MEDS STORE​

Privacy Policy

Our Privacy Policy outlines the personal data we collect, the reasons behind it, and your rights. We prioritize transparency in our practices to ensure your data is handled responsibly and securely.
We encourage you to carefully review this Notice to understand how we manage your personal information. If you’re completely satisfied with our service and practices, we welcome you to utilize our platform.

Please be aware that while our website may contain links to other sites for your convenience, we are solely responsible for the privacy and security of www.medsstore.co.uk. We advise reviewing the policies of any external websites you visit.

You’re permitted to establish links to our website from other sites, with the understanding that we may request removal if we believe it could harm us, our affiliates, or partners.
For any inquiries regarding our Privacy Policy, feel free to email us at: contact@medsstore.co.uk.

Changes to this Privacy Policy:

We reserve the right to amend this Privacy Policy at any time. Any updates will be posted on this page, so we encourage you to check back regularly. Your continued use of our website and services following any changes constitutes your acceptance of and agreement to those revisions.

What is Personal Data?

Personal data encompasses any information related to an individual that can directly or indirectly identify them.

The Information We Collect

Upon registration and communication, we collect personal information to fulfill your service needs. This may include your name, address, email, phone number, and other relevant details pertaining to the services you’re interested in. Additionally, we may gather sensitive personal data regarding health matters if you register for specific services.

We also collect:

Information We Receive from Other Sources:

We collaborate closely with third parties such as business partners, service providers, and advertising networks. Information obtained from these sources may be combined with the data you provide to us, as outlined above.

Information About Other Individuals:

If you provide information about someone other than yourself, you confirm that they are aware of how their information may be collected, used, and disclosed. Additionally, you confirm their consent to such actions, along with their understanding of the terms outlined in this Notice.

Cookies

Cookies are tiny data files stored by your browser on your computer’s hard drive. They record your navigation patterns on our website during each visit.

How We Will Use Your Information

Any personal information we acquire, whether about you or anyone else whose details you provide, will be collected, utilized, and safeguarded in accordance with current data protection laws, our Terms and Conditions, and this Privacy Policy.
We will primarily utilize your personal information in the following ways:
Registration: Upon registering and creating a secure online account, you confirm the accuracy and completeness of the provided information. You agree to keep your login details confidential and not share them with anyone.
You confirm that you are aged 18 or over.

Customer Account Management: Once registered, we will create and maintain your customer account.

Order Processing: We will process and fulfill any orders you place through our website. Failure to collect your personal data during checkout may result in an inability to process your order.
Customer Support: We will respond to your queries, refund requests, and complaints to provide effective assistance.
Records of these interactions may be kept to demonstrate our communication throughout, based on contractual and legal obligations, as well as our business interests in providing excellent service.
Medication Dispensing: We may utilize third-party suppliers/software for the dispensing of your prescribed medication.
Market Research: With your consent, we may conduct market research to enhance the services we offer.
Marketing Communications: With your consent, we may use your personal data, preferences, and transaction details to keep you informed via email, web/social media, text, and telephone. This may include relevant products and services, special offers, discounts, promotions, events, surveys, and competitions tailored to you.
You can opt out of receiving these communications at any time.
Interactive Features: We will enable you to participate in interactive features of our services when you choose to do so.
Product Reviews and Surveys: We may request your product reviews or conduct customer surveys to gauge satisfaction. Participation is optional but encouraged.
Service Improvement: We will continuously monitor telephone calls received at our call centers for staff training, quality control, and service improvement.
Website Activity Tracking: We will track and analyze activity on our website.
Communication: We will communicate with you regarding unavailable services, queries, problems with your order, and changes to our services, via service emails.
Website Security: We will maintain efforts to keep our website safe and secure.
Legal Compliance: We will comply with applicable laws, including responding to requests from courts or regulatory bodies in accordance with the law.

Legal Basis for Processing

To lawfully process your data, we rely on one or more valid legal grounds, including:
Your Consent: We may process your information based on your consent, such as when you agree to use your data for marketing purposes.
Contractual Necessity: Processing your personal data may be necessary to fulfill our contractual obligations to you. For instance, processing your information may be required prior to entering into a contract with you or performing obligations under an existing contract.
Legitimate Interests: We may process your data based on our legitimate interests as a business unless overridden by your interests and fundamental rights. This may include activities that are essential for the operation of our business, provided they do not infringe upon your rights.
Legal Compliance: We may process your data to comply with any legal obligations to which we are subject, such as processing required to adhere to applicable laws and regulations.

Disclosure of Your Personal Data

To provide our products and services, we may occasionally engage other organizations to carry out processing activities on our behalf. We will only share your personal information with organizations directly involved in delivering these services. These may include:
In these instances, we ensure that your personal data is adequately protected and used in accordance with this Privacy Policy.
Additionally, we collect, use, and share Aggregated/Anonymized Data, such as statistical or demographic data, for various purposes. Aggregated Data, derived from personal data but not revealing your identity, is not considered personal data in law. However, if combined or connected with personal data to identify you indirectly, we treat it as personal data and use it in accordance with this Privacy Policy. Please note, that aggregated data for marketing purposes remains separate from personal data, ensuring you cannot be directly or indirectly identified.

