MedivaPharma Limited (the company, additionally known and operating as ‘MedivaPharmacy’) is committed to protecting your privacy and ensuring that any information that we collect about you is never misused.
This policy explains what information we collect, how and why we use it, how we keep it safe, and what your rights are.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to MedivaPharma Limited, 66 Tanners Drive, Blakelands, Milton Keynes, MK14 5BP. Alternatively, you can telephone 01908 617 328.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
MedivaPharma is a medical aesthetics pharmacy for healthcare professionals, and patients. We are committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws and GDPR.
MedivaPharma welcomes the EU general Data Protection Regulation (GDPR) as a set of regulations to reaffirm our commitment to data protection. We are committed to ensuring:
· We only collect and use relevant personal data we need to provide or improve our products and services for our patients, and healthcare professionals.
· You can request a copy of whatever information we hold about you
· We will keep your personal information safe and secure
· Personal data is processed fairly, lawfully, and in a transparent clear manner.
· We will never sell your details or share it except in the ways mentioned in this policy or unless you instruct us to.
· We will let you know if there are important changes that affect your information or how we use it.
· We take responsibility for the information we hold about you.
· We only keep your information for as long as necessary.
What personal information we collect
We collect the following categories of personal information:
· As a patient, healthcare professional, customer, prospective customer, online website user, we may collect information about you when you submit prescriptions, or complete forms:
· your full name
· date of birth
· contact telephone number(s)
· email address(s)
· full postal address(s)
· website address (professional/business)
· Financial details (credit/payment card details)
· Professional affiliations, clubs, memberships
· Training certificates and accreditations
· Business/Organisation social media links
· Professional/healthcare registration details
· Photographic identification: a copy of a passport page, and or driving license.
Sensitive data and information we may collect may include:
· Prescription medicine information
· Allergy information
· Relevant medical history
We only ever collect information that is relevant to MedivaPharma in providing you, the patient and/or healthcare professionals, with appropriate medication, products, and services.
How we collect and process personal information
You provide us with personal information when you engage in any of the following activities:
· Directly from: When you correspond with us by phone, email, website contact form, social media, or otherwise.
· When you submit the prescription for dispensing purposes.
· When you register with MedivaPharma online, post, or email.
· When you complete a MedivaPharma registration form.
· Subscribe to our newsletter, mailing list, or any other MedivaPharma marketing medium.
· When you make a purchase/order with MedivaPharma online, phone, and or email.
· Participate in our discussion boards, chat, or social media platforms.
· Information you provide when entering competitions, or special promotions & events.
· Information you provide when you complete a survey or questionnaire.
· Information from your professional/business social media accounts but only where you have given us permission to use it. For example, posts, pictures, and video footage you share on sites such as Facebook, Twitter, and Instagram, and others.
· Information about emails and other communications we have sent to you and your interaction with them.
· Information from third parties where you consent to those other organisations sharing information they hold on you with us, and where those other organisations lawfully share your information with us.
How we use your personal information
The information collected from patients, healthcare professionals, customers, prospective customers, and registrants may be used for the following purposes:
· For the dispensing of medication via a patient prescription. Prescriptions provided from a prescriber (who is the data controller) to Mediva pharmacy. MedivaPharmacy (as data processor) will then dispense the medication on the lawful basis of processing through legitimate interest.
· For auditing purposes of the pharmacy, and dispensing services through the lawful basis of legitimate interest.
· To verify your identity as a registered healthcare professional, register and setup a pharmacy/wholesale account in your name/business name with MedivaPharma Limited through a contract.
· To provide access to our products and services, or to provide quotes, offers, promotions, and updates about our products and services through a contract with you.
· To inform by phone, email, or text, any changes to our personal information as necessary to comply with legal obligation.
· To administer and manage customer accounts, including online account access, your orders, responding to questions and enquiries raised by you through a contract with you.
· To accept, receive, review, and provide feedback to you regarding any information, documentation, or enquiries you provide us through a contract with you.
· For administrative, planning, product or service development, quality control, and research relating to our products and services through a contract with you.
· For marketing purposes, but only if we have your expressed or implied consent to contact someone, or we are otherwise permitted by law to do so.
· To confirm customer identities as part of our customer security checks; necessary for our legitimate interest and through a contract with you.
· To periodically check the status of your healthcare registration status with the GMC/GDC/NMC/GPhC as part of our order processing for our legitimate interests.
· To see your views and comments on the services we provide for our legitimate interests.
How we keep your personal information safe
MedivaPharma is committed to information security and the efficient processing of personal information. We have implemented technical, administrative, and physical security measures that are designed to protect personal information from unauthorised access, disclosure, use, modification, and that staff are adequately trained for handling personal information safely. We carry out regular security checks on all our security measures to ensure our customers personal information is kept safe and secure.
