Privacy Policy

www.optipharmpharmacy.co.uk (the “Website”) is operated by Optipharm Pharmacy (“we”, “us”, “our”) a trading name of Medicine Box (London) Ltd.

When you submit information to Medicine Box (London) Ltd as the Data controller, the information held will be processed in accordance with this Privacy Policy. Medicine Box (London) Ltd will remain responsible for the overall management and security of the Personal Information that you submit to us as the Data controller.

As a Pharmacy processing personal and patient sensitive data, we have always taken data protection very seriously and understand the importance of protecting your privacy and your patients/clients including adhering to the Pharmacy specific rules on Information Governance and Department of Health Guidelines on Data Protection. With the new rules of GDPR, we are confident that Medicine Box (London) Ltd is able to ensure data privacy for its customers and their patients/clients under the Data Protection Act and GDPR.

Agreeing to Terms

If you do not agree to the Medicine Box (London) Ltd Terms of Service (ToS) as posted here on this website, please do not use this site or any services offered by this site or Medicine Box (London) Ltd, terms and policies can change at any time and will be updated on this website when required. Your use of this site indicates acceptance of our ToS including the privacy policy and the company’s general terms and conditions.

By using this website (and/or submitting data) to Medicine Box (London) Ltd, you are entering into an agreement with our Privacy policies and agreeing to our full company’s Terms of Service available on our website. The main Privacy Policy on this page has sub-policies which is part of the main policy, sub-policies such as the Cookies Policy and Information Charter. If you have any concerns or queries on how we safeguard personal data, please contact us using the contact us page from the website or you can write into the following address:

Medicine Box (London) Ltd, 29 Bridge Road, Wembley, HA9 9AB

 

How do we collect information from you?

We collect and use your Personal Information in accordance with this Privacy Policy.

The majority of the Personal Information we receive and hold will be based on the information you provide to us by:

  • Visiting https://optipharmpharmacy.co.uk
  • Contacting us by telephone, email, social media or other messaging systems, traditional post.

Please do not submit such personal information to us if you do not wish us to collect it.

However, please be aware, some Personal Information may include information you voluntarily, but unintentionally provided to us.

We also collect from:

  • Our websites (the “Websites”);
  • The software applications made available by us for use on or through computers and mobile devices (the “Apps”);
  • Cookies (“Cookies”);
  • The publicly available information and other resources (I.e Social Media, Credit Check Agencies, etc.).
  • Third-party messaging services such as Facebook, FreshChat/Desk, Instagram, WhatsApp, and others.

 

What Personal Information do we collect?

Personal Information we collect may include the following for us to provide products and services:

  • General identification and contact information of you: your name; address; email; IP address; telephone details; gender; date and place of birth; physical attributes including photos, your location.
  • Other sensitive information: Patient/client details such as from Prescription records, possible criminal/non-compliance records, and other records from regulatory authorities and associations. Documents and details to verify your identity: I.D documents, utility bills, agency searches.
  • Documents and details to verify your identity: I.D documents, utility bills, agency searches.
  • Marketing preferences: enter a contest or prize draw or other sales promotion, or respond to a voluntary customer satisfaction survey.
  • Statistical information: aggregate statistical information about site visitors and users for internal use and for other lawful purposes. Where we provide such information we will provide this in an anonymous format and not include any Personal Information unless for legitimate interest reasons (See our Information Charterfor more details).
  • Information from Apps: submit comments to the Site, participate in message boards, blogs, send us emails or any other user-generated content facility.
  • Publicly available information (or information you submit to us) in relation to professional history: educational background; employment history; skills and experience; professional licenses and affiliations; educational and professional qualifications.
  • Your professional details you may send to us: For example Qualifications details, Training certificates, Insurance cover, affiliations to associations.

 

What legal basis do we rely on to process your Personal Information?

Consent

On some occasions, Medicine Box (London) Ltd processes your data with your consent as part of becoming a customer with us or by explicit request by your self (Opt-in). You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

To fulfil a contract

Medicine Box (London) Ltd may process your data when we need to do this to fulfil a contract with you, such as offering you with products and services as part of visiting our website or registering with us as a customer.

Legitimate Interest

Medicine Box (London) Ltd also processes your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights as per GDPR rules.

Our legitimate interests include:

  • Ensuring the security and integrity of our Services and in ensuring that our Websites and Apps operate effectively;
  • Offering and supplying goods and services to our customers;
  • Protecting customers, employees and other individuals and maintaining their safety, health and welfare;
  • Promoting, marketing and advertising our products and services;
  • Sending promotional communications which are relevant and tailored to individual customers;
  • Understanding our customers’ behaviour, activities, preferences, and needs;
  • Improving existing products and services and developing new products and services;
  • Handling customer contacts, queries, complaints or disputes; and
  • Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
  • The processing is necessary because of a legal obligation that applies

Medicine Box (London) Ltd may process your data to comply with our legal and regulatory obligations eg preventing, investigating and detecting crime, fraud including working with law enforcement agencies, suppliers/manufacturer’s, I.D check agencies and so on. (Please refer to our Information Charter for further details).

 

 

Who do we share your Personal Information with?

Medicine Box (London) Ltd may make Personal Information available to:

Our Group/Sister Companies

Where they have access to your personal data they will use it only for the purposes set out in this Privacy Policy. Medicine Box (London) Ltd will remain overall responsible for the management and security of jointly-used Personal Information. Access to Personal Information within Medicine Box (London) Ltd and our group of companies/sister companies is restricted to those individuals who have a need to access the information for our business purposes.

Consultants, Contractors, Self-Employed Workers

In the course of our business to help provide the products and services we offer, Medicine Box (London) Ltd may make Personal Information available to third parties such as Locum Pharmacists, Self-employed workers and other intermediaries and agents and other business partners.

 Our Service Providers

This includes external third-party service providers, such as accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers (some based outside of the EEA) and similar third-party vendors and outsourced service providers such as Royal Mail, UPS, etc that assist us in carrying out business activities.

Governmental Authorities and Public Authorities

Medicine Box (London) Ltd  may share your (or your patient/client’s) Personal Information with governmental or other public authorities (including, but not limited to, regulatory authorities, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law (b) to comply with legal process; (c) to respond to requests from public and government authorities (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.

Other Third-Parties

Occasionally, we may share your (or your patient/client’s) Personal Information with other third parties (Please refer to Information Charter for further details). We will always do this under contract and within UK law including the Data Protection Act and GDPR.

How we use Personal Information?

We use Personal Information for some or all of the following:

  • Communicate with you as part of our business;
  • Send you important information regarding changes to our policies, other terms and conditions, our Websites and Apps and other administrative information;
  • Provide improved quality, training and security and manage other commercial risks;
  • Carry out market research and analysis, including satisfaction surveys;
  • Provide marketing information to you (including information about other products and services offered by selected third-party partners) in accordance with preferences you can express to us. Please be aware you can always change these preferences.
  • Allow you to participate in contests, prize draws and similar promotions, and to administer these activities. Some of these activities have additional terms and conditions, which could contain additional information about how we use and disclose your Personal Information, so we suggest that you read these carefully;
  • Facilitate social media sharing functionality;
  • Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;
  • Resolve complaints, and handle requests for data access or correction;
  • Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process, and respond to requests from public and governmental authorities).
  • Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.

International Transfers of Personal Information.

Personal Information which you supply to us is generally stored and kept inside the European Economic Area.

However, due to the requirements of our business and the technologies required, your Personal Information may be transferred to third-party service providers outside the EEA); In such situations, we transfer the minimum amount of data necessary, anonymise it where possible and enter legal contracts to aim to ensure these third parties handle the Personal Information in accordance with this Privacy Policy and UK Law including GDPR. Another example would be using other third-party service providers such as Google Analytics, WhatsApp, MailChimp/Zoho etc where some messaging and customer account data may be hosted on their own servers, however, the data would not be accessible by them based on their own strong Privacy policies and security systems.