Offers and Opportunities

We, along with our affiliated entities and meticulously chosen third parties, aim to reach out to you and/or individuals whose information you furnish to us, to inform you and/or them about available offers, opportunities, and various initiatives. We may do so through multiple channels including postal mail, telephone calls, text/picture/video messages, social media platforms, or emails.
Instructions on how to opt-in to receive details of offers are provided on relevant pages of our website, within your customer account, and in your welcome email.
You have the option to opt out of receiving communications regarding these offers at any time.

Security:

We prioritize the safeguarding of personal information with utmost seriousness. Employing advanced security technology such as firewalls, Secure Socket Layers, and Web Application Firewalls, we ensure the protection of information submitted through this website. Additionally, we have established comprehensive procedures to safeguard paper and computer systems as well as databases against unauthorized disclosure, use, loss, and damage.
However, it’s important to acknowledge that electronic transmissions are never entirely private or secure, thus posing a risk of potential interception and unauthorized access by third parties. To mitigate this risk, it is essential to ensure that any computer, device, or telephone used to access your online patient record is adequately protected from potential interception.
Furthermore, it is strictly prohibited to misuse the Services by knowingly introducing viruses, trojans, worms, logic bombs, or any other malicious or technologically harmful material. Attempts to gain unauthorized access to the Services or to attack the Service through denial-of-service attacks are also prohibited.
Breach of these provisions constitutes a criminal offense under the Computer Misuse Act 1990. In the event of such a breach, we will promptly report it to the relevant law enforcement authorities and cooperate with them by disclosing your identity. Any breach of these provisions will result in the immediate cessation of your right to use the Services.
For added security, we maintain an encrypted record of your login password.

Transfer of Personal Data

During the operations within our Group, your data will also undergo processing within our network of companies based in the United Kingdom. Any data transferred within the European Economic Area is covered by an adequacy decision of the European Commission (Article 45 GDPR).
In cases where adequacy is not determined, such as transfers to areas not deemed adequate with the United Kingdom, data transfers rely on standard data protection clauses or contractual clauses in line with templates adopted by the European Commission (Article 26 Paragraph 2, lit c, Paragraph 5 S 2 GDPR), or by exemptions according to Article 49 GDPR. This applies to external service providers working on our behalf (e.g., IT service providers or data centers) or third parties who come into contact with your personal data and are based in third countries. For instance, when using TrustArc and Google Analytics tools, we may transfer your IP address or shortened IP address to countries outside the European Union, including the USA.

Updating and Correcting Information

We advise you to promptly update your personal information if there are any changes. You may be able to update or correct your personal information online by selecting “Edit Profile” in the “My Account” section or by contacting our Customer Support team. If you are updating or correcting information about another person, we may require proof of your authorization to provide that information.

Retention of Personal Data

We will retain your personal data as specified by regulations or where we have a legitimate and lawful purpose to do so. However, we will not retain any of your personal data beyond the necessary period for the purposes outlined in this Privacy Policy. The retention of your personal data will undergo periodic review.
We may maintain an anonymized form of your personal data, devoid of references to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so. You can also check https://ico.org.uk/for-the-public/.
Your Rights: You possess several rights under relevant data protection laws. While some of these rights are intricate, not all specifics are outlined below.
Further details can be accessed here:
Right of Access: You can obtain from us a copy of the personal data we hold about you.
Right to Rectification: You can demand corrections to any inaccuracies, incompleteness, or outdated information in the personal data we process for you.
Right to Portability: You can request the transfer of your personal data to another service provider if you initially provided consent for its use or if we used it to fulfill a contract with you.
Right to Restrict or Object to Processing: In specific situations, you can request the restriction of your personal information’s processing if you believe it impacts your fundamental rights and freedoms. However, we may demonstrate legitimate grounds for processing your data despite your objections.
Right to Be Forgotten: If you wish to discontinue your association with Medsstore, you can request account suspension via email. Your account will immediately become inactive, and access will be restricted irreversibly. Please note that Medsstore is legally obligated to archive electronic patient records, including personal information, communications, and treatments, for a minimum of 10 years.
Right to Stop Marketing Communications: You can request to cease receiving information about our services, but we will continue to contact you regarding matters related to your account, if applicable. We reserve the right to charge an administrative fee for handling requests that are manifestly unfounded or excessive, and we may request identification before fully responding to your request.
Complaints: If you have complaints regarding this Privacy Policy or our processing of your personal data, please inform us. We will review and investigate your complaint and endeavor to respond within a reasonable timeframe. You also have the right to contact the Information Commissioner or your local regulatory authority if you are based outside the United Kingdom
External Links: Our website may contain links to partner networks, advertisers, and affiliates’ websites. These sites have their own privacy policies, and we do not accept responsibility or liability for them. Please review their policies before submitting any personal data.

Retention of Data

We will retain personal data in accordance with applicable laws and may retain it for specific periods to comply with legal, audit, or statutory requirements. To determine the appropriate retention period, we consider factors such as the type of personal data, potential risk of harm from unauthorized use or disclosure, processing purposes, and alternative means to achieve those purposes.
As mentioned earlier, Medsstore is obligated by law to archive electronic patient records, including personal information, for a minimum of 10 years. Where no legal basis exists for continuing to process your personal data, we will either delete or anonymize it. If deletion is not immediately possible, we will securely store your personal information and isolate it from further processing until deletion becomes feasible. We reserve the right to use anonymous data, such as usage data, indefinitely for research or statistical purposes without further notice.

How to contact us

You can email or webchat with us from our website at www.medsstore.co.uk. If you have any questions about our Privacy Policy or our approach to data protection and privacy you may send an email to contact@medsstore.co.uk, or write to us.