Our procedures mean that we may ask you to prove your identity before we share your personal information with you.
Third-party websites you access through links on our websites will have their own privacy policies. We do not accept any responsibility or liability for them.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the website, you are responsible for keeping this password confidential. We ask you not to share such a password with anyone.
We continually update and review our payments system to ensure we are compliant with the Payment Card Industry’s Data Security standards (PCI-DSS).
Our CCTV is used to capture record and monitor images of what takes place at our pharmacy and offices. We operate CCTV for the health and safety of our employees and visitors to the pharmacy, and for the detection and prevention of crime.
Only authorised MedivaPharma staff has access to CCTV footage. We will never share any image or personal information of yourself to a third party unless we are required to do so by law or if it is necessary for a legitimate purpose such as defending or bringing legal action.
Sharing your personal information
We do not share your information with others (third party organisations) without your consent or it is necessary to do so if the law requires us to.
When we have received your consent to share your information, it is likely we will provide this information to one or several of the following:
· A manufacturer/supplier of a brand permitted to MedivaPharma for contractual distribution.
· A training academy to provide further training and support services if requested by you.
· A group, organisation, membership base, non-profit organisation, or charity appropriate to your requirements.
· We may share your details, achievements, and successes in our media sources, magazines, social media, and website but only when asked by us and with your consent.
· A third-party credit control agency, financial management firm, legal, government organisation that we choose to manage our customer credit accounts.
Transfer of personal information: data transfers, storage, and global transfers.
We do not envisage transferring any information about or relating to you to any individual, or organisation that is situated outside of the European Economic Area (EEA)
Your personal information is uploaded to and stored to servers that are maintained by third parties that comply with strict contractual privacy obligations.
Cookies and IP Addresses
When you visit our company website www.medivapharma.co.uk we will place cookies on your device that will help to identify you as a user on our website and may help to create a more tailored user experience from the data that is collected on each visit.
Our website is linked in to a range of social media pages you may select, these social media pages may also place cookies on your device: Facebook, LinkedIn, Twitter, Google+, Instagram, LinkedIn and other third-party organisations which feature on the MedivaPharma website.
You may view a full list of the cookies we use on our website here
Communications: Email, Chat, and Social Media
When you communicate with MedivaPharma via email, chat, and social media channels we make every effort to use only secure and GDPR complaint channels and social media organisations. We never recommend that our customers send any sensitive information via these sites but to only use the official email/fax/website portals for transferring of sensitive information.
All information is handled by our authorised personal at MedivaPharma.
We use your payment details to process order payments only. We do not use your information for any purpose you have not authorised and we always seek your consent in order to process any payment transaction when the account setup has been completed or automatic payment processing is agreed verbally or in writing with you, or consent is acquired from you when a payment is processed. We process credit and debit card transactions following the Payment Card Industry Data Security Standard (PCI DSS).
Only authorised MedivaPharma personnel have access to your payment details. We will only ever keep your details, safely, and secured when we receive your expressed consent and we only ever keep the card details for as long as you permit.
We will ask for the following card details to process payments, and store the below details in an encrypted and safeguarded CRM system:
· Cardholder name
· Card number
· Card security code (CSC)
· Expiry dates
Our websites, services and products are not aimed at children and we do not knowingly collect any information from them.
We ask children not to register with us or give us any of their information.
Where we have inadvertently collected information from a child, we will delete it as soon as possible.
If you know that a child has given their information to us, please contact us at email@example.com
Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below:
· Right to be informed – You have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
· Right of access– have the right to access their personal data and supplementary information.
· Right of Rectification/Erasure– you have the right to request inaccurate personal data be rectified or completed if it is incomplete. You also have a right to be forgotten and ask us to erase information about you where you can demonstrate that the data we hold is no longer required by us, when you withdraw consent to use your information for whatever reason. Please note that we may be entitled to retain your personal data in order to comply with legal obligations.
· Right to restriction of processing– You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, and or disputes.
· Right to Portability– You have a right to request any personal information that you have provided to us and provide your data to another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
· Right to Object– You have a right to object to how your personal information is processed for direct marketing or some other form of processing.
· Right to Withdraw Consent– You have the right to withdraw your consent for the processing of your personal information where the processing is based on consent including the right to opt out of any direct marketing communications, you can do this by unsubscribing from a mailer we may send you or by contacting us directly and we will update your contact preferences at your request.
· Right of Complaint– You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at ico.org.uk.
How to change your contact preferences
You can change how you prefer we contact you by writing to us at firstname.lastname@example.org or post:
66 Tanners Drive
How to request a copy of your information
To see the information we hold about you, you should make a Subject Access Request in writing, including your:
> Full Name
> Company Name / Clinic
> Telephone Number
> Account Address / Account number (Optional)
Last Updated: 25/11/2020