Privacy - Thechemistlive

Last updated: [Date]

INTRODUCTION

TheChemist Live (“we,” “our,” or “us”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our pharmacy services, website, and healthcare consultations.

As a registered pharmacy and healthcare provider, we handle sensitive medical information and are subject to additional regulatory requirements under healthcare legislation, GDPR, and Data Protection Act 2018.

1. WHO WE ARE

TheChemist Live
Registered Pharmacy Number: [GPhC Registration Number]
Address: [Full Address], Manchester, [Postcode]
Email: privacy@thechemistlive.com
Phone: [Phone Number]

Data Protection Officer: [Name/Contact]
Regulatory Bodies: General Pharmaceutical Council (GPhC), Medicines and Healthcare products Regulatory Agency (MHRA)

2. INFORMATION WE COLLECT

Personal Information:

• Identity Data: Full name, date of birth, gender, contact details
• Contact Data: Address, email address, telephone numbers
• Financial Data: Payment information, billing address (processed securely through third-party payment providers)
• Technical Data: IP address, browser type, device information, website usage data

Medical and Health Information:

• Medical History: Current and past medical conditions, medications, allergies
• Consultation Data: Symptoms, health concerns, treatment requests, consultation notes
• Prescription Data: Medication details, dosage, prescribing information, dispensing records
• Treatment Data: Weight management progress, blood test results, vaccination records
• Lifestyle Information: Diet, exercise habits, smoking status, alcohol consumption (where relevant to treatment)

Special Category Data:

• Health Data: All medical information (subject to enhanced protection under GDPR Article 9)
• Biometric Data: Photos for consultation purposes (weight management, skin conditions)

3. HOW WE COLLECT YOUR INFORMATION

Direct Collection:

• Online Consultation Forms: Health questionnaires, treatment requests
• Phone Consultations: Information provided during telephone appointments
• In-Person Consultations: Face-to-face appointments and health assessments
• Prescription Services: Information provided when dispensing medications
• Website Registration: Account creation and service booking
• Payment Processing: Financial information for service payments

Automatic Collection:

• Website Analytics: Cookies and similar technologies (see Cookie Policy)
• Communication Records: Email correspondence, phone call logs
• Service Usage: Appointment history, prescription collection records

Third-Party Sources:

• NHS Prescription Services: Electronic prescription information
• GP Referrals: Medical information from referring healthcare providers (with consent)
• Laboratory Results: Blood test and diagnostic results from accredited laboratories
• Insurance Providers: Information for insurance claims (with consent)

4. LEGAL BASIS FOR PROCESSING

We process your personal data under the following legal bases:

Healthcare Services (Primary):

• Vital Interests: Emergency healthcare situations
• Performance of Contract: Providing requested pharmacy and consultation services
• Legal Obligation: Compliance with pharmacy regulations, NHS requirements, safeguarding duties

Special Category Health Data:

• Explicit Consent: Weight management consultations, non-essential health services
• Healthcare Provision: Essential medical services (Article 9(2)(h) GDPR)
• Public Health: Disease prevention, health monitoring (Article 9(2)(i) GDPR)

Marketing and Communications:

• Legitimate Interests: Service updates, health information relevant to your care
• Consent: Optional marketing communications, newsletters

5. HOW WE USE YOUR INFORMATION

Essential Healthcare Services:

• Prescription Dispensing: Accurate medication preparation and supply
• Clinical Consultations: Providing professional healthcare advice and treatment
• Health Monitoring: Ongoing care management and treatment monitoring
• Safety Checking: Drug interactions, allergy alerts, contraindication screening
• Regulatory Compliance: Meeting professional and legal requirements

Service Delivery:

• Appointment Management: Booking, scheduling, and reminder communications
• Treatment Coordination: Linking related services (consultations, prescriptions, monitoring)
• Emergency Contact: Contacting you for urgent health or safety matters
• Quality Improvement: Service evaluation and improvement initiatives

Administrative Purposes:

• Payment Processing: Secure payment handling and receipt generation
• Record Keeping: Maintaining accurate healthcare records
• Customer Support: Responding to inquiries and resolving issues
• Fraud Prevention: Protecting against fraudulent activities

Optional Services:

• Health Information: Sending relevant health tips and seasonal advice (with consent)
• Service Updates: Information about new services or changes to existing services
• Research: Anonymous health research participation (with explicit consent)

6. SHARING YOUR INFORMATION

Healthcare Providers:

• Your GP: Sharing relevant information to ensure coordinated care (with consent or clinical necessity)
• Specialist Doctors: Referrals and consultation reports when clinically appropriate
• NHS Services: Electronic prescription services, patient record systems
• Emergency Services: In medical emergency situations only

Professional Services:

• Accredited Laboratories: Blood test samples and relevant clinical information
• Pharmacy Networks: Prescription verification and medicine supply chain
• Clinical Supervisors: Professional oversight and quality assurance
• Professional Bodies: Regulatory reporting requirements (GPhC, MHRA)

Service Providers:

• Payment Processors: Secure payment handling (we never store full card details)
• IT Service Providers: Secure data hosting and system maintenance
• Delivery Services: Prescription delivery (name and address only)
• Communications Providers: Secure email and messaging services

Legal Requirements:

• Law Enforcement: When legally required for investigations
• Regulatory Bodies: Professional conduct investigations
• Court Orders: When compelled by legal proceedings
• Safeguarding: When necessary to protect vulnerable individuals

We NEVER:

• Sell your personal data to third parties
• Use your health information for commercial marketing by others
• Share your information for non-healthcare purposes without explicit consent

7. INTERNATIONAL TRANSFERS

Your personal data is primarily processed within the UK. Any international transfers will:

• Only occur with adequate data protection safeguards
• Be to countries with adequacy decisions or appropriate safeguards
• Be notified to you where required by law
• Maintain the same level of protection as provided in the UK

8. DATA RETENTION

Medical Records:

• Adult Patients: 10 years after last contact (professional healthcare standards)
• Children: Until age 25 or 10 years after last contact (whichever is longer)
• Prescription Records: 2 years minimum (GPhC requirements)

Consultation Records:

• Weight Management: 7 years after treatment completion
• Travel Health: 10 years (for vaccination certificate verification)
• General Consultations: 7 years after last consultation

Administrative Data:

• Financial Records: 6 years (tax and accounting requirements)
• Website Analytics: 26 months maximum
• Marketing Consents: Until withdrawn or 3 years of inactivity

Special Circumstances:

• Active Legal Proceedings: Retained until resolution plus limitation period
• Safeguarding Concerns: As required by safeguarding policies
• Regulatory Investigations: As required by regulatory bodies

9. YOUR RIGHTS

Under GDPR and Data Protection Act 2018, you have the right to:

Access Rights:

• Right to Access: Request copies of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your data (subject to healthcare record requirements)

Control Rights:

• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests

Consent Rights:

• Right to Withdraw Consent: For processing based on consent (doesn’t affect lawfulness of past processing)
• Right to Object to Marketing: Opt-out of marketing communications at any time

Special Healthcare Considerations:

Some rights may be limited where:

• Required for healthcare provision
• Necessary for public health protection
• Mandated by professional healthcare regulations
• Essential for safeguarding purposes

To exercise your rights: Contact us at privacy@thechemistlive.com or call [Phone Number]

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures:

• Encryption: All sensitive data encrypted in transit and at rest
• Access Controls: Role-based access with multi-factor authentication
• Regular Updates: Security patches and system updates
• Backup Systems: Secure, encrypted backup procedures

Organizational Measures:

• Staff Training: Regular data protection and confidentiality training
• Access Policies: Strict need-to-know access policies
• Incident Response: Procedures for managing data breaches
• Regular Audits: Periodic security and compliance reviews

Healthcare-Specific Security:

• Clinical Information Systems: NHS-approved secure systems
• Prescription Security: Secure handling of controlled substances
• Consultation Privacy: Soundproof rooms and confidential environments
• Professional Standards: Adherence to GPhC security requirements

11. COOKIES AND WEBSITE TRACKING

Our website uses cookies to:

• Essential Cookies: Enable basic website functionality and security
• Analytics Cookies: Understand website usage and improve services
• Preference Cookies: Remember your settings and preferences

Managing Cookies: You can control cookie settings through your browser preferences. Disabling certain cookies may affect website functionality.

Detailed Cookie Policy: Available separately on our website.

12. CHILDREN’S DATA

We may provide healthcare services to children under 16 with appropriate consent:

• Parental Consent: Required for children under 13
• Mature Minors: Those aged 13-15 may consent to certain treatments independently if deemed competent
• Confidentiality: Maintained according to healthcare professional guidelines
• Safeguarding: Enhanced protection measures and safeguarding protocols apply

13. COMPLAINTS AND CONCERNS

If you have concerns about how we handle your personal data:

Internal Process:

1. Direct Contact: Speak to our Data Protection Officer
2. Formal Complaint: Submit written complaint for investigation
3. Senior Review: Escalation to senior management if needed

External Options:

• Information Commissioner’s Office (ICO): UK data protection regulator
• General Pharmaceutical Council: Professional conduct concerns
• NHS Complaints: For NHS-related services

Contact Details:

• ICO: ico.org.uk | 0303 123 1113
• GPhC: pharmacyregulation.org | 020 3713 8000

14. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect:

• Changes in law or regulation
• Updates to our services or processes
• Enhanced data protection measures

We will:

• Notify you of significant changes by email or website notice
• Provide 30 days notice where possible
• Seek fresh consent where legally required

15. CONTACT US

For data protection matters:

• Email: privacy@thechemistlive.com
• Phone: [Phone Number]
• Post: Data Protection Officer, TheChemist Live, [Address]

For general inquiries:

• Email: info@thechemistlive.com
• Phone: [Main Phone Number]

This Privacy Policy is effective from [Date] and replaces all previous versions.