Privacy policy


This Privacy Policy sets out how we, Planet Medical Limited, (“we”, “us”, “our”) process personal information about you when you place an order with us for the products and services available via our website (our “Site”). We are a company incorporated in England and Wales under company number 11689910. Our registered office address is Lynwood House, 373-375 Station Road, Harrow, England, HA1 2AW. Our VAT number is: GB 319 2848 81. We are a limited company.

We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle. We are registered as a data controller with the Information Commissioner’s Office under number ZA501063

If you do not agree with this Privacy Policy, you should not submit information to us. In order to fulfil your order, we also need to transfer your data to other data controllers, specifically our pharmacy, FROM MARS Pharmacy (the “Pharmacy”), and our clinicians. Together, the Pharmacy and our contracted clinicians will be known as the “Partners”.

You can find out more about our responsibilities and about how and why we collect and use your personal information by reading this Privacy Policy. This Privacy Policy also details the responsibilities of the Partners and how they will collect and use your personal information and explains where you can find out further information from the Partners directly. However, if anything is unclear or if you have any questions about this Privacy Policy, please contact us at [email protected]


Personal data, or personal information, means any information about a person from which they can be identified. We may collect, store, and use some or all of the following categories of personal information about you:

Identity Information

  • Personal contact details such as your name, title, address(es), telephone number(s), and email address(es).
  • Date of birth.
  • Physical characteristics such as your age, weight, height and gender.

Subject to your explicit consent or where we are legally permitted to process such data for health purposes subject to relevant conditions and safeguards, we will also collect, store and use your health data, including your prescription requirements and medical history. This is considered a special category of more sensitive data. Where we process health data, it will be treated confidentially and will never be used for direct marketing purposes without your explicit consent.

We collect Identity Information provided voluntarily by you. For example, when you register with or use our Site to buy medication (by entering your prescription details and completing and submitting our online medical consultation questionnaire for review).

We also collect Identity Information when you contact us (by email, telephone including SMS or otherwise) to ask a question or request information.

System Information

When you log in to your account through the Site, we automatically collect information about your use of the Site including details of your visits such as pages viewed and the resources that you access. This information will include traffic data, location data, IP address, browser, operating system, referral source, length of visit, clickstream data and other communication data.

We collect System Information when you interact with our Site.


In order to provide you with our services, we are required to process special category data, for example your health information relating to your prescription. Where we process this special category data, data protection law requires that we satisfy certain additional conditions. We will only process special category data with your explicit consent to the processing (for example, where you have consented to us accessing your health data contained in your prescription so that we may provide our services to you) or where we are legally permitted to process such data for health purposes subject to relevant conditions and safeguards. We will never use special category data for direct marketing purposes without your explicit consent and we will never share your special category data with our Partners (or any other third party data controllers) for direct marketing purposes.


Providing our services

As part of the provision of our services, we use the personal information that we collect from you to:

  • Register you as a user of our service;
  • process your orders and provide your details: (a) to our contracted clinicians to assess your medication needs and to determine whether it is clinically appropriate to approve your prescription request; and (b) to the Pharmacy to enable you to purchase the medication from them, if the prescription is approved by our clinician;
  • contact your GP if our clinician determines it is in your best interests to do so. If you provide us with contact details for your GP we, or our clinician, may contact them to discuss your prescription request;
  • provide you with our helpline for support and enquiries relating to your use of the Site and orders placed by you; and
  • manage our relationship with you (for example, to notify you of any issues, or any advisory cautions we receive from suppliers or pharmaceutical companies in relation to any medication or products you have ordered through our Site, to notify you of any changes to our terms or to ask for feedback on our service).

Monitoring, administering and improving

We use your personal information to help us to monitor our performance, administer and improve our service by:

  • tracking and analysing activity to identify patterns and help us improve our Site and communications;
  • troubleshooting, conducting data analysis, testing, system maintenance, support, reporting and hosting of data;
  • using data analytics to improve customer relationships and experiences;
  • analysing information so that we can prioritise features that are relevant and popular;
  • educating, training and developing our staff’s performance;
  • ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
  • preventing fraud; and
  • other business administration such as management and planning, including accounting and auditing.

Other uses

With your prior explicit consent, we may use your data to send you specialist information about goods and services offered by us which may be of interest to you. If you wish to withdraw your consent at any time, please contact us at [email protected]


As stated above, in order to provide our services to you, we will provide your personal information to our Partners who will act as data controllers in respect of that information. Please see our general Terms of Use and Terms of Service for further information on our Partners’ roles.

5.1 The Pharmacy

Our Pharmacy’s address is 209B Chipstead Valley Road, Coulsdon, Surrey, England CR5 3BR, registered with the General Pharmaceutical Council under GPhC number 9011216. Please note that the Pharmacy will be the contracting party in respect of the sale of your ordered treatment (if approved by our clinician).

How the Pharmacy will use your personal information

As part of the provision of the Pharmacy’s services, it will use your personal information that we transfer to the Pharmacy to provide its services, specifically to:

  • process your orders and sell, supply, dispense and post prescription medicines to you in accordance with the Terms of Use and Terms of Service; and
  • manage its relationship with you (for example, by dealing with any queries you raise).

