Service Privacy Notice - Pharmacy

Service Privacy Notice - Pharmacy

Welcome

Charac Limited values your privacy and is strongly committed to protecting your personal data. The purpose of this Privacy Notice (“Notice”) is to explain how Charac Limited handle personal data about you and outline the rights that you have under the applicable data protection laws.

Note that “you” and “your” include any pharmacists and pharmacies administrators that Charac Limited may engage with. “Charac Limited” is referred to in this Notice as “Charac”“we”“us” or “our”. We will be the controller of your personal data. You may contact us at:

What information do we collect about you?

We collect and process your personal data in accordance with applicable laws to pursue our business activities, such as registering you and your pharmacy. We may collect and process information about you including:
  • Account and Contact details such as your login credentials and basic details necessary for the service to work and to set up your profile. These may include your name, postal address, website, telephone number, email address, gender and profile picture.
  • Usage Information such as information about your activity on our platform, for instance how you use it (e.g., date and time you logged).
  • Device information as software information such as IP address, browser type, version and language, identifiers associated with cookies or other technologies that may uniquely identify your device or browser.
  • Details of your relationship with us such as the information related to specific service offering. If you maintain a video consultation through the platform with another user of the platform, our processing will be limited to facilitating the video interaction. We will not retain or record the video content of consultation, although you may be able to add notes to the account, which will be retained.
  • Educational and professional details such as your job title, professional qualifications, work experience, organisational or institutional affiliations, or publications.
  • Financial information where necessary for payment of invoices may be processed through third party platforms that manage online payments.
  • Customer service: If you contact our customer service team, we may collect the information you give us during the interaction. We may record these interactions to ensure a high quality of service
Any other personal data we collect, not described in any of the categories above will be brought to your attention with a message at the point of collection from you. You may decide not to provide your personal data to us. However, if you do not provide it, we may not be able to provide you with our services or access to our platform.

What cookies and similar technologies do we use?

We use and may allow others to use cookies and similar technologies (e.g., web beacons, pixels) to recognize you and/or your device(s). Some of these cookies are essential to our service, for example they ensure the platform loads properly, they remember your cookie preferences, enable you to use payment functionalities, and enable Charac administrative users to login to the Platform. Others are analytical nature allowing us to better understand how you use our platform. You can find more information about the individual cookies we use, the purposes for which we use them, and how you can better control their use in our Cookie Notice. You can also set your browser to accept or reject all specific cookies. You can set your browser to alert you each time a cookie is presented to your device or opt out of Google Analytics by installing Google’s opt-out browser add-on. You can delete cookies that have been stored on your device, but if you prevent us from placing cookies on your device, or if you subsequently delete a cookie, it may not be possible for you to use our platform effectively. Please see our Cookie Notice for additional information.

How do we obtain your personal data?

We may collect this information:
  • Directly from you through your interactions with us such as when you create an account and set up your profile; or
  • From third party sources, including NHS practices, or business partners acting on our behalf, such as couriers providing confirmation about prescription deliveries.

Why do we process your personal data for and what are the legal bases we rely on?

We may process your personal data for the purposes below and based on the following legal bases:
i. We shall rely on the performance of our obligations arising from the service contract or arrangement in place with you for the following purposes:
  • Service Relationship which includes registration and adding pharmacies and pharmacists’ details in our system.
  • Performance of our Business Operations which includes business as usual activities for the effective operation of our organisation, allowing us to work together and collaborate, providing our services and ensuring business continuity.
ii. We shall rely on the compliance with applicable laws and regulations for the following purposes:
  • To establish, exercise or defend legal claims in suspected or actual legal proceedings.
  • To exercise or perform any right or obligation which is conferred or imposed by law on us.
  • Where we are legally required to process personal data in connection to health and safety legislation, statutory codes of practice and other legal or tax related obligations.
iii. We shall rely on our legitimate interests pursued by us or our service providers acting on our behalf or by a third-party insofar as such interests do not pose a high risk to your rights and freedoms, for the following purposes:
  • Performance of our Business Operations which includes business as usual activities for the effective operation of our organisation. Our legitimate interests are based on allowing us to work together and collaborate, providing our services and ensuring business continuity.
  • Security Management Activities. Our legitimate interest is to ensure the security of our platform and information.
iv. We shall rely on your consent for the following purposes:
  • Marketing Activities which includes sending electronic newsletters with offers, promotions and news related to our online platforms, marketing and/or advertising information.
  • Use of analytics cookies and similar technologies to improve your user experience and our Services.
We shall notify you of any material changes to personal data we collect or to the purposes for which we collect and process it.

