European Data Protection law changed on 25 May 2018, introducing the General data Protection Regulation 2018 (“GDPR”). Medicines2U (“we”, “us”, “our”)are committed to protecting information through appropriate controls, being transparent about what data we hold and how we use it, and about respecting your privacy. “You” (“Your”) are our client to whom we provide products and services, or are considering entering into an agreement with us for the provision of our services.
Personal Data means information that can directly or indirectly identify you ("Personal Data"). This typically includes information such as your name, address, email address, and telephone number, but can also include other information such as IP address, shopping habits, information about your health and information about your lifestyle or preferences such as your hobbies and interests. Information about health are called “special categories of Personal Data” that require special protection because of their sensitivity.
The rules on processing of personal data are set out in the GDPR. The terms “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Processing” and “Appropriate Technical and Organisational Measures” used below shall be interpreted in accordance with the GDPR.
Our Promise to you
The way we use your data hasn’t changed, we will only use your data for the purpose it is provided. We will keep it safe and never sell it to third parties, we’ll be clear and open about how we will collect your personal information and how we will use it. Where you have choices and rights we will explain these to you and respect your wishes.
This policy sets out the basis on which any Personal Data We collect from you, or that you provide to us, will be processed by us.
www.medicnes2u.co.uk (“our site”) is a division of Yakub Chemist Ltd trading under the name of www.medicines2u.co.uk, under registration number 4167616 whose registered office is 67 Hartington Road, Leicester, LE2 0GQ. We are the Data Controller.
Your data is collected for the purpose of providing direct patient care through our online products and services, for example creating your account, processing orders and transactions, responding to queries and comments and ensuring the highest level of customer service. We may also contact you in emergency situations, such as a product recall or we have a duty of care to notify you of information relating to your health. We can disclose this information if it is required by law, if you give consent or if it is justified in the public interest.
The Personal Data We collect from you includes but is not limited to the following:
- When you enquire about our services, we will request Personal Data such as your name, email address and telephone numbers and information about you to help us to advise you on the suitability of our services and to contact you with further information.
- When you set up an account with us, or place an order we will request Personal Data such as your name, email address, postal address, telephone numbers, credit/debit card details, date of birth and other information to help us identify you and provide a service to you. We will also request these details for you or for any patient representative that may be involved in your order process, or third party delivery address details you may provide.
- When you contact us to discuss your services or order, we will ask for certain information to be able to confirm your identity, check our records and answer your questions quickly and accurately;
- When you visit our website, we may collect and process information about your usage by using “cookies” and other similar technologies to help us make improvements to the websites and to the services we make available. Please see the Cookies section below for more information.
- Where we receive or make phone calls, we will collect call data records including the call date and time, the number dialled and the duration of the call, the names of the parties to the call, and any message or other information given during the call. We will also use this for training and quality purposes and to ensure any verbal instructions you give us are properly understood. Access to recordings are controlled and monitored;
- Where we receive or send emails, we may collect the names and email addresses of the third parties and any information contained therein;
- Where we receive or send paper documents or other forms of communication, We may collect the names and addresses of the third parties and any information contained therein;
- When you access our web portal or website, we will collect information you enter into the portal and the IP addresses from which You access the portal;
- When you correspond with us by phone, email or otherwise, we will collect all information provided by you and store the information for as long as required by the NHS
- We will collect and store medical information, medicine currently taking or will be taking (either retrieved from a third-party system, self-input, or otherwise), including name, dosage, dosing schedule.
- Information that you provide by filling in forms on our site. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site or regarding the products and services provided by us.
- We may request identification, One form of valid photographic identification and one document as proof of address. This is for fraud prevention. Please note we do not store this information, it is used to verify your identity only.
- Sensitive personal data concerning health matters from or about you obtained from all communications from you through the use our Online Consultation Service.
- When you use our online consultation service we will request Information relating to your general practitioner, including their contact details and any necessary details of letters of request. We will not share information with your general practitioner without your consent.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- When you place an order we will store details of transactions you carry out through our Site and of the fulfilment of your orders.
- When you place an order with us we will collect payment details including but not limited to the name on your bank card, the billing address and partial card number.
- When you use the chat function on our site we will store the information collected for training, quality and audit purposes. We will also use the data collected for reference purposes to any orders you may place.
We will use your personal data for the purposes that include but are not limited to:
- processing any enquiries you have about our services.
- verifying your identity when you use our services or contact us.
- understanding, processing and executing instructions you give us in relation to the delivery of our services
- Providing you with appropriate medical treatment.
- Delivering our services to you.
- Monitoring call traffic from time to time for the purposes of service optimisation and problem solving.
- Analysing our services with the aim of improving them.
- Notifying you about changes to our websites, services or terms and conditions or anything else we may be required or reasonably expected to notify you of.
- Providing you with accurate and detailed billing for using Our services.
- Collecting payment, and recovering any monies You may owe to us, for use of our services.
