1 OUR APPROACH
We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle. We are registered as a data controller with the Information Commissioner’s Office under number ZA501063
2 THE INFORMATION WE COLLECT AND HOW WE COLLECT IT
Personal data, or personal information, means any information about a person from which they can be identified. We may collect, store, and use some or all of the following categories of personal information about you:
Subject to your explicit consent or where we are legally permitted to process such data for health purposes subject to relevant conditions and safeguards, we will also collect, store and use your health data, including your prescription requirements and medical history. This is considered a special category of more sensitive data. Where we process health data, it will be treated confidentially and will never be used for direct marketing purposes without your explicit consent.
We collect Identity Information provided voluntarily by you. For example, when you register with or use our Site to buy medication (by entering your prescription details and completing and submitting our online medical consultation questionnaire for review).
We also collect Identity Information when you contact us (by email, telephone including SMS or otherwise) to ask a question or request information.
When you log in to your account through the Site, we automatically collect information about your use of the Site including details of your visits such as pages viewed and the resources that you access. This information will include traffic data, location data, IP address, browser, operating system, referral source, length of visit, clickstream data and other communication data.
We collect System Information when you interact with our Site.
3 SPECIAL CATEGORY DATA
In order to provide you with our services, we are required to process special category data, for example your health information relating to your prescription. Where we process this special category data, data protection law requires that we satisfy certain additional conditions. We will only process special category data with your explicit consent to the processing (for example, where you have consented to us accessing your health data contained in your prescription so that we may provide our services to you) or where we are legally permitted to process such data for health purposes subject to relevant conditions and safeguards. We will never use special category data for direct marketing purposes without your explicit consent and we will never share your special category data with our Partners (or any other third party data controllers) for direct marketing purposes.
4 HOW WE WILL USE YOUR PERSONAL DATA
Providing our services
As part of the provision of our services, we use the personal information that we collect from you to:
Monitoring, administering and improving
We use your personal information to help us to monitor our performance, administer and improve our service by:
With your prior explicit consent, we may use your data to send you specialist information about goods and services offered by us which may be of interest to you. If you wish to withdraw your consent at any time, please contact us at [email protected]
5 OUR PARTNERS’ USE OF YOUR PERSONAL DATA
5.1 The Pharmacy
Our Pharmacy’s address is 209B Chipstead Valley Road, Coulsdon, Surrey, England CR5 3BR, registered with the General Pharmaceutical Council under GPhC number 9011216. Please note that the Pharmacy will be the contracting party in respect of the sale of your ordered treatment (if approved by our clinician).
How the Pharmacy will use your personal information
As part of the provision of the Pharmacy’s services, it will use your personal information that we transfer to the Pharmacy to provide its services, specifically to:
5.2 Our clinicians
All our clinicians are under contract with us. Our clinicians are a number of individuals registered in the United Kingdom with: (i) the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications; or (ii) the General Medical Council and are each Registered Medical Practitioners]. The clinicians are trained in providing remote consultations and issuing prescriptions online. The clinicians will assess your request for the ordered treatment regarding its clinical appropriateness. For more information on the consultation process, please visit our Terms of Service.
How our clinicians will use your personal information
As part of the provision of the clinician’s services, they will use your personal information which we provide to them to:
Fair processing information
We are providing the following information to you, required by data protection law, on behalf of the clinicians:
Identity of the clinicians
Individuals registered in the United Kingdom with: (i) the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications; or (ii) the General Medical Council, each a Registered Medical Practitioner and trained in providing remote consultations and issuing prescriptions online.
If you would like to request the contact details of our clinicians, please contact us [email protected]
Purpose of the processing
As above in “How the clinicians will use your personal information”.
Legal basis of the processing
The processing is necessary for health purposes subject to relevant conditions and safeguards and is carried out by a health professional.
The period for which your personal information will be stored by the clinician
The period for which personal information will be stored will be determined in accordance with applicable law and regulatory guidance issued by the Department of Health.
Your rights in relation to the clinician
As below in Paragraph 11.
5.3 Our FROM MARS Helpline
Our secure helpline is available in accordance with our Terms of Service. All calls placed with our helpline will be recorded and stored securely to ensure we have a record of your enquiry, and for monitoring and training purposes. All call recordings, SMS, messages and emails will be stored securely and in accordance with our data protection obligations at all times.
6 OUR GROUNDS FOR PROCESSING
7 INFORMATION SECURITY
7.2 Please be aware that communications over the Internet, such as emails and online messages are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
7.3 Any communications that involve a higher level of sensitivity should be sent to us via the messaging platform available on the Site, and not over email.
7.4 We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that personal data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
8 DISCLOSURE OF YOUR PERSONAL INFORMATION
9 INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. In particular, our helpdesk (detailed above) is located in United Kingdom. Where these transfer occur we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at [email protected]
10 SECURITY AND RETENTION
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.
11 YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
Under certain circumstances, by law you have the right to:
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it
If you wish to exercise your rights in relation to the processing of your information by any of our Partners, you should email us at [email protected]
12 LINKED WEBSITES OR APPLICATIONS
We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Site. We recommend that you check the policy of each website you visit before deciding whether to proceed and contact the owner or operator of such website if you have concerns or questions.
14 JURISDICTION AND APPLICABLE LAW
15 OTHER IMPORTANT TERMS
15.4 If we delay in taking steps against you when you break this contract, that will not mean that you do not have to do what we ask in order to remedy your breach and it will not prevent us taking steps against you at a later date.
Last updated: June 15, 2020