How do we keep your personal data safe?

We implement appropriate technical, physical, and organizational measures which are intended to safeguard any information you provide to us, and to protect it from unauthorised access, loss, misuse, alteration or destruction. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Any individual who is provided with such access shall take the steps to protect your personal data and may only use your data for the purposes set out above or as otherwise permitted under applicable law. Where you have chosen a password, which enables you to access our platform, you are responsible for keeping this password confidential. You must not to share your passwords with anyone.

Who is your personal data disclosed to?

We will only disclose your personal data in accordance with the applicable laws and for the above-stated purposes, to the following parties:
  • Patients who you may provide service to.
  • Third-party service providers for the provision of services to us such as third parties supporting us with our IT systems and third parties providing external legal advice or litigation support. We have appropriate contracts in place that define the legitimate use and sharing of personal data in accordance with this Notice and oblige such service providers to only process personal data that is necessary for the performance of the contract or are required by applicable laws.
  • Regulatory authorities and other public bodies for the purposes of, including but without limitation, responding to official requests or inquiries, complying with a court order, administrative or judicial process, or when the disclosure is otherwise required by applicable laws and regulations.
  • Parties including prospective or actual buyers or sellers in the event of a merger, acquisition, or other reorganization or sale or disposition of all or any portion of our business and/or assets.
Some of these third parties may be located in a country outside the European Economic Area (“EEA”), where the applicable laws may not afford your personal data the same level of protection as your own country. Where your personal data is transferred abroad, we will ensure that adequate safeguards are in place (e.g. for residents of the EEA this includes the use of European Commission approved standard contractual clauses) and that all applicable laws and regulations are complied with. You may contact us for a copy of the safeguards which we have put in place to protect your personal data in these circumstances.

What are your rights?

You have rights in relation to your personal data arising from the applicable data protection legislation. These include the right to:
  • Access, rectify and erase your personal data: You may have the right to request access to information that we hold about you; request corrections or updates to your personal data; or, in some cases, ask us to erase your personal data except to the extent that we are required or permitted to retain it by law.
  • Restriction of processing: You may have the right to request the restriction of processing of your personal data, in which case, your personal data will only be processed for certain purposes.
  • Data portability: You may you have the right to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format and you may have the right to transmit the personal data to another entity without hindrance from us.
  • Object: Where we rely on legitimate interests as a legal basis for processing personal data, you have the right to object, on grounds relating to your situation, at any time to the processing of your personal data by us and we are required to no longer process your personal data. If you exercise this right, your personal data will no longer be processed for such purposes unless otherwise authorised by law.
  • Consent withdrawal: You have the right to withdraw any consent you may have provided at any time without being penalised.
If you wish to exercise one of the above-mentioned rights, please refer to Section 10 “Who do I contact to ask questions about this Notice” below. Any request to exercise one of these rights will be assessed by us on a case by case basis. There may be circumstances in which we are not legally required to comply with your request or because of relevant legal exemptions provided for in applicable data protection legislation.

How long will we retain your personal data?

We generally retain personal data for as long as you remain a user. If you cancel your account, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will aim to keep your data for no more than seven years.
In some cases, we may be required to retain your personal data for a longer period where applicable laws or regulations require or allow us to do so.
Where possible, we aim to anonymise the information or remove unnecessary identifiers from records that we may need to keep for longer periods beyond the specified retention period.

Who do I contact to ask questions about this Notice?

