Privacy Policy
Postmymeds Limited, (“We, us or our”), are committed to protecting and respecting your privacy.
This policy together with our website terms of use (www.postmymeds.co.uk/terms-and-conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. The website [www.postmymeds.co.uk] (“our site”) is not intended for children and we do not knowingly collect data relating to children. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By providing your express opt-in consent in the form of your electronic acceptance of the declaration under clause 15 of this policy (“Declaration”), you are accepting and consenting to the practices described in this policy.
- WHO WE ARE
- The data controller is Postmymeds Limited, a company incorporated in England and Wales with registered number 09445849, whose registered office is at 8 Pinner View, Harrow, Middlesex, HA1 4QA, and is responsible for your personal data.
- We have appointed a data protection officer, (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO in writing at Postmymeds Limited, 8 Pinner View, Harrow, Middlesex, HA1 4QA or by email to [email protected].
- INFORMATION WE MAY COLLECT FROM YOU
- We may collect and process the following data about you:
- Information you give us. You may give us information about you by completing the order form or medical consultation form on our site, or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site. The information you give us may include your name, address, e-mail address and phone number.
- Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- HOW WE COLLECT YOUR INFORMATION
- We use different methods to collect information from and about you including through:
- Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- order medication on our site;
- create an account on our site;
- subscribe to our service;
- request marketing to be sent to you; or
- give us some feedback.
- Automated technologies or interactions. As you interact with our site, we may automatically collect data about your computer equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
- COOKIES
- Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. For further information about cookies visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.
- USES MADE OF THE INFORMATION
- We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where we need to perform the contract we are about to enter into or have entered into with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests ; and
- where we need to comply with a legal or regulatory obligation.
- In addition to clause 5.1, we use information held about you in the following ways:
- Information you give to us. We will use this information:
- to assess whether the medication ordered is suitable in light of your medical history and symptoms experienced;
- to verify your identity against other mediums we deem relevant for our checks;
- to store in our customer database;
- to notify you about changes to our service;
- to provide marketing material about services or medication that may be of interest to you (consent to such material can be withdrawn); and
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
- Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research and statistical;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to submit orders for medication to us, when you choose to do so; and
- as part of our efforts to keep our site safe and secure.
- Information you give to us. This information may be used for our identity verification purposes in addition to clause 5.2.2:
- PostMyMeds use LexisNexis RISK SOLUTIONS UK LIMITED (Company Number: 07416642) to check that our users are genuine – this is a regulatory requirement of the General Pharmaceutical Healthcare Council (GPhC) and may be preformed once the first order is placed or if details are updated between orders.
- For ID verification purposes, we share names, date of birth, address and gender with LexisNexis who check their data sources for this. This is called a ‘soft’ check to validate identity only. This check may appear on your credit record, however, it will not affect your credit score.
- If false or inaccurate information is provided and/or we suspect fraud, we will be unable to fulfil your order until further information and clarification is provided. Those who are unable to be verified online via LexisNexis may be requested to provide a photo of an identity document that contains their name, date of birth, and a photo (such as a passport or driver’s license). Please note: once the photo ID has been used for its purpose it will be deleted from our records.
- Where photo ID is provided and there is a discrepancy between this information and that on your order/account, we reserve the right to amend your personal details (including your name and date of birth) on our records in line with the details found on your photo ID.
- Where we need to share information with our service providers such as LexisNexis, we give them only the minimum amount they need to provide services to us and you. If you require further information on our ID verification process, please contact us.
- You have a right of access to your personal records help by credit reference and fraud prevention agencies such as LexisNexis and your rights are set out in their privacy policy. If you would like to discuss anything further with them you can contact them directly at LexisNexis Ltd, Lexis House, 30 Farringdon Street or by calling them on 02920 678555.
- By placing an order with PostMyMeds you agree to have your identity verified via our online verification services.
- DISCLOSURE OF YOUR INFORMATION
- We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use (postmymeds.co.uk/terms-and-conditions) and other agreements; or to protect our rights, property, safety, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction, customer feedback, email communication, delivery & courier services and website development, analytics (to analyse how people use our website and identify improvements) and management.
- Some of the third parties referred to in clause 6.1 above are based outside the European Economic Area (‘EEA’) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield framework, which requires them to provide similar protection to personal data shared between the Europe and the US.
- We may disclose your name and email address only to third parties who intend to purchase Postmymeds Limited (or any part thereof), or substantially all of our assets, in which case personal data held by us about our customers will be one of the transferred assets.
- All the data we collect from you in our database is encrypted and are processed in accordance with local law and we do not sell any data to third parties.