How can you manage or delete Personal Information?

When you access our website online (without login), we store some information about you. This is anonymous and used for statistical purposes.

When you create an account and log-in to your ‘My Account’ area, it is protected by your password and may only be accessed by you.

You can de-activate your account at any time, by contacting us. Customers who do not have website access such as wholesale customers, you can contact us on managing the information we hold for you. You may also request for our Retention Policy for further details.

Security.

Medicine Box (London) Ltd  is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold.

Our security measures include:

  • Secure I.T systems in place for our website, app, and other services such as encryption, strong password protections, firewalls, VPN tunnels, and so on.
  • Review our information collection, storage and processing practices, including physical security measures as part of the Pharmacy Information Governance rules;
  • Restrict access to personal access to personal information to Medicine Box (London) Ltd  employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined/contract terminated/legal prosecution if they fail to meet these obligations; and
  • Internal policies setting out our data security approach and training for employees.

 

Marketing and Advertising.

Online Behavioural Advertising

We partner with third-party specialists so that we can display advertising which is more relevant to you and your interests on our Web sites and apps. We and our network partners (such as Google Analytics) may utilise cookies or web beacons along with other codes such as your Identifier for Advertising (IFA) or Android ID for your phone to better understand your interests from the web pages you interact with and the search terms you use on our site to build a picture of the category of interests or preferences you have and to provide advertisements about goods and services that may be of interest to you. Our network partners do not collect and do not have access to any information from which you

can be directly identified such as your real name or address or email. They may, however, anonymously track your Internet usage across other websites in their networks beyond these Sites. If you wish to opt-out of tailored advertising you can do so by contacting us. You can also learn more about our use of cookies and similar technologies and your choices by reading our cookies policy. Please note that if you opt-out you may receive generic advertising (when browsing on our website/apps) that has not been targeted to you and your interests. Please refer to our Cookies Policy for more information.

Direct Advertising and Communication

We regularly use emails to communicate with our customers with it being a fast form of updating on news and changes. We from time to time use SMS when there is a significant piece of news which may benefit you. We do not use hard copy materials to communicate with our customers on a regular basis due to costs and delays in this form of communication but it can be helpful when a customer’s email settings may block our e-shots. Therefore we use all forms of digital and non-digital communications to reach out to our customers where practically possible however we do encourage our customers to also check our website for the latest information.

E-newsletters, SMS, Social Media, Online messaging, hard copy leaflets, etc

Medicine Box (London) Ltd  uses various digital and non-digital forms of direct advertising such as E-newsletters, SMS, Social Media, Online messaging, hard copy leaflets, etc for advertising.

You may opt-out of any advertising of Medicine Box (London) Ltd ’s products and services however please be aware this may impact on the effectiveness of how we manage your customer account with us, for example, we may promote a new App service to help improve the efficiency of handling your customer account or a special discount on a particular product you have purchased in the past but if you have opted out of direct advertising then we would not be able to keep you informed of the products and services you may benefit from.

Marketing Related Communications – Processing and Consent

You can contact us for reviewing/updating your content options or if you have access to our website you can update your consent settings via the My Account page.

For Social Media Platforms, you may wish to review your links/tags if you have connected with us and remove yourself from our Social Media groups/pages if you do not wish to be contacted through Social Media for Marketing related material. Please note the company may process your data for Marketing related purposes as part of Recital 47 of the GDPR.

The Marketing material you would receive can be “processed” information based on the data we would collect from you (i.e ordering history, browsing habits) and/or data collected from other third party sources (i.e your company website), etc. Also, the Marketing material you would receive can be from “non-processed” information which would not be based on any background or customised data patterns (i.e traditional direct marketing).

Your Rights.

You have the following rights:

  • The right to ask what personal data we hold about you at any time, subject to a fee specified by law.
  • The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
  • (As set out above) the right to opt-out of any marketing communications that we may send you.

If you wish to exercise any of the above rights, please contact us.

Children and Minors.

Medicine Box (London) Ltd ’s services are not directed towards individuals under the age of eighteen (18). No person under the age of 18 is allowed to access our website due to the nature of some of products we hold such as injectables.

Third-Party Privacy Practices.

Please note that we are not responsible for the data processing of any Personal Information you disclose to other organisations through our Social Media Pages.

Any Third parties who have received personal information from Medicine Box (London) Ltd  have confirmed to adhere to the Data Protection Act / GDPR including any companies outside of the EEA. Please refer to our Information Charter for more details.

Please note that we are not responsible for the data processing of any Personal Information you disclose to other organisations through our Social Media Pages.

Any Third parties who have received personal information from Medicine Box (London) Ltd  have confirmed to adhere to the Data Protection Act / GDPR including any companies outside of the EEA. Please refer to our Information Charter for more details.

Medicine Box (London) Ltd  receiving Personal Data via the Patient’s Agent and/or 3rd or 4th parties.

Here are some examples:

  • You may be a customer/agent who collects personal data on behalf of a patient/client, then forwards the data to Medicine Box (London) Ltd . (i.e. You are the Prescriber, carried out a face to face consultation, then have forwarded the patient’s prescriptions to Medicine Box (London) Ltd ).
  • You may be a customer/agent who collects personal patient data via your practitioners and then forwards the prescriptions to Medicine Box (London) Ltd . (I.e You are part of a buying group/association who works with a team of practitioners/prescribers where you are exposed to personal data and then forwarding it onto Medicine Box (London) Ltd ).
  • You may be a customer/agent who collects personal data from a prescriber and then forwards the data (I.e prescriptions) to Medicine Box (London) Ltd . (I.e a Nurse running a clinic and working with an outsourced prescriber).

To be clear, any scenario where you are collecting personal data including your colleague’s personal details (I.e practitioner/prescriber) and patient/client personal details and then forwarding it onto Medicine Box (London) Ltd  – this would mean you would be jointly responsible for the data subject on handling, storing, transferring the personal data of your patient/client/practitioner/colleague to Medicine Box (London) Ltd .

Therefore, it is extremely important that you, your colleges who work with you including practitioners/prescribers) who are exposed to any personal details must adhere to Data Protection rules including the GDPR; by using Medicine Box (London) Ltd ’s services or submitting data to Medicine Box (London) Ltd  means you are entering into a declaration that the data you have collected and submitted to us has been carried out lawfully and within the GDPR rules. If you are not in compliance with GDPR rules then you must cease submitting data to Medicine Box (London) Ltd  and inform our D.P.O immediately by emailing: Contact@optipharm.co.uk

Associated Policies.

Please also see our Terms and conditions and Cookies Policy and Information Charter for more information.

Staff Notice.

The Privacy policy on this page mostly relates to Medicine Box (London) Ltd ’s customers however if you are also a customer of Medicine Box (London) Ltd  please take note of this Privacy policy and also refer to Staff Privacy Policy.

Who to contact about your Personal Information.

If you have any questions about this policy or our use of the data we hold you can email: Contact@optipharm.co.uk or write to Medicine Box (London) Ltd , 29 Bridge Road, London, HA9 9AB

The data controller responsible for your information is Medicine Box (London) Ltd

Changes to Privacy Policy and Customer Terms and Conditions.

We review this Privacy Policy and the general terms and conditions (which includes sub-policies such as the Cookie Policy and Information Charter) regularly and reserve the right to make changes at any time of the Privacy Policy to take account of changes in our business and legal requirements. We will place updates on our website; please take a look at the “LAST UPDATED” date above the title of this Privacy Policy to see when the Privacy Policy was last revised.