PRIVACY POLICY
This Privacy Notice sets out how we Infinity Group Pharmaceuticals Ltd (under the trading name of DrHair.co.uk) process personal information about you when you use our website, and when you place an order with us via our website www.drhair.co.uk.
We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle. If you do not agree with this Notice, you should not submit information to us. You can find out more about DrHair’s responsibilities and about how and why we collect and use your personal information by reading this Notice. This Notice also details the responsibilities of the Partners and how they will collect and use your personal information. Further information about how we use cookies is available in our Cookie Policy. If anything is unclear or if you have any questions about this Notice, please contact us at info@drhair.co.uk
DrHair is committed to the highest standards of data privacy and protection.
We collect personal information required to process and deliver your request for healthcare; and standard technical information to better understand how our website is used.
THE TYPE OF PERSONAL DATE WE COLLECT AND HOW IT IS USED
The personal data we collect and how we use it depends on the services we provide you with.
To dispense your prescription – we collect and process your name, address, date of birth, NHS number and details of the medication that has been prescribed (this includes the name of the medication and the dosage instructions). Capturing this information is necessary to provide the service to you, and we cannot provide you with the medication prescribed without this information. Additionally, we may also need to obtain or share information with your healthcare provider including your GP to provide the best care for you.
To request treatment on prescription requires patients to answer medical questions. The answers to these questions are recorded and form part of the medical consultation with our doctors. Previous prescriptions supplied are considered when issuing new prescriptions, and also form part of the patient records. Doctors or https://drhair.co.uk/wp-content/uploads/2023/04/6-e1680819238505-3.jpgs may request or respond to additional information from the patient. This information also forms part of the patient record. Effective communication is required to facilitate the provision of healthcare remotely, and is achieved by patients providing their email and telephone number(s). Primary communication is via email, video, by phone or SMS. Patients are advised to login to their account or email to view messages from doctors or https://drhair.co.uk/wp-content/uploads/2023/04/6-e1680819238505-3.jpgs. Sensitive details are not sent by email, unless requested via email where consent to reply via email is implied, unless stated otherwise.
Patients should keep their regular GP/doctor informed of treatment provided by Infinity Group Pharmaceuticals Ltd. This ensures your regular doctor is aware of all treatments you are using, particularly important if new treatment is prescribed.
DrHair additionally enters patient and prescription data into a pharmacy prescribing system which serves as a separate independent record of treatment supplied, and is standard practice for UK pharmacies. The pharmacy also makes a printed copy of each electronic prescription from as a secondary record, which is stored according to GPhC standards.
Personal data, or personal information, means any information about a person from which they can be identified. We may collect, store, and use some or all of the following categories of information: System Information (Website Visitors, Account Holders and Customers) When you visit our Site, we automatically collect information about your use of the platform including details of your visits such as pages viewed and the resources that you access. This information may include website traffic data, IP address, pages viewed, location data, browser, operating system, referral source, length of visit, clickstream data and other communication data. This information is not normally personally identifiable from the methods and systems we use. In some situations this information could be combined with other sources to make it personally identifiable, we limit access to ensure that this information remains anonymous. We collect System Information when you interact with our platform, through our Site or otherwise. Identity Information (Account Holders and Customers) When creating an account on our website, logging into or updating an existing account, or placing an order, we will collect Personal data: personal contact details such as name, title, addresses, telephone numbers, and email addresses date of birth and other physical characteristics such as your age, weight and gender billing information and account settings Subject to your explicit consent, we will also collect, store and use your health data, including your prescription requirements. This is considered a special category of more sensitive data. Where we process health data, it will be treated confidentially and will never be used for direct marketing purposes. We collect Identity Information provided voluntarily by you or provided through a partner. For example, when you use Google to login to our Site, or when you register with or use our platform to buy medication (by entering your prescription details for review). We also collect Identity Information when you contact us (by email, telephone or otherwise) to ask a question or request information. Special Category Data (Prescription Customers) In order to provide our services, we will be required to process special category data, for example your health information from your questionnaire or prescription. Where we process this special category data, data protection law requires that we satisfy certain additional conditions. We will only process special category data with your explicit consent to the processing. For example, where you have consented to us accessing your health data contained in your prescription so that we may provide our services and products to you.
PERSONAL DATA
Providing our services As part of the provision of our services, we use the personal information that we collect from you to: register you as a user of our service process your orders and provide your details: (a) to our clinicians to assess your medication needs; and (b) to the Pharmacy to enable you to purchase the medication from them manage our relationship with you (for example by notifying you about changes to our terms or asking for feedback on our service) Monitoring, administering and improving We use your personal information to help us to monitor our performance, administer and improve our service by: tracking and analysing activity to identify patterns and help us improve our Site and communications troubleshooting, conducting data analysis, testing, system maintenance, support, reporting and hosting of data using data analytics to improve customer relationships and experiences analysing information so that we can prioritise features that are relevant and popular educating, training and developing our staff’s performance ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution preventing fraud other business administration such as management and planning, including accounting and auditing Other uses With your prior explicit consent and occasionally under Legitimate Interest, we may use your data to send you specialist information about goods and services offered by us which may be of interest to you. If you wish to withdraw your consent at any time, please contact us at info@drhair.co.uk or click Unsubscribe in any of our emails.
