Privacy policy
Summary
I am committed to safeguarding and preserving the privacy of the visitors. The following points summarise some of the more important provisions in my privacy policy.
Information I collect
Where you provide information (i.e. by filling in the form to use my services), I will save your name, delivery address, email address, date of birth, telephone number, Doctor address, patient notes, consultation notes, payment records and details of the medicines you have ordered.
I use your data to provide my services to you (namely, medical consultations for prescription medications) and to comply with regulatory requirements.
Information I share
With other third parties where this is necessary to deliver the services.
Patient confidentiality
Some of the information I collect is medical data. This information is always treated confidentially. I will never disclose medical data unless legally required or permitted to do so. It will not be used by us for marketing purposes unless you give us your express permission.
If you have any queries, concerns or complaints about the use of Your Data by me, please raise them with me. If this does not resolve the problem to your satisfaction, then you have the right to make a complaint at any time to the Information Commissioner's Office (" ICO"), the UK supervisory authority for data protection issues. I would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact me in the first instance.
Changes to the Policy and your duty to inform us of the changes
It is important that the personal data I hold about you is accurate and current. Please keep me informed if Your Data changes during your relationship with me.
This version was last updated in January 2025.
Change of purpose
I will only use Your Data for the purposes for which I collected it, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email me. Should I need to use Your Data for an unrelated purpose, I will notify you and I will explain the legal basis which allows me to do so. Please note that I may process Your Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Storing Your Personal Data
I have put in place appropriate security measures to prevent Your Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, I limit access to Your Data to those agents, contractors and other third parties who have a business need to know. They will only process Your Data on my instructions and they are subject to a duty of confidentiality.
I have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.
Please note that sending information via the internet is not totally secure and on occasion such information can be intercepted. I cannot guarantee the security of personal information that you choose to send me electronically and sending such information is entirely at your own risk.
Data retention
I will only retain Your Data for as long as necessary to fulfill the purposes I collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Your Data, I consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of Your Data, the purposes for which I process Your Data and whether I can achieve those purposes through other means, and the applicable legal requirements.
During the provision of my services to you I will retain Your Data to provide my goods or services to you.
I am required by law to retain specific categories of Your Data for certain periods after I stop providing my goods or services to you. I am therefore required to store any Medical Data, Identity Data and Contact Data submitted to me to comply with my legal obligations.
Please note that I may keep Your Data for longer than the periods stated above if it is necessary. However, this will be assessed on a case by case basis. If I determine that it is necessary to keep Your Data for longer than the periods listed above, I will confirm this to you in writing when I have finished providing my goods and services to you and explain why it is necessary.
Disclosing Your Data
I may disclose Your Data to third parties, in accordance with this Policy, in the following circumstances:
Where permitted by law and subject to me taking steps to ensure that Your Data is properly protected and only used in accordance with this Policy, I may share your Identity, Contact, Financial and Medical Data with:
(i)your doctor (ii)another third party, where you have provided your express consent for me to share Your Data with them (iii)I may share your Personal Data with External Third Parties to carry out processing activities on my behalf (for example, we may provide your postal address to a courier or we may share your name, address and age with a third-party service provider in order to verify your age and identity). The External Third Parties we work with include: PayPal: To process your online payment. (iv)I may also share Your Data where permitted by law to further fraud protection and reduce the risk of fraud (for example, to comply with anti-money laundering regulations).
Other than in the specific circumstances set out above I will never share your Medical Data without your express consent.
Your legal rights
In certain circumstances, you have the following rights under data protection laws in relation to Your Data. You have the right to:
Request access to Your Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Your Data I hold about you and to check that I am lawfully processing it.
Request correction of the personal data that I hold about you . This enables you to have any incomplete or inaccurate data I hold about you corrected, though I may need to verify the accuracy of the new data you provide to me.
Request erasure of Your Data . This enables you to ask me to delete or remove Your Data where there is no good reason for me continuing to process it. You also have the right to ask me to delete or remove Your Data where you have successfully exercised your right to object to processing (see below), where Ie may have processed Your Data unlawfully or where I am required to erase Your Data to comply with local law. Note, however, that I may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of Your Data where I am relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where I am processing Your Data for direct marketing purposes. In some cases, we may demonstrate that I have compelling legitimate grounds to process Your Data which override your rights and freedoms.
Request restriction of processing of Your Data . This enables you to ask me to suspend the processing of Your Data in the following scenarios: (i)if you want me to establish the data's accuracy; (ii)where our use of Your Data is unlawful, but you do not want me to erase it; (iii)where you need me to hold Your Data even if I no longer require it as you need it to establish, exercise or defend legal claims; or (iv)you have objected to my use of Your Data, but I need to verify whether I have overriding legitimate and/or legal grounds to use it. (v)request the transfer of Your Data to you or to a third party. I will provide to you, or a third party you have chosen, Your Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for me to use or where I used the information to perform a contract with you. (vi)withdraw consent at any time where I am relying on consent to process Your Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, I may not be able to provide certain products or services to you. I will advise you if this is the case at the time you withdraw your consent. Please note that I may not be able to comply with this request where I have a legal obligation to keep Your Data.
If you wish to exercise any of the rights set out above, please email me
Data subject access request
You will not have to pay a fee to access Your Data (or to exercise any of the other rights set out above). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I may refuse to comply with your request in these circumstances.
What I may need from you
I may need to request specific information from you to help me confirm your identity and ensure your right to access Your Data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response.
Time limit to respond
I will try to respond to all legitimate requests within one month. Occasionally it may take me longer than a month if your request is particularly complex or you have made several requests. In this case, I will notify you and keep you updated.
Contacting me
Please do not hesitate to contact me via email regarding any matter relating to this Policy
© angiecavanagh.com
