Privacy Policy

Dear Customer,

We do not share your data with anyone other than for the purpose of safely fulfilling your order. We do not sell data and never will. Your privacy is our absolute priority.

Every member of our team is committed to delivering the best possible customer service so that you can feel completely confident that you are getting the right confidential advice and treatment for your needs, whether you are visiting us in one of our bricks and mortar pharmacies or you prefer to manage your healthcare needs online.

Should you have any concerns please feel free to give us a call on: 01295 262925 and we will do our best to answer any questions you may have.

Stuart Gale

Pharmacist and Managing Director of  Frost Pharmacy Group and Oxford Online Pharmacy.

 

This Privacy Notice sets out the basis on which Frosts Online Ltd (we) will process the personally identifying information (‘Personal Data’) that we collect and receive from and about users of our website (www.oxfordonlinepharmacy.co.uk ),   (together “the Site”) and customers who purchase services from us or subscribe to our newsletters.

 

Our privacy commitments

 

- We will only collect, keep, use and share Personal Data for legitimate business purposes that we explain here below, or if we’re legally required to do so.

- We will be as clear and open as we can with you on what Personal Data we collect and how it will be processed.

- For as long as we maintain records of your Personal Data, we will keep it up to date and protect it with appropriate safety measures.

 

 

WEBSITE CUSTOMERS

 

Data Collection

 

We collect the following Personal data from or about you as a Frosts Online Ltd customer:

 

- Personal Data Collected Directly from you through the registration process: your name, phone number, postal address, delivery address, email address, gender and date of birth Our legal basis for the collection and processing of this data is the provision to you of the services purchased by you, or intended to be purchased by you.

- Personal Data Collected Directly from you through the purchase process: your name, phone number, delivery address, email address, gender and age. Our legal basis for the collection and processing of this data is the provision to you of the services purchased by you.

- For Prescription Medication and certain Over the Counter medications additional medical history is required in order to prescribe medications. Our legal basis for the collection and processing of this data is the provision to you of the services purchased by you.

- Personal Data Collected Automatically from the use by you of the Sites. The data transmitted from your browser includes your IP address, the date and time of the visit the pages accessed, the access status/HTTP status code, your browser, your operating system and interface, as well as the language and version of the browser software. The legal basis for collecting and processing this personal data is to be able to operate the Sites and provide you with access to the pages you wish to access.

 

 

Data Uses

 

We use your Personal Data:

 

- For the administration of your purchases to contact you about your purchase (for example to discuss medical history or request additional medical information).

- To assess whether it is safe to prescribe or supply the medication you have requested.

- To check your identity to ensure the medication is going to the correct person.

- To process your payment for items purchased.

- To contact you with marketing messages which you have requested or agreed to receive from us (for example via a branded newsletter);

- To contact you with surveys and feedback requests (for example how was your recent delivery experience);

- To analyse the purchase history of our customers and the way our customers use our Sites.  

 

 

Cookies

 

We use cookies (small text files which are transferred to your browser by the Sites to identify data traffic patterns, personalise contents and support security). The cookies we use are described in more detail in our cookie statement. They do not provide any information which might disclose the identity of a specific person but they may potentially identify your computer, your browser and your internet settings. You may change the storing of cookies in your browser settings at any time by selecting the function “accept no cookies”. However, disabling essential cookies may result in you no longer be able to use the entire functionality of the Sites.

 

 

Google Analytics

 

Google Analytics, a web analytics service provided by Google, Inc. (“Google”) also places cookies on your computer, to enable Google to provide us with activity reports relating to the Sites. Google uses this data only to provide us with information on how users use the Sites and does not associate your IP address with any other data held by Google. The information generated by Google cookies about your use of the platform (including your IP address) will be transmitted to and stored by Google on servers in the United States. You may refuse these cookies by selecting the appropriate settings on your browser or by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.

 

 

Hotjar

 

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.

 

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link: https://www.hotjar.com/legal/policies/privacy.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link: https://www.hotjar.com/legal/compliance/opt-out.

 

 

Data Sharing

 

Frosts Online Group will not sell your information. We will not share your information with any third party except as stated in this Privacy Notice or as required to operate the Sites, provide our services to you and administer your account.   

 

 

Social Media

We will share your Personal Data with social media sites to enable them to provide marketing messages that you have agreed to receive from them. The social media sites we share your Personal Data with as at the date of this Privacy Notice and their respective privacy statements are:

 

- Facebook, https://www.facebook.com/privacy/explanation

 

 

SOCIAL MEDIA FOLLOWERS

 

Data Collection

 

We receive the following Personal Data about you if you follow one of our social media accounts: Your account name, gender, general interests, location, age. Our legal basis for processing this data is our legitimate interest in providing social media and marketing content that is of interest to our followers on social media.

 

 

Data Uses

 

We use this Personal Data:

 

- to provide bespoke social media content (for example by analysing your general interests);

- to create targeted advertising across all our social media channels (for example by analysing responses to posts and existing advertisements);

- to find out more about our digital community (for example by analysing the age ranges of our followers).  

 

Data Sharing 

Frosts Pharmacy Ltd  will not sell your information. We will not share your information with any third party except as stated in this Privacy Notice or as required to operate the Sites, provide our services to you and administer your account.

 

WEBSITE VISITORS

 

Data Collection

 

We collect the following Personal Data about you if you visit one of our Sites: site referrals, browsing pattern, browser type, location, general interests, gender, age. The data transmitted from your browser includes your IP address, the date and time of the visit the pages accessed, the access status/ HTTP status code, your browser, your operating system and interface, as well as the language and version of the browser software.