If you have any queries or concerns about this Notice or you wish to exercise your rights and/or make complaints concerning our handling of your personal data, please contact us at dataprotection@charac.co.uk.
If you are still dissatisfied, you have the right to complain to your data protection authority. The relevant national data protection authority is responsible for overseeing compliance of the privacy laws in each EEA country. You may contact your local data protection authority for more information about your rights, or if you are not able to resolve a problem directly with us and wish to make a complaint. A list of European data protection authorities is available here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

Can this Notice be updated?

We keep this Notice under regular review in order to reflect changes in the law, regulatory guidance or our data privacy practices in compliance with the law. When this happens and where required by law, we shall provide you with a new or an updated Notice detailing how the use of your personal data is changing. This Notice was last updated on 07 July 2020

Annex 1

Patients’ Privacy Notice

Welcome

This Privacy Notice (“Notice”) has been prepared by Charac Limited for the benefit of its customers, such as local pharmacies, and in connection with the online pharmacy services provided through the Charac platform. The purpose of this Notice is to explain how local pharmacies Charac engages with typically handle personal data about you and outline the rights that you have under the applicable data protection laws. Note that “you” and “your” include any users or patients that may be registered to the Charac platform. Your local pharmacy may be referred to in this Notice as “they” or “them”. Your local pharmacy will be the controller of your personal data. Please note that you can access the services provided by your local pharmacy via online (including booking appointments and video consultation, among others) through the Charac platform. You can consult Charac Limited privacy notice here: Privacy Policy

What information does your local pharmacy collect about you?

Your local pharmacy may collect and process your personal data in accordance with applicable laws to pursue its business activities. Your local pharmacy may collect and process information about you including:
  • Contact details such as your name, address, telephone number and email address, gender.
  • Health Data such as the information related to any disease you may be suffering, any specific diagnosis or medical treatment you may receive.
You may decide not to provide your personal data to your local pharmacy. However, if you do not provide it, your local pharmacy may not be able to provide you with their services.

How does your local pharmacy obtain your personal data?

Your local pharmacy may collect your information:
  • Directly from you through your interactions with them, such as when you book an appointment with them or when they have video consultations with you; or
  • From third party sources, such as Charac Limited as the owner of the Charac platform in which you are registered and where you upload your personal data, as well as from your relatives, where you cannot provide your personal data directly.
Your local pharmacy may process your personal data for the purposes below and based on the following legal bases:
i. They shall rely on the compliance with applicable laws and regulations for the following purposes:
  • To establish, exercise or defend legal claims in suspected or actual legal proceedings or to exercise or perform any right or obligation which is conferred or imposed by law on them.
  • Where they are legally required to process personal data in connection with health and safety legislation and other legal or tax related obligations.
ii. They shall rely on the performance of their obligations arising from the service contract or arrangement in place with you for the following purposes:
  • Performance of Service which includes making appointments, video consultations, prescriptions and other advice/services, available to you.
iii. They shall rely on your explicit consent, for the following purposes:
  • Processing your health data in case they need to collect and process it for the provision of their services.
They shall notify you of any material changes to personal data they collect or to the purposes for which they collect and process it.

How does your local pharmacy keep your personal data safe?

Your local pharmacy implements appropriate technical, physical, and organizational measures which are intended to safeguard any information you provide to them, and to protect it from unauthorised access, loss, misuse, alteration or destruction.

Who is your personal data disclosed to?

Your local pharmacy will only disclose your personal data in accordance with the applicable laws and for the above-stated purposes, to the following parties:
  • Third-party service providers for the provision of services to your local pharmacy such as third parties supporting them with their IT systems and third parties providing external legal advice or litigation support. Your local pharmacy has appropriate contracts in place that define the legitimate use and sharing of personal data in accordance with this Notice and oblige such service providers to only process personal data that is necessary for the performance of the contract or are required by applicable laws.
  • Regulatory authorities and other public bodies, for the purposes of, including but without limitation, responding to official requests or inquiries, complying with a court order, administrative or judicial process, or when the disclosure is otherwise required by applicable laws and regulations.
  • Parties including prospective or actual buyers or sellers in the event of a merger, acquisition, or other reorganization or sale or disposition of all or any portion of your local pharmacy business and/or assets.
Some of these third parties may be located in a country outside the European Economic Area (“EEA”), where the applicable laws may not afford your personal data the same level of protection as your own country. Where your personal data is transferred abroad, your local pharmacy will ensure that adequate safeguards are in place (e.g. for residents of the EEA this includes the use of European Commission approved standard contractual clauses) and that all applicable laws and regulations are complied with. You may contact your local pharmacy for a copy of the safeguards which they have put in place to protect your personal data in these circumstances.

