Request’ can be emailed to firstname.lastname@example.org or by writing to:
Apollo Business Park, Unit 7, Ironstone Lane, Wroxton, OX15 6AY, United Kingdom
10. DEFINITIONS & INTERPRETATIONS
Data Protection Law: refers to the Data Protection Act 1998 together with any other applicable regulations, orders, code of practice and guidance.
Electronic Mail: includes email, text, video, voicemail, picture and answerphone messages (including push notifications and in-app notifications).
Intellectual Property Rights: patents, rights to inventions, copyright and neighboring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
OOP Content: the content including all Intellectual Property Rights therein residing on the Site (which may or may not include Personal Data).
OOP End User: refers to the person using the Site.
OOP Partners: refers to any third party with whom We partner with in respect of the provision of the Services including our doctors.
OOP Service Providers: refers to the third parties with whom We work with from time to time as a necessary part of providing the Services to You.
Personal Data: has the meaning set out in section 1(1) of the Data Protection Act 1998/EU data protection regulation 2016/679.
Sensitive Personal Data: has the meaning set out in section 2 of the Data Protection Act 1998/EU data protection regulation 2016/679 and may consist of racial or ethnic origin, political opinion, religious or other beliefs of a similar nature, trade-union membership, physical or mental health or condition, sex life, the commission or alleged commission by them of any offence, any proceedings for any offence committed or alleged to have been committed by them and the disposal of such proceedings or the sentence of any court in such proceedings.
Services: refers to the services We may provide to You.
Subject Access Request(s): refers to a written request made in accordance with section 7 of the Data Protection Act 1998.
11. CHANGES TO THIS STATEMENT
We keep our Statement under regular review. This Statement was last updated on January 20th 2017.