5.2 Our clinicians

All our clinicians are under contract with us. Our clinicians are a number of individuals registered in the United Kingdom with: (i) the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications; or (ii) the General Medical Council and are each Registered Medical Practitioners]. The clinicians are trained in providing remote consultations and issuing prescriptions online. The clinicians will assess your request for the ordered treatment regarding its clinical appropriateness. For more information on the consultation process, please visit our Terms of Service.

How our clinicians will use your personal information

As part of the provision of the clinician’s services, they will use your personal information which we provide to them to:

  • assess your health information to determine whether your ordered treatment is clinically appropriate and, if so, write your prescription; and
  • obtain further information from you if necessary to inform their decision by contacting you using your contact details.

Fair processing information

We are providing the following information to you, required by data protection law, on behalf of the clinicians:

Identity of the clinicians

Individuals registered in the United Kingdom with: (i) the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications; or (ii) the General Medical Council, each a Registered Medical Practitioner and trained in providing remote consultations and issuing prescriptions online.

Contact details (which you should use to exercise any of your rights listed at Paragraph 11 of this Privacy Policy)

If you would like to request the contact details of our clinicians, please contact us [email protected]

Purpose of the processing

As above in “How the clinicians will use your personal information”.

Legal basis of the processing

The processing is necessary for health purposes subject to relevant conditions and safeguards and is carried out by a health professional.

The period for which your personal information will be stored by the clinician

The period for which personal information will be stored will be determined in accordance with applicable law and regulatory guidance issued by the Department of Health.

Your rights in relation to the clinician

As below in Paragraph 11.

5.3 Our FROM MARS Helpline

Our secure helpline is available in accordance with our Terms of Service. All calls placed with our helpline will be recorded and stored securely to ensure we have a record of your enquiry, and for monitoring and training purposes. All call recordings, SMS, messages and emails will be stored securely and in accordance with our data protection obligations at all times.


Under applicable data protection laws we only have the right to use your personal information where we can identify a lawful basis for doing so. Your consent to the processing as specified in this Privacy Policy is our primary lawful basis. In some circumstance we may also rely on another lawful basis. Most commonly, these will be:

  • where we need to use the information to perform the contract we have entered into with you;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
  • where we need to comply with a legal or regulatory obligation.


7.1 The Internet is not a secure medium. However, we have put in place various security procedures as set out in this Privacy Policy.

7.2 Please be aware that communications over the Internet, such as emails and online messages are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.

7.3 Any communications that involve a higher level of sensitivity should be sent to us via the messaging platform available on the Site, and not over email.

7.4 We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that personal data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.


We will not share your personal information with any third parties, except as otherwise provided for in this Privacy Policy (for example, to our Partners) and under the following limited circumstances when we are required to or are compelled to share your personal information, including:

  • with third party service providers or suppliers to enable us to provide our services (for example payment processors, webhosts, ID verification partners etc). Where we share data with these service providers, we require them to sign a contract that obliges them amongst other things to have stringent security measures in place, comply with our instructions and help us to comply with data protection law;
  • to another legal entity on a temporary or permanent basis, in connection with a business deal, such as a merger, financing, acquisition, or sale of our business;
  • where we are required to do so by law; and/or
  • where you have provided your consent.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.


We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. In particular, our helpdesk (detailed above) is located in United Kingdom. Where these transfer occur we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at [email protected]


We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.


Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it

If you wish to exercise your rights in relation to the processing of your information by any of our Partners, you should email us at [email protected]


We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Site. We recommend that you check the policy of each website you visit before deciding whether to proceed and contact the owner or operator of such website if you have concerns or questions.


We reserve the right to update this Privacy Policy at any time, and we will provide you with a new Privacy Policy on our Site when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.


English law governs this Privacy Policy, its subject matter and its formation. The courts of England and Wales will have exclusive jurisdiction except that if you are a resident of Northern Ireland you may also bring proceedings in Northern Ireland, and if you are resident of Scotland, you may also bring proceedings in Scotland.


15.1 The contract for the sale and supply of medicines is between you and the Pharmacy. Other than you, the Pharmacy and Planet Medical Limited, no other person shall have any rights to enforce any terms of this Privacy Policy.

15.2 This Privacy Policy (together with our Terms of Use and Terms of Service) constitute the whole agreement between us and supersede all previous discussions, correspondence, negotiations, previous arrangement, understanding or agreement between us relating to the provision of online consultations and the purchase of products via our Site.

15.3 If any of the terms of this Privacy Policy are found by any competent authority to be invalid, unlawful or unenforceable to any extent, such term, condition or provision will to that extent be severed from the remaining terms, conditions and provisions which will continue to be valid to the fullest extent permitted by law.

15.4 If we delay in taking steps against you when you break this contract, that will not mean that you do not have to do what we ask in order to remedy your breach and it will not prevent us taking steps against you at a later date.

If you have any concerns about this Privacy Policy, please contact: [email protected]

Last modified: 25 March 2021