What are your rights?

You have rights in relation to your personal data arising from the applicable data protection legislation. These include the right to:
  • Access, rectify and erase your personal data: You may have the right to request access to information that your local pharmacy holds about you; request corrections or updates to your personal data; or, in some cases, ask your local pharmacy to erase your personal data except to the extent that they are required or permitted to retain it by law.
  • Restriction of processing: You may have the right to request the restriction of processing of your personal data, in which case, your personal data will only be processed for certain purposes.
  • Data portability: You may you have the right to receive the personal data which you have provided to your local pharmacy in a structured, commonly used and machine-readable format and you may have the right to transmit the personal data to another entity without hindrance from them.
  • Object: Where your local pharmacy relies on legitimate interests as a legal basis for processing personal data, you have the right to object, on grounds relating to your situation, at any time to the processing of your personal data by them and they are required to no longer process your personal data. If you exercise this right, your personal data will no longer be processed for such purposes unless otherwise authorised by law.
  • Consent withdrawal: You have the right to withdraw any consent you may have provided at any time without being penalised.
If you wish to exercise one of the above-mentioned rights, please refer to Section “Who do I contact to ask questions about this Notice” below. Any request to exercise one of these rights will be assessed by your local pharmacy on a case by case basis. There may be circumstances in which your local pharmacy is not legally required to comply with your request or because of relevant legal exemptions provided for in applicable data protection legislation.

How long will your local pharmacy retain your personal data?

Your local pharmacy generally retains personal data for as long as needed for the specific purpose(s) for which it was collected. In some cases, they may be required to retain your personal data for a longer period where applicable laws or regulations require or allow them to do so. Where possible, your local pharmacy aims to anonymise the information or remove unnecessary identifiers from records that they may need to keep for longer periods beyond the specified retention period.

Who do I contact to ask questions about this Notice?

If you have any queries or concerns about this Notice or you wish to exercise your rights and/or make complaints concerning the handling of your personal data, please contact your local pharmacy.
If you are still dissatisfied, you have the right to complain to your data protection authority. The relevant national data protection authority is responsible for overseeing compliance of the privacy laws in each EEA country. You may contact your local data protection authority for more information about your rights, or if you are not able to resolve a problem directly with your local pharmacy and wish to make a complaint. A list of European data protection authorities is available here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

Can this Notice be updated?

This Notice is kept under regular review in order to reflect changes in the law, regulatory guidance or data privacy practices in compliance with the law. When this happens and where required by law, you shall be provided with a new or an updated Notice detailing how the use of your personal data is changing.


    • Related Articles

    • Charac Privacy Notice - Customer

      Welcome to Charac. We are Charac Limited (“we”, “us” or “our”) and are known as Charac. This privacy notice applies to your use of charac.co.uk and the web browser and mobile application based Charac Platform (our “Services”). Our Platform has been ...

    • Cookie Notice

      Charac Limited (“Charac”, “we”, or “us”) is committed to protecting your privacy. This Cookie Notice explains: i. what types of cookies and similar technologies are placed on your device when you visit our website, or use the web browser or mobile ...

    • End User Licence Terms

      Who we are charac.co.uk (our “Site”) is a site operated by Charac Limited ("we", “us”, “our”). We are registered in England and Wales under company number 12504326 and have our registered office at March Studios, Peills Yard, Bromley, Kent, United ...

    • Terms of Use

      1.Introduction 1.1. Our website charac.co.uk (“Website”) is operated by Charac Limited registered in England and Wales under company number 12504326 with registered office at March Studios, Peills Yard, Bromley, Kent, United Kingdom, BR2 9NS (“we”, ...