- Collecting information used for survey purposes to improve our services.
- Maintaining our business records and accounts;
- Meeting our obligations to HMRC;
- Meeting our legal and regulatory obligations to the GPHC, NHS and any other regulatory bodies
- Preventing or detecting a crime, fraud or misuse of our services, and investigating where we believe any of these have or may have occurred;
- Meeting our obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
- Meeting our obligations under the Data Retention (EC Directive) Regulations 2009; and
- Providing phone number portability under Ofcom’s General Conditions.
- To provide you with information about our other services, offers or products that you may be interested in; and
- to provide you with information about third party services, offers or products that You may be interested in.
Whilst storing Your data, we will use Appropriate Technical and Organisational Measures to keep Personal Datasecure and to prevent it being accidently lost, accessed or used in an unauthorised way, altered or disclosed. We will make reasonable efforts to ensure the data is accurate and up to date and will undertake to rectify any inaccuracies of which we become aware without delay. All Personal Data We store is stored in the European Economic Area.
We may disclose your personal information to third parties:
- In response to properly made requests from law enforcement agencies for the prevention and detection of a crime, for the purpose of safeguarding national security or when the law requires Us to, such as in response to a court order or other lawful demand or powers contained in legislation, for the prevention of harm or injury.
- In response to properly made requests from regulatory bodies such as the Information Commissioners Office, Ofcom, GPHC, CQC, NHS England or any other regulatory bodies;
- as part of the process of selling Our business or buying a business or business assets we may disclose your personal data to the prospective seller or buyer of such business or assets;
- As part of current or future legal proceeding.
- With a company who is assisting us in providing services to you or who provides services to us which enable us to provide our services to you, examples of such services being billing and financial companies, telecommunications services and customer management companies, consumer review based companies who will collect reviews on our behalf. Where We share information with other parties who provide such services, We will have contracts in place with them to ensure that they must comply with the requirements of the GDPR and any other relevant legislation to protect Your information and keep it secure.
- In order to provide you with the products or services that you request from us, including but not limited to our medical experts, for example we will pass your information on to our Independent Prescriber to assess your medical needs and for you to receive the correct treatment.
- If Yakub Chemist Ltd or www.medicines2u.co.uk, or substantially all of its assets, are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- To protect the rights, property, or safety of Yakub Chemist Ltd and therefore www.medicines2u.co.uk, our customers, or others (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
Some of the organisations with whom we may share information may be outside the European Economic Area,in countries that do not always have the same data protection laws as the UK. However, we will have contracts in place with them to ensure that your information is given the same level of care, is adequately protected and secure, and we will remain bound by our obligations even when your personal information is processed outside the European Economic Area.
Where any data breach is identified that affects the information that we hold about or have processed from you,we will take urgent action in accordance with the GDPR and guidance issued from the Information Commissioner’s Office. If you identify any data breach that affects data we have passed to you, you must notify us in writing immediately and provide full information about the data affected by this breach.
Cookies are tiny files of letters and numbers that are stored by your web browser, either temporarily within yourdevice’s memory or more permanently on your device’s storage.
We use a security cookie on our web portal www.medicines2u.co.uk. This cookie is required for the operation of our web portal, and contains only a session security token without any Personal Data. This cookie only exists for the duration of Your web browser session, in Your device’s memory. Use of this cookie is a requirement of using our web portal.
We will not attempt to personally identify visitors from their IP addresses unless required to as a matter of law or regulation or in order to protect our or our other customers' rights.
We respect the fact that your personal information is your information, and we’ll make it easy for you to update or change your personal details or marketing permissions..We are committed to maintaining confidentiality and protecting the information we hold about you.
- You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, where that is the case you have the right to access the information we hold. We will request identification for any Subject Access Requests (SAR) to ensure we are providing the information to the right person. Please send all SAR’s to [email protected] or putting your request in writing to: SAR, medicines2u.co.uk, 1 Highview Close, Leicester, LE4 9LJ. We will respond to your request within 30 days free of charge.
- You have the right to request any inaccurate personal data to be rectified without undue delay and to have any incomplete data completed.
- You have the right to erasure, however this isn’t an automatic right, what we can delete will depend on what information we hold on you. We will keep all medical information for as long as it required for us to fulfil our obligation to the NHS.
- You have the right to request the transfer of your personal data.
- You have the right to object to automated individual decision making.
Please help us to help you by letting us know if your contact details change, or if you spot any errors in the information we hold about you
In the first instance, please contact Us using the details above. If this does not resolve Your complaint to Your satisfaction, You have the right to complain to the Information Commissioner about the way in which We collect and use Your Personal Data: https://ico.org.uk/concernsor telephone 0303 123 1113. We are registered with the Information Commissioner’s Office under Register Entry Z8335919.
Please note that the ways in which We collect, use and protect Personal Data will be reviewed periodically and may change from time to time. We will notify You by email should such changes