Our privacy notice describes the categories of personal data we process and for what purposes.
We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulation (GDPR).
We take privacy seriously and you can find out more here about your privacy rights and how we gather, use and share your personal information – that includes the personal information we already hold about you now and the further personal information we might collect about you either from you or from a third party such as your GP practice or NHS Scotland. How we use your personal information will depend on the products and services we provide to you.
Our Data Protection Officer (DPO) provides help and guidance to make sure we apply the best standards to protecting your information. Our DPO can be reached by post at Rx Pharmacy, 73a Lanark Road, Carstairs ML11 8QL or by e-mail on firstname.lastname@example.org if you have any questions about how we use your personal information.
This privacy notice provides up to data information about how we use your personal information and will replace any previous information we have given you about using your personal information. If we make any changes affecting how we use your personal information, we will update on the date displayed at the top of this webpage, so please check back regularly for updates. Our website will always show the most up to date version of our privacy notice.
We are a controller of personal information we gather and use. When we say we or us in this privacy notice we mean the companies PNC Pharma Ltd, Accutree Ltd & Village Pharmacy (Cumbernauld) Ltd trading collectively as Rx Pharmacy Group. These companies are all registered with the data protection supervisory authority, The Information Commissioners Office (ICO) as data controllers.
Your privacy rights
You have the right to object to how we use your personal information. You also have the right to see what personal information we hold about you, to ask us to correct any inaccuracies and to ask for some of your personal information to be provided to someone else. In addition, when permitted by law, you can ask us to delete or restrict personal information we hold about you. please be advised that this is not an absolute right and will be reviewed on request.
To exercise any of your rights in relation to your personal information, please contact our DPO by post at Rx Pharmacy, 73a Lanark Road, Carstairs ML11 8QL or by e-mail on email@example.com.
You can contact our DPO to exercise any of your other privacy rights as follows:
• Right to object – you can object to our processing of your personal information by providing details of your objection to the DPO
• Access to your personal information – you can request access to a copy of your personal information that we hold, along with information on what personal information we use, who we share it with, how long we keep it for and whether it has been used for any automated decision making.
• You can make a request for access free of charge by contacting our DPO by post at Rx Pharmacy, 73a Lanark Road, Carstairs ML11 8QL or by e-mail on firstname.lastname@example.org .Please make all requests in writing and provide us with evidence of your identity. See Proof of identity checklist for information on documents you will need to provide:
• Right to withdraw consent – if you have given us your consent to use personal information, you can withdraw your consent at any time.
• Rectification – you can ask us to change or complete any inaccurate or incomplete personal information we hold about you.
• Erasure – you can ask us to delete your personal information where it is no longer necessary for use to use it, you have withdrawn consent or where we have no lawful basis for keeping it.
We have the right to refuse to comply with a request for erasure where the personal data is processed for one of the following reasons:• We need to use the information to perform a task carried out in the public interest, to provide healthcare or treatment or it is necessary for the reasons of public health in the public health arena;
• We need to use the information to comply with our legal obligations;
• Archiving purposes in the public interest, scientific research, historical research or statistical purposes; or
• The exercise or defence of legal claims.
Portability – you can ask us to provide you or a third party with some personal information that we hold about you in a structured, commonly used, electronic form so it can be easily transferred.
• Restriction – you can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
• Make a complaint – you can make a complaint about how we have used your personal information to us, by contacting our DPO by post at Rx Pharmacy, 73a Lanark Road, Carstairs ML11 8QL or by e-mail on email@example.com.
Please not that you can also make a complaint to the data protection supervisory, the ICO at https://ico.org.uk/.
We will not make any charge for responding to any initial request from you to exercise your privacy rights and we will respond to your requests in accordance with our obligations under data protection law.
What kinds of personal information we use:
We use a variety of personal information depending on the products and services we deliver to you;
• To provide most of our products and services we need to know your name, address, date of birth, contact details (phone number and e-mail address) and details of your GP/Surgery.
• To provide many of our products and our services which are pharmacy or healthcare related we will need information about your health, your medication and your NHS number.
Sometimes where we ask for your personal information it is needed to fulfil a contract with you or to meet a legal obligation (such as dispensing a prescription) and we will not be able to provide some of our products or services without that information.
How we gather your personal information
We gather personal information directly from you:
• When you fill out a consent form to receive a product or service.
• When you have a prescription dispensed in one of our pharmacies.
• When you use our digital services for dispensing prescriptions.
• When providing products and services where we ask you to give us related information online
We also collect information form NHS bodies such as your GP/surgery or hospital and, if we have your consent to do so, from viewing your Summary Care Record.
We store information provided by other people on your behalf, for example, if someone collects or signs for a prescription on your behalf. We will need to ask them basic details about you, which may include health details such as family history of diseases. We may also request that patient representatives complete Part B on the reverse of the prescription to declare medical payment exemption status and Part C for signatory to this effect. We will always check with you that any such details provided are accurate when you come to see us next. We may also ask for proof of any exemption claimed in Part B to fulfil obligations NHS Contractor services in the interests of fraud prevention.
We may also make use CCTV on our premise ensure the safety and security of our staff and customer/patients. We are obliged to share any CCTV footage with legal authorities including the Police when requested to do so and in the interests of public safety.
Automated Decision making
We do not use any automated decision-making processes. Therefore, this consumer right is null and void under the General Data Protection Regulation 2018.
How we use your personal information
We use your personal information:
• To provide our products and services, respond to queries and comments, to collaborate with others to improve our products and services and to provide you with the best level of customer/patient service. We may use it to contact you to send you reminders (e.g. about repeat prescriptions/notification that your prescriptions are ready for collection)
• To learn more about you. We’ll consolidate the information we hold about you across the different channels you use to interact with us (e.g. In store, by phone, correspondence, etc.). We do this to keep our records accurate and up to date, provide you with a seamless and consistent service and to build a clearer picture of our customer/patient s. By understanding you better we can offer you the best and most personalised service we can. However, we will only send you marketing material if you have agreed we can and by the means you elect.
