Mens Pharmacy is compliant with the General Data Protection Regulation (GDPR).
In acting as a data controller and data processor, we are committed to protecting and respecting your privacy and are transparent in everything we do. We may change this Policy from time to time so please check this page to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy. You can find below information regarding the purpose of data collection, the circumstances under your data is used and the disclosure conditions. We are required by law to hold your information for as long as it is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as a data controller. We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date. However, you are under a duty to inform us of all changes to your Personal Data to assist with this and we will delete and update your Personal Data accordingly.
What personal data we collect and why?
We may collect demographic information, such as your age, postcode, and gender. There is also information about your computer hardware and software that is automatically collected by us, including your IP address, browser type, domain names, access times and referring website addresses.
Specifically, we may collect the following categories of information:
a. Name, home address, e-mail address, telephone number, passport or other recognized personal ID, credit/debit card or other payment details;
b. Date of birth, gender, driving license;
c. Medical history or concomitant medications;
d. Information about your use of our website and/or App;
h. The communications you exchange with us or direct to us via letters, emails, chat service, calls, and social media.
i. Location, including real-time geographic location of your computer or device through GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, if you use location-based features and turn on the Location Services settings on your device and computer.
Your data is used for the purpose of providing products and services upon your request, in relation to your health condition.
Why do we use your personal data for?
In order to inform you of any changes and improvements of our services, we will require to keep your contact information, such as your name, email address and telephone number, for the purpose of correspondence. As permitted by the GDPR Regulation, our customers will be informed of any new marketing information available and upcoming offers. You have the option to unsubscribe to these emails at any time using the unsubscribe option or the setting from your customer account. Any medical information you provide us is considered sensitive personal data.
To safely prescribe our products our physician must be aware of your current and past medical conditions. We will require elements of personal identification such as ID, passport or driving license. This is due to our legal obligation to confirm and verify the identity of the individual we are prescribing medicine to. We attempt to do this using LexisNexis to perform identity checks. They will access public databases and credit agencies in order to verify your identity. This is known as a "soft search " and will not impact your credit file in any way. If we can not identify you automatically we may ask for driving licence or passport.
Payment card information is collected so we can process your order and take payment for the medicines you wish to purchase.
We collect automatically details about the type of device you use to access our website, its operating system and version, your IP address, your general geographic location, your browser and the webpages / content you view. We also monitor website sessions. All the information that we collect automatically is used to protect our website and to improve our services. We are continuously engaged in protecting your personal data. You may request that we confirm what information we hold about you at any time and may request us to modify, update or delete such information. We will require you documents to verify your identity and may ask for more information about your request. If you wish to contact us with respect to the above matters, please email us at [email protected]
Sharing your personal data
- Government authorities, law enforcement bodies,
- Trusted service providers we are using to run our business
We require all services providers to process your information in a secure manner and in accordance with Irish and EU law on data protection. A list of our service providers is available on request.
When you use our Royal Mail collection service Royal mail will receive your email address and mobile number to inform you when your order is ready for collection.
Transferring your data outside of the EU
It is possible that the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA").
We transfer your data to other countries outside of the EEA only when it is absolutely necessary for the performance of a contract to provide you with services. We utilise standard means under EU law to legitimise data transfers outside the EEA.
- Transferring to countries approved by the European Commission
- Using model contractual clauses approved by the European Commission
- Requiring companies we transfer information to in the United States to be signed up to the EU/US Privacy Shield Framework
If you require further information, please contact [email protected]
The legal bases for using your personal information
There are different legal bases that we rely on when processing your personal information.
- Contractual obligation – Processing is necessary for the performance of a contract with the individual or to take action upon an individual request to enter into a service agreement.
- Legal Obligation – Processing is necessary for compliance with a legal obligation that the controller is subject to. In particular our obligations to HMRC.
- Consent – We undertake processing necessary to provide direct marketing under the basis of individual consent for one or more specific purposes
- Legitimate interest – As part of providing you with our services we have a legitimate interest in contacting you with respect to changes to those services or improvements.
