Bute Pharmacy Privacy Policy

Effective Date: 21st day of November, 2021

Website: https://butepharmacy.co.uk/

Contact Page: https://butepharmacy.co.uk/contact/

Bute Pharmacy (the “Site”) is owned and operated by Bute Pharmacy. Bute Pharmacy is the data controller and can be contacted through our contact page.

Purpose

The purpose of this privacy policy (this “Privacy Policy”) is to inform users of our Site of the following:

  • The personal data we will collect;
  • Use of collected data;
  • Who has access to the data collected;
  • The rights of Site users; and
  • The Site’s cookie policy.

This Privacy Policy applies in addition to the terms and conditions of our Site.

GDPR

For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.

We have not appointed a Data Protection Officer as we do not fall within the categories of controllers and processors required to appoint a Data Protection Officer under Article 37 of the GDPR.

Consent

By using our Site, users agree that they consent to:

  • The conditions set out in this Privacy Policy.
  • When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing that we completed before you withdrew your consent unlawful.

You can withdraw your consent by deleting your account; please contact us if you require assistance.

Legal Basis for Processing Medical Data

We process sensitive medical information based on the following legal grounds under the GDPR:

  • Explicit Consent: We may process your medical data if you have given us explicit consent to do so for specific purposes.
  • Health Care Purposes: We may process your medical data as necessary for the provision of health care services or the management of health care systems.

Personal Data We Collect

We only collect data that helps us achieve the purpose set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.

Sensitive Personal Data We Collect

We collect and process the following types of sensitive medical data:

  • Prescription details, including medication names, dosages, and treatment plans.
  • Health conditions and history necessary for fulfilling prescriptions.

Data Collected Automatically

When you visit and use our Site, we may automatically collect and store the following information:

  • IP address;
  • Location;
  • Hardware and software details;
  • Clicked links;
  • Content viewed.

Data Collected in a Non-Automatic Way

We may also collect the following data when you perform certain functions on our Site:

  • First and last name;
  • Email address;
  • Phone number;
  • Address;
  • Payment information.

This data may be collected using the following methods:

  • Creating an account;
  • Placing an order;
  • Contacting us.

How We Use Personal Data

Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.

The sensitive medical information we collect is used solely for the purposes of:

  • Processing and fulfilling prescriptions.
  • Providing healthcare services and managing patient care.
  • Complying with legal and regulatory obligations.

Data Retention

We retain sensitive medical data for a period necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Typically, we retain prescription records for a minimum of [insert time period, e.g., 10 years] to comply with healthcare regulations. You will be notified if your data is kept for longer than this period.

How We Protect Your Personal Data

In order to protect your security, we use the strongest available browser encryption and store all of our data on secure servers. We also regularly inspect our website for bugs and exploits. Additionally, we do not store or process credit card information; these transactions are conducted through secure payment gateways.

While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times, and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.

Automated Decision-Making and Profiling

You have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You can object to your personal data being used in this way or require a manual review of an automated decision by contacting us.

We only use automated decision-making and profiling if the decision:

  • Is necessary to enter into or perform a contract between you and us;
  • Is authorized by EU or member state law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • Is based on your explicit consent.

The decision(s) we make using automated decision-making, the criteria or reasons those decisions are based on, and the significance and consequences of those decisions for you are as follows:

  • Decision: If an account can be created or an order placed.
  • Criteria or reasons for decision: Fraud prevention.
  • Significance and consequences of decision for you: If the details provided are considered to be high risk, we reserve the right to refuse service.

User Rights Regarding Medical Data

Under the GDPR, you have the following rights concerning your sensitive medical data:

  • Right to access your medical information.
  • Right to rectify inaccuracies.
  • Right to request erasure under specific circumstances.
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing.

Data Sharing and Third-Party Disclosures

Employees

We may disclose user data to any member of our organization who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.

Third Parties

We may share user data with the following third parties:

  • Payment processors for fulfilling transactions;
  • Healthcare providers and laboratories for processing prescriptions and providing services.

We may share the following user data with third parties:

  • Prescription details for order fulfillment and healthcare services.

Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given purpose.

Other Disclosures

We will not sell or share your data with other third parties, except in the following cases:

  • If the law requires it;
  • If it is required for any legal proceeding;
  • To prove or protect our legal rights;
  • To buyers or potential buyers of this company in the event that we seek to sell the company.

If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and have no control over their privacy policies and practices.

Data Breach Notifications

In the event of a data breach affecting your sensitive medical information, we will notify you without undue delay and

report it to the relevant supervisory authority as required by law.

Cookies

A cookie is a small file stored on your computer. We use cookies to:

  • Understand and save user preferences for future visits;
  • Compile aggregate data about site traffic and site interactions.

Users may choose to set their web browser to refuse cookies or to alert them when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of any changes by posting the new Privacy Policy on our Site. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Acceptance of This Privacy Policy

You acknowledge that you have read this Privacy Policy and agree to all its terms and conditions. By using the Site, you agree to be bound by this Privacy Policy.

Contact Information

If you have any questions about this Privacy Policy, please contact us: