Privacy Policy

Introduction

This Privacy Policy applies between you, the user of this website and our services, and Healthnest Pharmacy (“we”, “us”, “our”), the owner and provider of this website. We are committed to protecting and respecting your privacy and handling your data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and professional standards set by the General Pharmaceutical Council (GPhC).

Identity of the Data Controller

Healthnest Pharmacy is operated by Healthnest Pharma LTD, a company registered in England and Wales (Company No: 16136027), with its registered office at XXXXXX, and is registered with the GPhC under premises number [GPhC Premises No. XXXXXX]. We are the data controller responsible for your data.

For any queries about this policy, please contact:
● Email: healthnestpharmacy@gmail.com
● Telephone: XXXXX
● Postal Address: XXXXX

Data We Collect

We may collect, use, store and transfer the following categories of personal data:

  • Identity data (name, date of birth)
  • Contact data (address, email address, telephone number)
  • Special category data (health information relevant to NHS prescriptions and pharmacy services)
  • Prescription and dispensing records
  • Communication records
  • Technical data (IP address, browser type, cookies)

How We Collect Your Data

We collect personal data through:

  • Direct interactions: When you contact us, provide a prescription, or receive pharmacy services.
  • Automated technologies: Cookies and similar tools collect technical data about your equipment and browsing.
  • Third parties: Healthcare professionals, NHS services, delivery providers, payment processors, or regulators may share information with us when required to provide pharmacy services.

How We Use Your Data

We use your data lawfully to:

  • Provide NHS pharmacy services
  • Dispense medicines safely and lawfully
  • Maintain accurate clinical and dispensing records
  • Fulfil legal and regulatory obligations
  • Communicate important information about your medicines or care
  • Manage safeguarding, incidents, and complaints

Legal Bases for Processing

Your data is processed under the following lawful bases:

  • Legal obligation
  • Provision of health or social care (Article 9(2)(h))
  • Vital interests
  • Legitimate interests (running a safe pharmacy)

Sharing Your Data

Your data may be shared with:

  • NHS bodies and other healthcare professionals involved in your care
  • IT system providers supporting pharmacy operations
  • Regulators and statutory bodies where required

All third-party partners are required to adhere to data protection obligations and only process your data for specified purposes.

Data Security

We implement technical and organisational measures to secure your data against accidental loss, unauthorised access, alteration, or disclosure. These include SSL encryption, secure servers, restricted access, staff confidentiality agreements, and robust security protocols. Access to systems is role-restricted and monitored, and personal data is stored within the UK unless appropriate safeguards are in place for transfers.

Data Retention

We retain personal data only as long as necessary to fulfil the purposes we collected it for, including satisfying legal, regulatory, tax, and clinical requirements:

  • Clinical records: Typically retained for up to 8 years to meet pharmacy and NHS standards.
  • Prescription and dispensing records are retained in line with NHS and professional guidance.
  • Marketing data: Until you withdraw consent.

Data may be anonymised for analytical purposes beyond these periods.

Your Rights

Under UK GDPR, you have the right to:

  • Be informed about the collection and use of your data.
  • Access your data by requesting a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data when no longer necessary or where you withdraw consent.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests or direct marketing.
  • Data portability, enabling you to request transfer of your data.
  • Withdraw consent at any time for processing based on consent.

To exercise your rights, contact us via the details above. We may request proof of identity to process your request. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

NHS National Data Opt-Out

We respect your right to set an NHS National Data Opt-Out choice. Where applicable, we apply your preferences if confidential patient information could be used beyond your individual care (e.g., research).

Cookies

Our website uses cookies and similar technologies to improve your experience, understand site usage, and support essential site functionality. For more information, please see our Cookie Policy.

Third-Party Links

Our website may contain links to other websites. We are not responsible for their privacy practices or content. We recommend you review third-party privacy policies before submitting any personal data.

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy. Updated versions will be posted on this page with the effective date indicated. Please check periodically for updates.

Close My Cart
Close Wishlist
Close Recently Viewed
Close
Close
Categories