 

The legal basis for collecting and processing this personal data is our legitimate interest in operating the Sites, providing  you with access to the pages you wish to access, understanding the interests of our potential customers and providing you with relevant information about our services.

 

 

Data Uses

 

We use this Personal Data:

 

- to provide you with bespoke website content (for example by analysing our site visitors’ age ranges or gender);

- to gain insight into customer behaviour and preferences (for example by analysing the website pages you visit);

​- we have an affiliate program with Awin so we send them the values of purchases so they can pay commissions to our affiliate partners.   

- to create bespoke marketing messages (for example by analysing the click throughs on our Sites);

- to re-target our website visitors with relevant marketing messages (for example by using cookies hosted on our Sites);

- to collect site statistics.

 

For more information please see our Cookie Statement.

 

 

Data Sharing
 

Frosts Online Ltd will not sell your information. We will not share your information with any third party except as stated in this Privacy Notice or as required to operate the Sites, provide our services to you and administer your account or otherwise as required or permitted by law.   

 

DATA PROCESSORS

 

We use third party processors to collect, export, process and store Personal Data on our behalf. The processors we use currently are the following:

 

- Payment Processor: Sagepay, https://www.sagepay.co.uk/policies/privacy-policy

- Identity Verification: Onfido : https://onfido.com/privacy/

- Product Search: SLI Systems: SLI have yet to publish a GDPR privacy policy

- Affiliate Program: Awin: https://www.awin.com/gb/legal/privacy-policy

- Customer real time communication tool: Olark: https://www.olark.com/privacy-policy/

- CRM Tool: Klaviyo. : https://www.klaviyo.com/privacy

- Social Media Platform: Facebook, some data centres located in the U.S. Privacy Shield Certified. https://www.facebook.com/privacy/explanation

- Survey Tool: Hotjar, located in the U.S. Privacy Shield Certified. https://www.hotjar.com/privacy

- Web Management Tools:

- a. Google Analytics, located in the U.S. Privacy Shield Certified. https://www.google.com/policies/privacy/

- b. Uptime and Performance monitoring: Solarwinds Pingdom : https://www.solarwinds.com/legal/privacy

 

 

International Data Transfers

 

We use data processors located outside the European Economic Area only after taking such steps as are required to ensure that Personal Data they process on our behalf receives protection equivalent to that provided in the EEA. Our processors are either certified as compliant with the EU-U.S. Privacy Shield Framework where they are located in the USA or have entered into an agreement with us containing the model clauses approved by the European Commission as providing contractual protection equivalent to that provided by the data protection regulations applicable in the EEA. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.

 

 

Data Security

 

- We maintain technical and physical safeguards that are designed to protect the security and integrity of your Personal Data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to unauthorised third parties. These measures include device encryption, firewalls and virus checking procedures.

- Where we keep Personal Data files on local devices these devices are protected and accessible only to authorised Frosts Online Ltd employees.

- We regularly review our security systems to ensure that your Personal Data remains safe and secure.

 

 

Duration of Storage

 

We will maintain records of your Personal Data for as long as you remain:

 

- a registered subscriber to our mailing list;

- a registered user of any of our Sites;

- have completed a purchase with Frosts Online Ltd in the last 36 months; or

- for as long as is necessary to provide our services to you.

- for as long as is necessary to meet the requirements of the Care Quality Commission (CQC), General Pharmaceutical Council (GPhC) and/or HMRC.

 

If you have not opened any email communication from a Frosts Online Ltd  brand or interacted in any other way with our brands for 36 months we will regard you as an inactive subscriber and delete your details from our records except where retention is necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees, or satisfy the regulatory requirements of the CQC, GPhC and HMRC.

 

 

Your Rights in Relation to Personal Data

 

- You can update your subscription preferences or unsubscribe from our marketing communications at any time by following the link in the footer of the last email you received from one of our brands (“Update your subscription preferences” or “Unsubscribe”) or by sending your request with detailed instructions for our Customer Services team.

- You have the right to update and correct the personal information on your account. You also have the right to request from us all personal information that we hold that relates to you, to request restriction of the processing of that data and to request that we delete that data.  Where allowed by applicable law there may be an administrative charge for supply of copies of data and we may also require you to provide us with appropriate identification before we comply with this request. You also have the right to object to our continued processing of your personal data.  You may also have the right to data portability. If you have a complaint about the way in which we use your personal information you have the right to complain to the Information Commissioner www.ico.gov.uk.

- You can contact us with questions about the personal information we hold about you using the contact information provided in the Contacting us section of this privacy notice.

 

 

Changes to our Privacy Notice

 

We will update this Privacy Notice from time to time to reflect changes in our business. All such changes will be posted to the Sites and if we consider it to be appropriate we will notify subscribers of any material changes by email.

 

 

Contacting us

 

Frosts Online Limited is the Data Controller in respect of any Personal Data that you submit to us or that we collect from or about you. We are a limited company registered in England and Wales (registered no. 6507149) with registered offices at Unit 7, Apollo Office Park, Ironstone Lane, Wroxton, Banbury, OX15 6AY.

 

If you would like to know what information we hold about you or if you have any other queries or complaints in relation to this Privacy Notice, or our Sites, our contact details are as follows:

 

- Frosts Online Limited, Unit 7, Apollo Office Park, Ironstone Lane, Wroxton, Banbury, OX15 6AY

- help@oxfordop.co.uk

- 01295 262 925