Help

Privacy policy

1 OUR APPROACH

This Privacy Policy sets out how we, Planet Health Limited, (“we”, “us”, “our”) process personal information about you when you place an order with us for the products and services available via our website www.frommars.com (our “Site”). We are a company incorporated in England and Wales under company number 11689910. Our registered office address is Lynwood House, 373-375 Station Road, Harrow, England, HA1 2AW. Our VAT number is: GB 319 2848 81. We are a limited company.

We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle. We are registered as a data controller with the Information Commissioner’s Office under number ZA501063

If you do not agree with this Privacy Policy, you should not submit information to us. In order to fulfil your order, we also need to transfer your data to other data controllers, specifically our pharmacy, FROM MARS Pharmacy (the “Pharmacy”), and our clinicians. Together, the Pharmacy and our contracted clinicians will be known as the “Partners”.

You can find out more about our responsibilities and about how and why we collect and use your personal information by reading this Privacy Policy. This Privacy Policy also details the responsibilities of the Partners and how they will collect and use your personal information and explains where you can find out further information from the Partners directly. However, if anything is unclear or if you have any questions about this Privacy Policy, please contact us at [email protected]

2 THE INFORMATION WE COLLECT AND HOW WE COLLECT IT

Personal data, or personal information, means any information about a person from which they can be identified. We may collect, store, and use some or all of the following categories of personal information about you:

Identity Information

Subject to your explicit consent or where we are legally permitted to process such data for health purposes subject to relevant conditions and safeguards, we will also collect, store and use your health data, including your prescription requirements and medical history. This is considered a special category of more sensitive data. Where we process health data, it will be treated confidentially and will never be used for direct marketing purposes without your explicit consent.

We collect Identity Information provided voluntarily by you. For example, when you register with or use our Site to buy medication (by entering your prescription details and completing and submitting our online medical consultation questionnaire for review).

We also collect Identity Information when you contact us (by email, telephone including SMS or otherwise) to ask a question or request information.

System Information

When you log in to your account through the Site, we automatically collect information about your use of the Site including details of your visits such as pages viewed and the resources that you access. This information will include traffic data, location data, IP address, browser, operating system, referral source, length of visit, clickstream data and other communication data.

We collect System Information when you interact with our Site.

3 SPECIAL CATEGORY DATA

In order to provide you with our services, we are required to process special category data, for example your health information relating to your prescription. Where we process this special category data, data protection law requires that we satisfy certain additional conditions. We will only process special category data with your explicit consent to the processing (for example, where you have consented to us accessing your health data contained in your prescription so that we may provide our services to you) or where we are legally permitted to process such data for health purposes subject to relevant conditions and safeguards. We will never use special category data for direct marketing purposes without your explicit consent and we will never share your special category data with our Partners (or any other third party data controllers) for direct marketing purposes.

4 HOW WE WILL USE YOUR PERSONAL DATA

Providing our services

As part of the provision of our services, we use the personal information that we collect from you to:

Monitoring, administering and improving

We use your personal information to help us to monitor our performance, administer and improve our service by:

Other uses

With your prior explicit consent, we may use your data to send you specialist information about goods and services offered by us which may be of interest to you. If you wish to withdraw your consent at any time, please contact us at [email protected]

5 OUR PARTNERS’ USE OF YOUR PERSONAL DATA

As stated above, in order to provide our services to you, we will provide your personal information to our Partners who will act as data controllers in respect of that information. Please see our general Terms of Use and Terms of Service for further information on our Partners’ roles.

5.1 The Pharmacy

Our Pharmacy’s address is 209B Chipstead Valley Road, Coulsdon, Surrey, England CR5 3BR, registered with the General Pharmaceutical Council under GPhC number 9011216. Please note that the Pharmacy will be the contracting party in respect of the sale of your ordered treatment (if approved by our clinician).

How the Pharmacy will use your personal information

As part of the provision of the Pharmacy’s services, it will use your personal information that we transfer to the Pharmacy to provide its services, specifically to:

5.2 Our clinicians

All our clinicians are under contract with us. Our clinicians are a number of individuals registered in the United Kingdom with: (i) the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications; or (ii) the General Medical Council and are each Registered Medical Practitioners]. The clinicians are trained in providing remote consultations and issuing prescriptions online. The clinicians will assess your request for the ordered treatment regarding its clinical appropriateness. For more information on the consultation process, please visit our Terms of Service.