OUR PARTNERS’ USE OF YOUR PERSONAL DATA
As stated above, in order to provide our services to you, we may provide your personal information to our Partners who will act as data controllers in respect of that information. Please see our general Website Terms of Use and Terms of Sale for further information on our Partners’ roles.
PAYMENTS
Payment card data is processed subject to financial transaction regulations.
RETENTION OF YOUR PERSONAL INFORMATION
We will retain your personal information for as long as we are legally or contractually required to do so, or for a period which is justifiable to meet our business needs. The retention of your personal data will be subject to periodic review.
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
THE PHARMACY
How the Pharmacy will use your personal information As part of the provision of the Pharmacy’s services, it will use your personal information that we transfer to the Pharmacy to provide its services, specifically to: process your orders and sell, supply, dispense and post prescription medicines to you in accordance with the Terms of Sale and the Website Terms and Conditions; manage its relationship with you (for example by dealing with any queries you raise);
OUR PARTNER CLINICIANS
Our partner clinicians are a number of individuals registered in the United Kingdom with the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications and trained in providing remote consultations and issuing prescription medicine online. The clinicians will assess your request for the ordered treatment regarding its clinical appropriateness. For more information on the consultation process, please visit our Terms of Sale. How our clinicians will use your personal information As part of the provision of the clinician’s services, they will use your personal information which we provide to them to: assess your health information to determine whether your ordered treatment is clinically appropriate and, if so, write your prescription obtain further information from you if necessary to inform their decision by contacting you using your contact details Fair processing information We are providing the following information to you, required by data protection law, on behalf of the clinicians: Identity of the clinicians Individuals registered in the United Kingdom with the General Pharmaceutical Council, each holding accredited pharmacist independent prescriber qualifications and trained in providing remote consultations and issuing prescription medicine online. Contact details (which you should use to exercise any of your rights listed at Paragraph 11 of this Notice) If you would like to request the contact details of our clinicians, please contact us at info@drhair.co.uk. Purpose of the processing As above in “How the clinicians will use your personal information”. Legal basis of the processing The processing is necessary for health purposes subject to relevant conditions and safeguards and is carried out by a health professional. The period for which your personal information will be stored by the clinician The period for which personal information will be stored will be determined in accordance with applicable law and regulatory guidance issued by the Department of Health. Your rights in relation to the clinician As below in Paragraph 11.
OUR GROUNDS FOR PROCESSING
Data protection law says we only have the right to use your personal information where we can identify a lawful basis for doing so. Your consent to the processing as specified in this Notice is our primary lawful basis. In some circumstances we may also rely on another lawful basis. Most commonly, these will be: where we need to use the information to perform the contract we have entered into with you where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests where we need to comply with a legal or regulatory obligation
INFORMATION SECURITY
The Internet is not a secure medium. However, we have put in place various security procedures as set out in this Notice. Please be aware that communications over the Internet, such as emails and online messages are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control. We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that personal data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We will not share your personal information with or to third parties, except as otherwise provided for in this Notice (for example, to our Partners) and under the following limited circumstances when we want to or are compelled to share your personal information, including: with third party service providers or suppliers to enable us to provide our services (for example payment processors, web hosts, ID verification partners etc). Where we share data with service providers, we require them to sign a contract that obliges them amongst other things to have stringent security measures in place, comply with our instructions and help us to comply with data protection law; to another legal entity on a temporary or permanent basis, in connection with a business deal, such as a merger, financing, acquisition, or sale of our business; where we are required to do so by law; where you have provided your consent.
SECURITY AND RETENTION
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
Under certain circumstances, by law you have the right to: Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it Request the transfer of your personal information to another party You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If you wish to exercise your rights in relation to the processing of your information by any of our Partners, you should at info@drhair.co.uk.
LINKED WEBSITES OR APPLICATIONS
We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Site. We recommend that you check the policy of each website you visit before deciding whether to proceed and contact the owner or operator of such website if you have concerns or questions.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Notice at any time, and we will provide you with a new Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
HOW WE USE COOKIES
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
HEALTH DATA
Personal health and medical data is a different category of data and subject to specific provisions and exemptions.
The lawful basis for processing data is as follows
GDPR Article 6 (1)(c): processing is necessary for compliance with a legal obligation
Index Medical Ltd is legally obliged to abide by regulations governing healthcare which require accurate medical records.
GDPR Article 9 (2)(h): processing of special categories of personal data
Specifically: processing is necessary for the purposes of preventive or occupational medicine, … medical diagnosis, the provision of health or social care or treatment ….
Infinity Group Pharmaceuticals Ltd does NOT rely on user consent to lawfully process their data. Consent cannot be effectively freely given, or withdrawn. Requesting consent as a lawful basis would therefore be misleading.
The medical questionnaires for each treatment area will automatically exclude patients from requesting treatment if contraindications are identified. Our questionnaires and health forms are designed for patient safety and comply with the relevant medical safety guidelines.
Where the remote provision of treatment is not suitable, patients are advised to contact their regular doctor or visit a health centre. Patients can seek advice, and discuss symptoms and treatment with our doctors via a secure messaging system.
YOUR DATA PROTECTION RIGHTS
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us using the contact information below if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint directly to us using the contact details below.
Our contact details.
Infinity Group Pharmaceuticals Ltd
140 Regent Road, Leicester, LE1 7PA
Office Number: 01162554446
E-mail: info@drhair.co.uk
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk