Last Updated: 24th May 2018
Last Updated: 24th May 2018
Chemist.net is committed to safeguarding your privacy and ensuring that your personal data is secure and confidential. This policy explains the types of personal data we collect and how we process and protect that data in connection with the services we offer.
In this policy, 'we', 'us' and 'our' refers to Chemist.net and 'you' and 'your' means the person the information relates to. We are required by law to tell you we how use any personal information we hold on you.
1) Who we are
www.chemist.net is a website and service operated by Norchem Healthcare Limited, registered at and trading out of 18 Oxleasow Road, East Moons Moat, Redditch, Worcestershire, B98 0RE. Norchem Healthcare Limited is registered with the Information Commissioners Office (ICO), registration number Z5250821.
Our designated Data Protection Officer is Mohammed Kolia.
2) What is Personal Data?
Personal Data is information that can directly or indirectly identify you. This includes things you might expect such as your name, address, email address, and telephone number, but can also include other information such as IP address, shopping habits and information about your health. Information about health is classed as a “Special Category Data” as it requires special protection due to its sensitivity. We will require certain information from you regarding your health if you purchase certain medications or if you send us a prescription to dispense.
3) How is your Personal Data collected?
We collect Personal Data when you:
- Browse our website.
- Register on our website.
- Place an order with us online or by phone.
- Contact us by email, telephone or social media.
- Sign up to our newsletter.
- Enter a competition or prize draw run by us.
4) What Personal Data do we collect and how do we use it?
Browsing our website
Registering on our website
In order to fulfil our legal obligations in regards to the sale of medicine, you will need to create an account with us before placing your first order so our Pharmacist can review your order history where appropriate. When you register you will need to provide your email address and create a password. You may also need to provide your home address, telephone number and date of birth (to fulfil our legal obligations in regards to the sale of restricted products such as medicines and electronic cigarettes). If you register on our website and do not proceed to place an order you may contact us to delete your account. If you have placed an order and would like to delete your account, this will be considered on a case by case basis as it will depend on what you have purchased from us as to what our legal and regulatory obligations are; please contact us and we will advise accordingly.
Placing an order
The information we collect from you here is required in order to perform our contact with you (sending you the products you request from us); name, home address, delivery address, home telephone or mobile number, email address, information about the products you order and payment details. If you are purchasing a medicine you will also need to provide health information about the patient who will be taking the medication; you will need to obtain consent from this person if you are ordering on behalf of someone. This enables the Pharmacist to ensure that the medication is suitable, fulfilling our legal and regulatory obligations.
If you choose to use our prescription service we may also require details of your medical exemption certificates as appropriate. When we receive your prescription we will also have details of your GP surgery and your NHS number (for NHS prescriptions). When you sign up for our prescription services, you may also consent to share your Summary Care Record (a summary of any conditions or allergies you have and any other medications you have been prescribed) in order for the Pharmacist to perform extra clinical checks for additional safety. This will only be accessed if you provide explicit consent and can only be accessed by the Pharmacist on duty. You can change your consent regarding your Summary Care Record at any time by contacting us.
If you have placed an order and would like to delete your account, this will be considered on a case by case basis as it will depend on what you have purchased from us as to what our legal and regulatory obligations are; please contact us and we will advise accordingly.
Contacting us by email, telephone or social media
The information we collect when you contact us will depend on the nature of the enquiry and whether you are querying an order you have already placed; we will only collect information that we need to respond to your query and/or that you voluntarily provide to us. This information may include your name, home address, delivery address, home or mobile number, order number, details of products you have purchased or are considering purchasing and health information (if you are enquiring about a medication). The data we collect enables us to respond to the enquiry that you initiate.
Signing up to our newsletter
We will only send you our email newsletter if you explicitly consent to this; this can be done when you register for your account, or via the separate registration link. We collect your name and email address, and if you have ordered with us we may use your purchase history in order to ensure that the emails you receive are relevant to you. You can opt out at any time by contacting customer services or by clicking on the unsubscribe link included in all of our marketing emails. Please note that this may take up to 7 days; if we already have a newsletter scheduled to be sent to you then you may still receive this.
Entering a competition or prize draw run by us
The data we will collect will depend on the competition being run but will include as a minimum: name, email address and home or mobile telephone number. Other information we collect may include your home address, date of birth, and user generated content (e.g. answers to a competition question). We collect this data to carry out prize draws or competitions which you chose to participate in and to determine the winner or to provide the prize if you win. If we intend to use any of this data for marketing purposes, we will clearly inform you before you enter your details.
5) Processing Personal Data about children
Our website is intended for adults. A parent or guardian may purchase a medicine on behalf of a child, or may authorise us to dispense a prescription on their behalf. Any data collected about a child will never be used for marketing purposes.
6) How do we keep your Personal Data safe?
We maintain appropriate technical and organisational measures to protect the Personal Data you provide. This includes, but is not limited to, using only secure servers and payment providers, rigorous and regular staff training, DBS checks and compliance with NHS Information Governance requirements and the NHS Code of Practice on Confidential Information.
7) What about third party companies?
We may need to share your information with third party companies to fulfil our contract to you and/or to fulfil our legal obligations. Depending on the nature of the product/service you request from us, and whether you consent to marketing emails, these organisations may include:
- Parcel couriers, including Royal Mail and DX.
- NHS bodies such as GPs and payment services.
- Payment providers such as Sage Pay and PayPal.
- Companies that provide fraud and money laundering checks.
- Companies that enable us to run the website and associated services, such as web hosting, development, email delivery, reviews and feedback surveys.
8) Sharing your information outside the European Economic Area (EEA)
Personal data can be transferred, processed and stored within the EEA (comprising all of the European Union countries, Iceland, Liechtenstein and Norway) safely and securely as they offer an adequate level of protection in comparison to the UK.
Most of our data is stored and processed within the EEA, however we also transfer your data to India, where our web development team is based. We ensure that your personal data is subject to the same standards of protection and security by means of standard contractual clauses. We also conduct a full review of all new suppliers’ processes and procedures.
9) How long do we keep your Personal Data?
We hold your personal information for as long as we have a legal or business reason to do so, which generally means as long as you remain our customer or as required to meet our legal obligations. To fulfil our obligations to the NHS or regulatory bodies, we may need to retain your health-related information for a period of time after you cease to be our customer. We will always store your data securely and won’t use it for any other purpose.
10) Your rights
Under the GDPR (General Data Protection Regulation) you have the eight rights listed below:
For more information on these rights, please visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
If you wish to stop receiving marketing emails you can do so by clicking the unsubscribe link on any of the marketing emails you receive or by contacting our customer service team.
Please note that withdrawing your consent will not affect the lawfulness of the processing before the withdrawal.
Making a complaint with the Information Commissioner’s Office
If you think that any of our processing activities violates data protection laws, you can lodge a complaint with the (www.ico.org.uk).
11) Other Information
Our website may contain links to external websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
Find out more about protecting your information and staying safe online: https://www.getsafeonline.org/get-safe-top-10/