Chemist.net Cookie Policy : We use cookies to enhance your user experience. To find out more please view our cookie policy
Privacy and Cookie Policy
Version 1.1.
Last Updated: 17th October 2024
Our Privacy Notice describes the categories of personal data we process and for what purposes.
Introduction and summary
At Chemist.net we know that your personal data is important to you. That’s why, whenever we use it, we only use what we need to, and we do everything we can to ensure it is appropriately protected.
This notice explains the situations where we may process your personal data and the steps we take to protect it.
Updating this notice
Chemist.net keeps its privacy policy under regular review, and we may make changes to this notice at any time. Depending on the associated processing risks, we will either contact you with the modified terms, or we will post a copy of these on our website. Any changes will take effect 7 days after the date of our email, or the date on which we post the modified terms on our website, whichever is sooner. Please ensure you regularly check our website for any updated use of your personal data, alongside contact information in the event you have any further queries.
Who we are
Chemist.net is the trading name for Norchem Healthcare Limited (company number 03465047 registered address Merchants Warehouse, Castle Street, Manchester, England, M3 4LZ). When we say ‘we’ or ‘us’ we mean this company. This company is part of the wider Bestway Healthcare Group of companies, including Bestway Panacea Holdings Ltd (an English and Welsh registered company with company number 09225479, registered address: Merchants Warehouse Castle Street, Castlefield, Manchester, M3 4LZ). When we say ‘Group’ in this notice, we mean other members of our group of companies, including trading and subsidiary companies of Bestway Panacea Holdings Ltd (an English and Welsh registered company with company number 09225479, registered address: Merchants Warehouse Castle Street, Castlefield, Manchester, M3 4LZ) and its trading and subsidiary companies.
How you can contact us
- By Email: sales@chemist.net
- By Post: Chemist.net, 18 Oxleasow Road, East Moons Moat, Redditch, B98 0RE.
If you specifically want to contact our Data Protection Officer, you can do so by emailing DPO@bestwayhealthcare.co.uk.
Alternatively, you can write to them at: Data Protection Officer, Merchants Warehouse, 21 Castle Street, Castlefield, Manchester, M3 4LZ.
How we use your personal data
We collect and use your personal data when you:
- Browse our website.
- Register on our website.
- Place an order with us online or by phone.
- Contact us by email, telephone or social media.
- Sign up to our newsletter or other marketing correspondence.
- Enter a competition or prize draw run by us.
What we specifically collect and how we use it depends how you interact with us and the specific services you’ve requested. Some examples of how we use your personal data are as follows:
- When you place an order through our website we will use your name, home address, delivery address, home telephone or mobile number, email address, information about the products you order and payment details.
- If you are purchasing a medicine you will need to provide health information about the patient who will be taking the medication, which will require you to obtain consent from this person if you are ordering on their behalf. This enables the Pharmacist to ensure that the medication is suitable, fulfilling our legal and regulatory obligations.
- If you choose to use our prescription service, we may require details of your medical exemption certificates as appropriate. When we receive your prescription, we will also have details of your GP surgery and your NHS number (for NHS prescriptions).
- When you sign up for our prescription services, you may consent to share your Summary Care Record (a summary of any conditions or allergies you have, and any other medications you have been prescribed) in order for the Pharmacist to perform extra clinical checks for additional safety. This will only be accessed if you provide explicit consent and can only be accessed by the Pharmacist on duty. You can change your consent regarding your Summary Care Record at any time.
- When you contact us by email, telephone or social media, we will collect information that we need to respond to your query, and any other supporting information you voluntarily provide to us. This information may include your name, home address, delivery address, home or mobile number, order number, details of products you have purchased or are considering purchasing and health information (if you are enquiring about a medication). The data we collect enables us to respond to your enquiry.
- If you sign up to our email newsletter or another marketing list we have, we will gather your explicit consent to send you communications. This will involve the collection of your name and email address, and if you have ordered with us we may use your purchase history to ensure that the emails you receive are relevant to you. You can opt out at any time by contacting our customer services, or by clicking on the unsubscribe link included in all of our marketing emails (please note that this may take up to 7 days; if we already have a newsletter scheduled to be sent to you then you may still receive this).
- Where you enter into a competition, the type of personal data we will use as a minimum includes your name, email address and home or mobile telephone number. Other information we collect may include your home address, date of birth, and user generated content (e.g. answers to a competition question). We collect this data to carry out prize draws or competitions which you chose to participate in and to determine the winner, or to provide the prize if you win. If we intend to use any of this data for marketing purposes, we will clearly inform you before you enter your details.
When you visit our website, we also collect other information, sometimes referred to as ‘cookies’. Our use of cookies may include the collection of anonymised information about the type of browser you use when visiting our website; your IP and device address; hyperlinks that you have clicked; and other websites you visited before arriving at our website. You can find more about how we use cookies in our Cookie Policy below.
Who we share your personal data with
In the previous section we described instances where we share your personal information with others. There are also other third parties that we use to help us deliver and improve our services to you. In this section, we have summarised the types of third parties who we may share your data with.
- If you wish to purchase an age-restricted product from our website, we have a regulatory responsibility to verify that you are of a suitable age before completing the purchase. We do this alongside a trusted third party supplier. We only use your personal data for this very specific purpose and ensure there are security measures in place to protect your information.
- Where we store your personal information related to a purchase you have made, a third party company may supply the system where this information is securely held. • When you make a payment for goods or services, a third party company may process this payment.
- We may use third party postal services and couriers to deliver items you purchase.
- Where necessary, we may need to share your personal data with law enforcement agencies where we are required to do so by law. This will most likely be for the detection or prevention of crime, or to exercise or defend a legal claim.
- We may also share your personal data with third party regulators. This may include the General Pharmaceutical Council (GPhC), the Medicines and Healthcare products Regulatory Agency (MHRA) or the Information Commissioner’s Office (ICO).
Whenever we use third parties, we will always ensure that only the minimal amount of relevant information is shared and that data is securely deleted once it is no longer required.
Where we process your personal data
We may need to transfer your information outside the UK to service providers, agents, and subcontractors in countries where data protection laws may not provide the same level of protection as those in the European Economic Area. Where this happens, we agree specific safeguards and assurances in our contracts with those providers to ensure there are appropriate controls in place to protect your data. Where necessary, we also ensure we have conducted a full ‘Transfer Risk Assessment’ alongside any necessary contractual obligations. This is an area of legislation that is subject to change, so we always ensure we are fully up to date with updates from the UK Government, the Information Commissioner’s Office, and the European Commission.
Your privacy rights and how to exercise them
Under data protection laws, you have the following rights:
- Right of Access (typically called a “Subject Access Request” or “SAR"): you have the right to know how we process your personal data (as explained in this notice) and also a right to receive a free copy of your personal data.
- Right to Rectification: you can ask us to change or complete any inaccurate or incomplete personal data held about you.
- Right to Object: you have the right to object, in certain circumstances, to us processing your personal data. For example, you can object to us sending you marketing material, or using your personal data to create a profile about you that is related to direct marketing.
- Right to Erasure: in certain circumstances, you can ask us to delete your personal data. For example, where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis to keep it.
- Right to Portability: you have the right to ask us to send a copy of certain elements of your personal data (predominantly information you have shared directly with us) to another company.
- Right to Restrict Processing: you can ask us to restrict the personal data we use about you where you have asked for it to be erased (and the erasure has not taken place, or we were unable to erase the data when we should have) or where you have objected to our use of it.
To make a subject access request, or to exercise any other data subject rights, you can contact us using the information provided in this notice.
It is free to exercise your privacy rights and we will respond to any request as quickly as we can. Under current data protection laws, we have 30 days to respond to any request, unless an exemption applies. We will contact you as soon as we can where we are applying an exemption, which may extend the time we have to process your request.
Children’s data and safeguarding
Chemist.net will never knowingly process personal data related to children for any purpose other than in the following unique circumstances:
- Where welfare or safeguarding concerns are raised about a child or children. This may involve Chemist.net liaising with local authorities to ensure the protection of those involved. Wherever this occurs, Chemist.net will always consider whether consent is appropriate and, if it is not, another legal basis will be established.
- Our website collects cookies, which may inadvertently relate to children who visit our website. However, the resulting cookie activity (e.g. to improve the functionality of our website) does not cause a sufficient level of harm to impact children.
There may be occasions where it becomes necessary to safeguard individuals, either from others or themselves. We always take any decision around sharing data of this nature with other authorities or bodies incredibly seriously, and we ensure that our internal policies also reflect this. Data protection laws are still applicable, and, in serious cases, the sharing of personal data will likely be done using one or more of the following legal bases:
- Vital interests (to protect those of the data subject/s).
- Reasons of substantial public interest, which may include:
- Preventing or detecting unlawful acts.
- Protecting the public.
- Safeguarding of children and individuals at risk.
- Safeguarding of economic wellbeing of certain individuals.
We also have a responsibility to safeguard adults who lack mental capacity under the Mental Capacity Act (2005). Chemist.net always weighs up the necessity of sharing any personal data for purposes above and beyond that which the data subject is already aware of and considers whether consent is an available option. Any personal data this is ultimately shared will be done so after internal consideration alongside Chemist.net’s Data Protection Officer and other senior responsible individuals, and only the minimum amount of information is securely shared.
How long we retain your personal data
Chemist.net will retain your personal data for as long as we are legally or contractually required to do so, or for a period which is justifiable to meet our business needs. The exact retention period varies depending on the type of information and purpose for use, and our internal policies support this activity.
Marketing and communications
If you have given your consent, or if we believe legitimate interests may apply, we will, from time to time, contact you about the products and services we offer.
The marketing we send to you may be tailored to make it more relevant. This is done by analysing the data we hold on you (e.g. services previously used, age, address, previously stated health and wellbeing interests) to create a profile. If you want to receive marketing from us, but do not want this to be tailored then you can object to the profiling as described under "What are your privacy rights and how can you exercise them?". Alternatively, unsubscribing from marketing will also cease the profiling activity we conduct.
We may also contact you in the following scenarios:
- To request that you take part in customer feedback and surveys. This allows us to collect insights on the service we provide and what our customers may want from us in the future.
- To provide an update on an order you have placed.
- To confirm a delivery slot for an order you have placed.
We will send these communications to you either by email, post - or both - depending on the content and context of the communication. Every marketing communication we send will include instructions on how to opt-out. Some of our communication will be contractual in nature, however if our communication is of a direct marketing nature, you can change your marketing preferences at any time using the contact information provided in this notice.
Cookie Policy
When you visit our website we collect anonymised information about the type of browser you use when visiting our website, your IP and device address, hyperlinks that you have clicked, websites you visited before arriving at our website and information collected by cookies or similar tracking devices. The use of cookies lets us know if you have visited us before and your preferences so we can provide you with a personalised experience. When you first visit our website on a device there is a pop-up message; you consent to the use of these non-essential cookies when you tick the box in this message. You can provide/revoke consent at any time via your browser settings.
The table below lists the cookies we collect and the information they store.
| Cookie Name | Cookie Description |
| CART | The association with your shopping cart. |
| CATEGORY_INFO | Allows pages to be displayed more quickly. |
| COMPARE | The items that you have in the Compare Products list. |
| CUSTOMER | An encrypted version of your customer id. |
| CUSTOMER_AUTH | An indicator if you are signed into the store. |
| CUSTOMER_INFO | An encrypted version of the customer group you belong to. |
| CUSTOMER_SEGMENT_IDS | Stores your Customer Segment ID. |
| DISCOUNT_POPUP | Indicated whether you have closed the pop-up banner on the home page. Expires after 7 days. |
| EXTERNAL_NO_CACHE | A flag that, indicates whether caching is on or off. |
| FRONTEND | Your session ID on the server. |
| GUEST-VIEW | Allows guests to edit their orders. |
| LAST_CATEGORY | The last category you visited. |
| LAST_PRODUCT | The last product you looked at. |
| NEWMESSAGE | Indicates whether a new message has been received. |
| NO_CACHE | Indicates whether it is allowed to use cache. |
| PERSISTENT_SHOPPING_CART | A link to information about your cart and viewing history if you have asked the site. |
| RECENTLYCOMPARED | The items you recently compared. |
| SELECTEDOPTION | Used to store your selected product options. Expires after 7 days or when order is successfully placed. |
| STF | Information on products you emailed to friends. |
| STORE | The store view or language you have selected. |
| TERMS_CONFIRM | Indicates when terms and conditions have been accepted. Expires after 7 days or when order is successfully placed. |
| USER_ALLOWED_SAVE_COOKIE | Indicates whether a customer authorised cookies. |
| VIEWED_PRODUCT_IDS | The products that you recently looked at. |
| WISHLIST | An encrypted list of products added to your wish list. |
| WISHLIST_CNT | The number of items in your wish list. |