The legal bases for using sensitive personal information
We process sensitive personal information about you such as your medical history because our healthcare professionals will assess information such as whether you are able to work, your medical diagnosis, in order to provide health or social care or treatment, or to manage health-care or social-care systems (including to monitor whether we are meeting expectations relating to our clinical and non-clinical performance).
How long do we hold your data for?
We are required by law to hold your information for as long as it is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as a data controller. We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date. However, you are under a duty to inform us of all changes to your Personal Data to assist with this and we will delete and update your Personal Data accordingly. We are obliged to retain data for longer periods so as to meet our legal obligations to regulatory bodies which are set by law or recommended by regulators, professional bodies and associations.
If you have a question about a specific retention period for certain types of personal information we process about you, please send an email to [email protected]y.co.uk.
How do we safeguard your personal data?
Data security is of great importance to Mens Pharmacy and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected via this website. This website takes every precaution to protect our users' information. When users submit sensitive information via the website, your information is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol. If password access is required for certain parts of our website, you are responsible for keeping this password secure and confidential. We endeavour to do our best to protect your personal data. However, transmission of information over the internet is not entirely secure and is done at your own risk. We cannot ensure the security of your data transmitted to the website.
Mens Pharmacy is committed to protecting the personal information you entrust to us. Mens Pharmacy will exert the due-diligence regarding the protection of your personal data in extent to the relation to our third-party suppliers to provide adequate security measures.
Please be aware that under the GDPR, you are granted with the following data protection rights:
- Right of access – you have the right to request us a copy of the information that we hold about you.
- Right of rectification – you have the right to notify and to correct any data that we hold about you that is inaccurate or incomplete. Please ensure that your personal information is complete, accurate and up to date. Please inform us promptly of any changes to or inaccuracies in your personal information that you cannot correct yourself via the website by contacting [email protected]
- Right to be forgotten –you can ask for the data we hold about you to be deleted from our records, in certain circumstances
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
- Right of portability – for you have the right to have the data we hold about you transferred to another party or organisation, please access the email address [email protected] and we will be happy to work with you to provide this information in a machine-readable format.
- Right to object – You have the right to object to the processing of your personal data that was based on a public or legitimate interest
- Right to object to automated processing - including profiling.
- Right to judicial review - in the event that Mens Pharmacy refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
- The right to withdraw consent at any time.
For a total transparency, Mens Pharmacy wishes to be as open as it can be in terms of giving people access to their personal data. Our customers can find out if we hold any personal information by making a ‘subject access request’.
What forms of ID will I need to provide in order to access this?
Mens Pharmacy accepts the following forms of ID when information on your personal data is requested:
Passport or Driving Licence
How do I make a ‘Subject Access Request’?
You can send an email to [email protected] and the responsible GDPR Owner will provide you with a subject access request form and facilitate the request. The responsible GDPR Owner will respond to your request as soon as possible and within 30 days of your request form being formally submitted.
Complaints or Queries
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you have the right to file a complaint with the Information Commission.
The details for each of these contacts are:
Mens Pharmacy complaints contact details
Information Commission contact details
Information Commissioners Office
Address line 1:
Springfield House, Water Lane
Wycliffe House, Water Lane
Address line 2:
Address line 3:
What are 'cookies' and how are they used?
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer's hard drive. Such information will not identify you personally. It is statistical data which does not identify any personal details whatsoever.
Please refer to the following guides below if you wish to disable cookies.
Links to other websites
Review of this Policy
We are continuously reviewing this Policy so please check often for changes. This is the version that was last updated in May 2018.
Document owner and approver
The GDPR owner is responsible for ensuring that this policy is reviewed periodically (at least annually). A current version of this document can be consulted and is available on request.
This policy and procedure was approved by the GDPR owner on 22/05/2018
Signature: Izaac Threlfall Date: 22/05/2018