• To protect our customer/patients, our staff and our business, we may use your personal information to help prevent and detect crime. We use CCTV to record images in our stores and other facilities and if requested may pass it on to the police.
• To fulfil our contractual requirements with the NHS. We need to share your personal information with your GP and others in the wider NHS, such as the NHS Business Services Authority, and sometimes local authorities to provide you with NHS or Local Authority funded services, to negotiate and check the accuracy of our payments with the NHS and to ensure that we maintain appropriate professional and service standards and that your declarations and ours are accurate.
Our legal basis for using your personal information
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where –
1. We have your consent (if consent is needed).
2. We need to use the information to perform a task carried out in the public interest, to provide health care or treatment or if necessary for reasons of public health in the public health arena.
3. We need to use the information to comply with our legal obligations.
4. We need to use the information to perform a contract with you.
5. It is fair to use the personal information either in our interests or someone else’s interests where there is no disadvantage to you.
Special Categories of Data:
Extra due care and protection is given to certain kinds of personal information that is particularly sensitive. Under the DPA 1998 this was classed as ‘’sensitive data’’. This is information about your health status, medication, racial or ethnic origin, religious, political or similar beliefs and sex life or sexual orientation.
We will only use this kind of information where –
1. Required to deliver pharmacy and healthcare products and services to you.
2. We have a legal obligation to do so (e.g. to protect vulnerable people).
3. It is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises).
4. It is in the substantial public interest.
5. You have specifically given us explicit consent to use the information.
6. To collect meta-data on behalf of NHS Scotland for statistical analysis. Any information sent is always anonymous so that you cannot be identified.
Sometimes prescriptions we dispense for you will reveal special categories of information, such as health status, religious beliefs and sex life or sexual orientation. This information may be processed by us to dispense your prescriptions to you and will not be used for any other purpose except for Section 6 of the special categories of data mentioned above.
Sharing your personal information with or getting your personal information from others. We will share personal information with other organisations where we need to do to make our products and services available to you, to contact you about appropriate products and services, to meet or enforce a legal obligation or where it is fair or reasonable for us to do so.
We can confirm that we will only share your information to the extent needed for those purposes.
Please ensure that you advise us of how you would like to keep in touch with us regarding upcoming products and services. We are required to collect your explicit consent in order to continue to market to you. Please specify if you would like to hear from us via Email, SMS or Telephone Preference.
Who we share your personal information with depends on the products and services we provide to you and the purposes we use your personal information for. For some products and services, we will share your personal information with our service providers such as couriers, manufacturers and suppliers. We currently share information with The General Pharmaceutical Council Inspectors and NHS Scotland.
Most of the time the personal information we have about you is information you have given us, or is gathered by us during the course of providing products and services to you.
We also sometimes gather personal information from and send personal information to third parties (such as GP Surgeries and NHS bodies) where necessary so we can fulfil our legal obligations as a provider of pharmacy and healthcare products and services.
Transfers outside the UK
We do not currently share your information with any parties outside the UK.
You can find out more information about standard contractual clauses as detailed by the ICO. Visit the ICO website https://ico.org.uk/ and search for international transfers.
Details of third party data processor we use can be obtained by contacting our DPO by post at Rx Pharmacy, 73a Lanark Road, Carstairs ML11 8QL or by e-mail on firstname.lastname@example.org.
How long will we keep your personal information for?
We are required to hold your personal information for as we have a legal or business reason to do so. In practical terms, this means we generally keep your information for as long as you remain a customer/patient. Alternatively, we would retain your information as requested to meet our legal obligations, to resolve disputes or enforce our agreements.
In order to allow us to fulfil our obligations to the NHS, regulatory or similar bodies – health related personal information may need to be retained for a period of time after you cease to be a
customer/patient. We will always store it securely and confirm that your data will not be used for any other purposes.
Keeping you informed and up to date
We will communicate with you about your prescriptions, changes to the pharmacy that may affect you and possibly products and services we are delivering using any contract preferences you have given to us – for example by post, e-mail, text message, and social media.
Please ensure that you keep in touch with us in regards to seasonal opening hours and unpredicted changes in opening times during periods of adverse weather. We will endeavour to keep you informed in all instances, however please be advised that in cases beyond our control this prove to be problematic.
Where you have given us consent to receive marketing, you can update your contact preferences or withdraw consent by contacting our DPO by post at Rx Pharmacy, 73a Lanark Road, Carstairs ML11 8QL or by e-mail on email@example.com.
Contact form, information quality feedback and email
You may be contacted to provide feedback on how we managed your enquiry. You will be asked to consent to this at the point you submit your data. We will hold the information you provide us for as long as necessary to support the service we are providing you, for example so we can continue to provide assistance or resolve an ongoing issue.
If no communication has been made in over 12 months and the information is not required to resolve an ongoing issue, then all communication and any personal information will be deleted.
Generic information, such as the duration your enquiry was opened for or the part of the website you were using, will remain. This is to allow for reporting over a period greater than 12 months.
Information is kept for 12 months to allow for trend analysis, identifying reoccurring issues and understanding common issues.
Exceptions include those currently following the complaints process, or when consent to keep information for longer has been obtained. This is typically for a period of 6 years or longer if there are liability elements to be considered for potential legal disputes.
Additionally, if we have determined that the information supplied contains personal information that we do not need to hold to provide or aid assistance, we will endeavour to remove this information as soon as practically possible.