1 OUR APPROACH
We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle. We are registered as a data controller with the Information Commissioner’s Office under number ZA501063
2 THE INFORMATION WE COLLECT AND HOW WE COLLECT IT
Personal data, or personal information, means any information about a person from which they can be identified. We may collect, store, and use some or all of the following categories of personal information about you:
- Personal contact details such as your name, title, address(es), telephone number(s), and email address(es).
- Date of birth.
- Physical characteristics such as your age, weight, height and gender.
Subject to your explicit consent or where we are legally permitted to process such data for health purposes subject to relevant conditions and safeguards, we will also collect, store and use your health data, including your prescription requirements and medical history. This is considered a special category of more sensitive data. Where we process health data, it will be treated confidentially and will never be used for direct marketing purposes without your explicit consent.
We collect Identity Information provided voluntarily by you. For example, when you register with or use our Site to buy medication (by entering your prescription details and completing and submitting our online medical consultation questionnaire for review).
We also collect Identity Information when you contact us (by email, telephone including SMS or otherwise) to ask a question or request information.
When you log in to your account through the Site, we automatically collect information about your use of the Site including details of your visits such as pages viewed and the resources that you access. This information will include traffic data, location data, IP address, browser, operating system, referral source, length of visit, clickstream data and other communication data.
We collect System Information when you interact with our Site.
3 SPECIAL CATEGORY DATA
In order to provide you with our services, we are required to process special category data, for example your health information relating to your prescription. Where we process this special category data, data protection law requires that we satisfy certain additional conditions. We will only process special category data with your explicit consent to the processing (for example, where you have consented to us accessing your health data contained in your prescription so that we may provide our services to you) or where we are legally permitted to process such data for health purposes subject to relevant conditions and safeguards. We will never use special category data for direct marketing purposes without your explicit consent and we will never share your special category data with our Partners (or any other third party data controllers) for direct marketing purposes.
4 HOW WE WILL USE YOUR PERSONAL DATA
Providing our services
As part of the provision of our services, we use the personal information that we collect from you to:
- Register you as a user of our service;
- process your orders and provide your details: (a) to our contracted clinicians to assess your medication needs and to determine whether it is clinically appropriate to approve your prescription request; and (b) to the Pharmacy to enable you to purchase the medication from them, if the prescription is approved by our clinician;
- contact your GP if our clinician determines it is in your best interests to do so. If you provide us with contact details for your GP we, or our clinician, may contact them to discuss your prescription request;
- provide you with our helpline for support and enquiries relating to your use of the Site and orders placed by you; and
- manage our relationship with you (for example, to notify you of any issues, or any advisory cautions we receive from suppliers or pharmaceutical companies in relation to any medication or products you have ordered through our Site, to notify you of any changes to our terms or to ask for feedback on our service).
Monitoring, administering and improving
We use your personal information to help us to monitor our performance, administer and improve our service by:
- tracking and analysing activity to identify patterns and help us improve our Site and communications;
- troubleshooting, conducting data analysis, testing, system maintenance, support, reporting and hosting of data;
- using data analytics to improve customer relationships and experiences;
- analysing information so that we can prioritise features that are relevant and popular;
- educating, training and developing our staff’s performance;
- ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
- preventing fraud; and
- other business administration such as management and planning, including accounting and auditing.
With your prior explicit consent, we may use your data to send you specialist information about goods and services offered by us which may be of interest to you. If you wish to withdraw your consent at any time, please contact us at [email protected]
5 OUR PARTNERS’ USE OF YOUR PERSONAL DATA
5.1 The Pharmacy
Our Pharmacy’s address is 209B Chipstead Valley Road, Coulsdon, Surrey, England CR5 3BR, registered with the General Pharmaceutical Council under GPhC number 9011216. Please note that the Pharmacy will be the contracting party in respect of the sale of your ordered treatment (if approved by our clinician).
How the Pharmacy will use your personal information
As part of the provision of the Pharmacy’s services, it will use your personal information that we transfer to the Pharmacy to provide its services, specifically to:
- manage its relationship with you (for example, by dealing with any queries you raise).
5.2 Our clinicians
All our clinicians are under contract with us. Our clinicians are a number of individuals registered in the United Kingdom with: (i) the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications; or (ii) the General Medical Council and are each Registered Medical Practitioners]. The clinicians are trained in providing remote consultations and issuing prescriptions online. The clinicians will assess your request for the ordered treatment regarding its clinical appropriateness. For more information on the consultation process, please visit our Terms of Service.
How our clinicians will use your personal information
As part of the provision of the clinician’s services, they will use your personal information which we provide to them to:
- assess your health information to determine whether your ordered treatment is clinically appropriate and, if so, write your prescription; and
- obtain further information from you if necessary to inform their decision by contacting you using your contact details.
Fair processing information
We are providing the following information to you, required by data protection law, on behalf of the clinicians:
Identity of the clinicians
Individuals registered in the United Kingdom with: (i) the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications; or (ii) the General Medical Council, each a Registered Medical Practitioner and trained in providing remote consultations and issuing prescriptions online.
If you would like to request the contact details of our clinicians, please contact us [email protected]
Purpose of the processing
As above in “How the clinicians will use your personal information”.
Legal basis of the processing
The processing is necessary for health purposes subject to relevant conditions and safeguards and is carried out by a health professional.
The period for which your personal information will be stored by the clinician
The period for which personal information will be stored will be determined in accordance with applicable law and regulatory guidance issued by the Department of Health.
Your rights in relation to the clinician
As below in Paragraph 11.
5.3 Our FROM MARS Helpline
Our secure helpline is available in accordance with our Terms of Service. All calls placed with our helpline will be recorded and stored securely to ensure we have a record of your enquiry, and for monitoring and training purposes. All call recordings, SMS, messages and emails will be stored securely and in accordance with our data protection obligations at all times.
6 OUR GROUNDS FOR PROCESSING
- where we need to use the information to perform the contract we have entered into with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
- where we need to comply with a legal or regulatory obligation.
7 INFORMATION SECURITY
7.2 Please be aware that communications over the Internet, such as emails and online messages are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.
7.3 Any communications that involve a higher level of sensitivity should be sent to us via the messaging platform available on the Site, and not over email.
7.4 We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that personal data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
8 DISCLOSURE OF YOUR PERSONAL INFORMATION
- with third party service providers or suppliers to enable us to provide our services (for example payment processors, webhosts, ID verification partners etc). Where we share data with these service providers, we require them to sign a contract that obliges them amongst other things to have stringent security measures in place, comply with our instructions and help us to comply with data protection law;
- to another legal entity on a temporary or permanent basis, in connection with a business deal, such as a merger, financing, acquisition, or sale of our business;
- where we are required to do so by law; and/or
- where you have provided your consent.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
9 INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. In particular, our helpdesk (detailed above) is located in United Kingdom. Where these transfer occur we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at [email protected]
10 SECURITY AND RETENTION
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.
11 YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it
If you wish to exercise your rights in relation to the processing of your information by any of our Partners, you should email us at [email protected]
12 LINKED WEBSITES OR APPLICATIONS
We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Site. We recommend that you check the policy of each website you visit before deciding whether to proceed and contact the owner or operator of such website if you have concerns or questions.
14 JURISDICTION AND APPLICABLE LAW
15 OTHER IMPORTANT TERMS
15.4 If we delay in taking steps against you when you break this contract, that will not mean that you do not have to do what we ask in order to remedy your breach and it will not prevent us taking steps against you at a later date.
Last modified: 25 March 2021