How our clinicians will use your personal information

As part of the provision of the clinician’s services, they will use your personal information which we provide to them to:

Fair processing information

We are providing the following information to you, required by data protection law, on behalf of the clinicians:

Identity of the clinicians

Individuals registered in the United Kingdom with: (i) the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications; or (ii) the General Medical Council, each a Registered Medical Practitioner and trained in providing remote consultations and issuing prescriptions online.

Contact details (which you should use to exercise any of your rights listed at Paragraph 11 of this Privacy Policy)

If you would like to request the contact details of our clinicians, please contact us [email protected]

Purpose of the processing

As above in “How the clinicians will use your personal information”.

Legal basis of the processing

The processing is necessary for health purposes subject to relevant conditions and safeguards and is carried out by a health professional.

The period for which your personal information will be stored by the clinician

The period for which personal information will be stored will be determined in accordance with applicable law and regulatory guidance issued by the Department of Health.

Your rights in relation to the clinician

As below in Paragraph 11.

5.3 Our FROM MARS Helpline

Our secure helpline is available in accordance with our Terms of Service. All calls placed with our helpline will be recorded and stored securely to ensure we have a record of your enquiry, and for monitoring and training purposes. All call recordings, SMS, messages and emails will be stored securely and in accordance with our data protection obligations at all times.

6 OUR GROUNDS FOR PROCESSING

Under applicable data protection laws we only have the right to use your personal information where we can identify a lawful basis for doing so. Your consent to the processing as specified in this Privacy Policy is our primary lawful basis. In some circumstance we may also rely on another lawful basis. Most commonly, these will be:

7 INFORMATION SECURITY

7.1 The Internet is not a secure medium. However, we have put in place various security procedures as set out in this Privacy Policy.

7.2 Please be aware that communications over the Internet, such as emails and online messages are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.

7.3 Any communications that involve a higher level of sensitivity should be sent to us via the messaging platform available on the Site, and not over email.

7.4 We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that personal data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.

8 DISCLOSURE OF YOUR PERSONAL INFORMATION

We will not share your personal information with any third parties, except as otherwise provided for in this Privacy Policy (for example, to our Partners) and under the following limited circumstances when we are required to or are compelled to share your personal information, including:

9 INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. In particular, our helpdesk (detailed above) is located in United Kingdom. Where these transfer occur we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at [email protected]

10 SECURITY AND RETENTION

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.

11 YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

Under certain circumstances, by law you have the right to:

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it

If you wish to exercise your rights in relation to the processing of your information by any of our Partners, you should email us at [email protected]

12 LINKED WEBSITES OR APPLICATIONS

We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Site. We recommend that you check the policy of each website you visit before deciding whether to proceed and contact the owner or operator of such website if you have concerns or questions.

13 CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy at any time, and we will provide you with a new Privacy Policy on our Site when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

14 JURISDICTION AND APPLICABLE LAW

English law governs this Privacy Policy, its subject matter and its formation. The courts of England and Wales will have exclusive jurisdiction except that if you are a resident of Northern Ireland you may also bring proceedings in Northern Ireland, and if you are resident of Scotland, you may also bring proceedings in Scotland.

15 OTHER IMPORTANT TERMS

15.1 The contract for the sale and supply of medicines is between you and the Pharmacy. Other than you, the Pharmacy and Planet Health Limited, no other person shall have any rights to enforce any terms of this Privacy Policy.

15.2 This Privacy Policy (together with our Terms of Use and Terms of Service) constitute the whole agreement between us and supersede all previous discussions, correspondence, negotiations, previous arrangement, understanding or agreement between us relating to the provision of online consultations and the purchase of products via our Site.

15.3 If any of the terms of this Privacy Policy are found by any competent authority to be invalid, unlawful or unenforceable to any extent, such term, condition or provision will to that extent be severed from the remaining terms, conditions and provisions which will continue to be valid to the fullest extent permitted by law.

15.4 If we delay in taking steps against you when you break this contract, that will not mean that you do not have to do what we ask in order to remedy your breach and it will not prevent us taking steps against you at a later date.

If you have any concerns about this Privacy Policy, please contact: [email protected]

Last updated: June 15, 2020