This Privacy Policy (the “Policy”) sets out how we BxUK Limited (“Pillpulse”, “us”, “our” or “we”) process personal information about you (the “Customer” or “you”) when you use our website, and when you place an order with us via our website www.pillpulse.com (our “Site”). We are a data “controller” of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle. We do that under the requirements of the General Data Protection Regulations (GDPR). If you do not agree with this Policy, you should not submit information to us.
In order to fulfil your order, we also need to transfer your data to other data controllers, specifically partner pharmacies and the prescribers. In the interest of providing your medication and improving our service for you, we may also collect information from your GP/surgery, hospital or NHS bodies. Together, Pillpulse and our partners will be known as the “Partners”.
We do update this Policy from time to time so please do review this Policy regularly.
You can find out more about Pillpulse’s responsibilities and about how and why we collect and use your personal information by reading this Policy. This Policy also details the responsibilities of the Partners and how they will collect and use your personal information. If anything is unclear or if you have any questions about this Policy, please contact us at marge@pillpulse.com.
Personal data, or personal information, means any information about a person from which they can be identified. We may collect, store, and use some or all of the following categories of information:
System Information (Website Visitors, Account Holders and Customers)
When you visit our Site, we automatically collect information about your use of the platform including details of your visits such as pages viewed and the resources that you access. This information may include website traffic data, IP address, pages viewed, location data, browser, operating system, referral source, length of visit, clickstream data and other communication data. This information is not normally personally identifiable from the methods and systems we use. In some situations this information could be combined with other sources to make it personally identifiable, we limit access to ensure that this information remains anonymous.
Identity Information (Account Holders and Customers)
When creating an account on our website, logging into or updating an existing account, or placing an order, we will collect Personal data:
We collect Identity Information provided voluntarily by you or provided through a partner. For example, when you use Google to login to our Site, or when you register with or use our platform to buy medication (by entering your prescription details for review).
We also collect Identity Information when you contact us (by email, telephone or otherwise) to ask a question or request information.
Special Category Data (Prescription Customers)
In order to provide our services, we will be required to process special category data, for example your health information from your questionnaire or prescription. Where we process this special category data, data protection law requires that we satisfy certain additional conditions. We will only process special category data with your explicit consent to the processing. For example, where you have consented to us accessing your health data contained in your prescription so that we may provide our services and products to you.
Providing our services
As part of the provision of our services, we use the personal information that we collect from you to:
Monitoring, administering and improving
We use your personal information to help us to monitor our performance, administer and improve our service by:
Other uses
With your prior explicit consent and occasionally under Legitimate Interest, we may use your data to send you specialist information about goods and services offered by us which may be of interest to you. If you wish to withdraw your consent at any time, please contact us at marge@pillpulse.com or click Unsubscribe in any of our emails.
As stated above, in order to provide our services to you, we may provide your personal information to our Partners who will act as data controllers in respect of that information.
The Pharmacy dispensing your order will be:
How the Pharmacy will use your personal information
As part of the provision of the Pharmacy’s services, it will use your personal information that we transfer to the Pharmacy to provide its services, specifically to:
Our partner prescribers are a number of individuals registered in the United Kingdom with the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications and trained in providing remote consultations and issuing prescription medicine online. The prescribers will assess your request for the ordered treatment regarding its clinical appropriateness.
How our prescribers will use your personal information
As part of the provision of the clinician’s services, they will use your personal information which we provide to them to:
Fair processing information
We are providing the following information to you, required by data protection law, on behalf of the prescribers:
Contact details (which you should use to exercise any of your rights listed at Paragraph 11 of this Policy)
If you would like to request the contact details of our prescribers, please contact us at marge@pillpulse.com
Purpose of the processing
As above in “How the prescribers will use your personal information”.
Legal basis of the processing
The processing is necessary for health purposes subject to relevant conditions and safeguards and is carried out by a health professional.
The period for which your personal information will be stored by the clinician
The period for which personal information will be stored will be determined in accordance with applicable law and regulatory guidance issued by the Department of Health.
Your rights in relation to the clinician
As below in Paragraph 11.
Data protection law says we only have the right to use your personal information where we can identify a lawful basis for doing so. Your consent to the processing as specified in this Policy is our primary lawful basis. In some circumstances we may also rely on another lawful basis. Most commonly, these will be:
The Internet is not a secure medium. However, we have put in place various security procedures as set out in this Policy.
Please be aware that communications over the Internet, such as emails and online messages are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that personal data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
We will not share your personal information with or to third parties, except as otherwise provided for in this Policy (for example, to our Partners) and under the following limited circumstances when we want to or are compelled to share your personal information, including:
We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. Where this occurs we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at marge@pillpulse.com
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.
We are required by law to retain specific categories of data for certain periods after we stop providing our goods or services to you. We are registered with the General Pharmaceutical Council with registration number 9011928. We are therefore required to store any Medical Data, Identity Data and Contact Data submitted to us to comply with our legal obligations.
Under certain circumstances, by law you have the right to:
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
If you wish to exercise your rights in relation to the processing of your information by any of our Partners, you should contact us at marge@pillpulse.com.
We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Site. We recommend that you check the policy of each website you visit before deciding whether to proceed and contact the owner or operator of such a website if you have concerns or questions.