Privacy Policy

1.  Introduction

This Privacy Policy applies between you, the user of this website and our services, and Healthnest Pharmacy (“we”, “us”, “our”), the owner and provider of this website. We are committed to protecting and respecting your privacy and handling your data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and professional standards set by the General Pharmaceutical Council (GPhC).

2.  Identity of the Data Controller

Healthnest Pharmacy is operated by Healthnest Pharma LTD, a company registered in England and Wales (Company No: 16136027), with its registered office at 205A, Ilkeston Road, Lenton, Nottingham. NG7 3FW, and is registered with the GPhC under premises number [GPhC Premises No. XXXXXX]. We are the data controller responsible for your data.

For any queries about this policy, please contact:

• Email: healthnestpharmacy@gmail.com
• Telephone: 01156487933
• Postal Address: 205A, Ilkeston Road, Lenton, NG7 3FW

3.  Data We Collect

We may collect, use, store and transfer the following categories of personal data:

• Identity Data: Name, date of birth,
• Contact Data: Billing and delivery addresses, email address, phone numbers,
• Special Category Data: Sensitive health information (medical history, medications, consultations, allergies, health conditions, symptoms, BMI, etc.).
• Transaction Data: Details of purchases and orders, payment information (processed securely).
• Technical Data: IP address, browser details, device type, on-site
• Profile Data: Account login details, preferences, feedback,
• Marketing Data: Marketing and communication
• Public Data: Information shared via public platforms or social

4.  How We Collect Your Data

We collect personal data through:

• Direct interactions: When you create an account, place orders, complete medical questionnaires, subscribe to newsletters, or contact us.
• Automated technologies: Cookies and similar tools collect technical data about your equipment and browsing.
• Third parties: Healthcare professionals, NHS services, delivery providers, payment processors, or regulators may share information with us when required to provide pharmacy services.

5.  How We Use Your Data

We use your data lawfully to:

• Verify your identity and eligibility for pharmacy
• Conduct medical consultations and
• Process and dispatch
• Maintain accurate clinical and dispensing
• Fulfil our legal and regulatory
• Communicate about orders, updates, or important safety
• Provide customer
• Improve our website and
• Send marketing communications (with your consent).

6.  Legal Bases for Processing

Your data is processed under the following lawful bases:

• Contractual necessity: Processing required to fulfil a contract or steps prior to entering one.
• Legal obligation: Compliance with pharmacy, NHS, tax, and regulatory
• Vital interests: Protecting your health or
• Legitimate interests: Operating, improving, and securing our services, provided your rights do not override our interests.
• Consent: Processing special category data (e.g., health information) and sending marketing communications.

7.  Sharing Your Data

Your data may be shared with:

• Our pharmacy staff, registered healthcare professionals, and
• NHS and other healthcare bodies when necessary for
• Payment providers, delivery companies, IT support
• Regulatory authorities (e.g., GPhC, MHRA) where legally
• Review platforms, CRM tools, and marketing providers (only with your consent).

All third-party partners are required to adhere to data protection obligations and only process your data for specified purposes.

8.  Data Security

We implement technical and organisational measures to secure your data against accidental loss, unauthorised access, alteration, or disclosure. These include SSL encryption, secure servers, restricted access, staff confidentiality agreements, and robust security protocols.

Payment transactions are encrypted, and personal data is stored within the UK unless appropriate safeguards are in place for transfers.

9.  Data Retention

We retain personal data only as long as necessary to fulfil the purposes we collected it for, including satisfying legal, regulatory, tax, and clinical requirements:

• Clinical records: Typically retained for up to 8 years to meet pharmacy and NHS
• Order and account data: Up to 6 years after the last interaction, in line with statutory
• Marketing data: Until you withdraw

Data may be anonymised for analytical purposes beyond these periods.

10.  Your Rights

Under UK GDPR, you have the right to:

• Be informed about the collection and use of your
• Access your data by requesting a
• Rectify inaccurate or incomplete
• Erase data when no longer necessary or where you withdraw
• Restrict processing in certain
• Object to processing based on legitimate interests or direct
• Data portability, enabling you to request transfer of your
• Withdraw consent at any time for processing based on

To exercise your rights, contact us via the details above. We may request proof of identity to process your request. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

11. NHS National Data Opt-Out

We respect your right to set an NHS National Data Opt-Out choice. Where applicable, we apply your preferences if confidential patient information could be used beyond your individual care (e.g., research).

12.  Automated Decision-Making

We may use automated tools to process medical questionnaires. Where decisions significantly affect you (e.g., rejecting a treatment request), you can request human review, express your views, or contest the decision.

13.  Cookies

Our website uses cookies and similar technologies to improve your experience, understand site usage, and support essential site functionality. For more information, please see our Cookie Policy.

14.  Third-Party Links

Our website may contain links to other websites. We are not responsible for their privacy practices or content. We recommend you review third-party privacy policies before submitting any personal data.

15.  Changes to This Privacy Policy

We reserve the right to update this Privacy Policy. Updated versions will be posted on this page with the effective date indicated. Please check periodically for updates.