- For further information on the disclosure of your personal information please contact us in writing at Postmymeds Limited, 8 Pinner View, Harrow, Middlesex, HA1 4QA or by email to [email protected].
- WHERE WE STORE YOUR PERSONAL DATA
- All information you provide to us is stored on our secure servers.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- We are responsible for transactions placed on our site and deploy a Comodo SSL certificate so that all data is transferred securely using SSL. Our site is directly integrated with SagePay and PayPal who are our payment service providers.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- HOW LONG WE WILL USE AND RETAIN YOUR PERSONAL DATA FOR
- Your personal data will be retained indefinitely on our secure servers, as required by regulation regarding healthcare provision.
- We will retain your personal data for at least the minimum retention periods stated for each type of medical record retained in the Records Management Code of Practice for Health and Social Care 2016, published by the Information Governance Alliance (as updated from time to time). For further information on our data retention policy, please contact us in writing for the attention of Data Protection Officer (DPO) at Postmymeds Limited, 8 Pinner View, Harrow, Middlesex, HA1 4QA or by email to [email protected] or visit the NHS Choices page ‘How long should medical records (health records) be kept for?’ using the following link https://www.nhs.uk/CHQ/Pages/1889.aspx.
- Notwithstanding clauses 8.1 and 8.2 above, your account with us can be disabled at any time upon written request, however we will retain the personal data regarding your medical records for the periods referred to under clauses 8.1 and 8.2 above.
- YOUR RIGHTS
- You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
- You have the right to rectify or correct any personal data we hold for you if it is inaccurate or incomplete.
- You can exercise these rights at any time by contacting us in writing for the attention of Data Protection Officer (DPO) at at Postmymeds Limited, 8 Pinner View, Harrow, Middlesex, HA1 4QA or by email to [email protected].
- ACCESS TO INFORMATION
- You have the right to access information held about you. Your right of access can be exercised by contacting us in writing for the attention of Data Protection Officer (DPO) at Postmymeds Limited, 8 Pinner View, Harrow, Middlesex, HA1 4QA or by email to [email protected].
- Such requests shall be free of charge save where the request is manifestly unfounded or excessive, including (but not limited to) if the request is repetitive or complying with requests for further copies of the same information previously provided by us. In such circumstances, we reserve the right to charge you a reasonable fee in dealing with such requests, or alternatively, we may refuse to comply with your request in these circumstances.
- We will aim to respond to such requests within one month of receipt of your written request. However, we are able to extend this period of time to two months if your request is complex or numerous. We will notify you of this extension where applicable, including the reasons why we are extending this time period to two months, within one month of receipt of your original request.
- YOUR CONSENT
- By providing your express opt-in consent, in the form of your electronic acceptance of the Declaration, you consent to the use of that information as set out in this policy.
- By providing your express opt-in consent, in the form of your electronic acceptance of the Declaration, you are aware and consent to us contacting you via email or telephone with details about your order, including medication details.
- You agree to take all reasonable steps to ensure your information is kept secure and private at all times and maintain adequate security of your account including the use of a strong password which is changed at regular intervals and alert us to any potential breach or suspicious activity that you are aware of.
- You may withdraw consent at any time where we are relying on consent to process your personal data in writing for the attention of Data Protection Officer (DPO) at Postmymeds Limited, 8 Pinner View, Harrow, Middlesex, HA1 4QA or by email to [email protected] or by calling us on 0208 894 6080. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain medication or services to you. We will advise you if this is the case at the time you withdraw your consent.
- CHANGES TO OUR PRIVACY POLICY
- This policy was last updated on 28th August 2024 and historic versions can be obtained by contacting us in writing for the attention of the DPO at Postmymeds Limited, 8 Pinner View, Harrow, Middlesex, HA1 4QA or by email to [email protected].
- Any changes we may make to our privacy policy in the future will be posted on our site and, where appropriate, notified to you by e-mail. Please check our site frequently to see any updates or changes to our privacy policy.
- COMPLAINTS
- You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- CONTACT
- Questions, comments and requests regarding this privacy policy are welcomed and should be addressed in writing for the attention of the Data Protection Officer at Postmymeds Limited, 8 Pinner View, Harrow, Middlesex, HA1 4QA or by email to [email protected] or by phoning us on 0208 894 6080.
- DECLARATION
- I hereby confirm that I have read and understood Postmymeds Limited’s privacy policy above and that I hereby agree and consent to Postmymeds using and processing my personal data for the purposes required by Postmymeds, as set out in Postmymeds Limited’s privacy policy above.