Gordons Chemists Privacy Notice
As a company Gordons Chemists have always taken your privacy seriously. We are committed to ensuring that the personal data which we collect about you in our pharmacies, health and beauty stores, and online (www.gordonsdirect.com) is secure. As a result of a change in European Law on 25th May 2018 (the General Data Protection Regulation) we are now required to explain fully how we collect and use your data. Whilst the way we collect and use this data hasn’t changed, this privacy notice explains what information we collect about you, how we may use it, and the steps we take to ensure that it is kept secure. We also explain your rights and how to contact us.
We may update this Privacy Notice from time to time. This Privacy Notice has been drawn up in line with the Information Commissioner’s Office (ICO) Privacy Notices Code of Practice. We hope that you’ll find it straightforward, but if you have any questions or concerns about this Privacy Notice, please feel free to contact our Customer Services team by emailing: firstname.lastname@example.org.
What information do we collect?
Gordons Chemists collects information about you when you use our services in the pharmacy, when you shop with us, or when you contact us. This information is given to us by you, for example, when you present a prescription to be dispensed or make a purchase in store or online at www.gordonsdirect.com. Some data may also be collected indirectly, for example when you post comments on any of our social media accounts. Data collection is explained below.
On www.gordonsdirect.com we use technology that is commonly referred to as ‘Cookies’. These are small text files which are saved on your device. Cookies perform a number of different functions. Some cookies are essential for the functioning of the website. Certain cookies make our website quicker and easier for you to use, and give information about your behaviour while using our website. A cookie for example can pre-fill your username or email address when logging into your Customer Account. Cookies will provide us with information relating to your visit to gordonsdirect.com; for example, the device and web browser you’re using, date/time of your visit(s), how long you used our website for, pages you viewed, if you made a purchase, and so on. Cookies will also provide us with non-Personally Identifiable Information.
If you choose to withhold consent, or subsequently block cookies, some aspects of our website may not work properly, and you may not be able to access all parts of our website.
Making our website function correctly:
These cookies are essential. They enable you to access certain areas of our website, and log into secure areas of the website (e.g. to place an order, or access your Customer Account).
Monitoring and improving the performance of the website:
These cookies collect information about how visitors to www.gordonsdirect.com use the website – for instance the pages they visit most often. This information doesn’t identify individuals, and we use it only to help us improve the way the website works.
Enabling the features of the website:
These cookies allow our website to remember certain choices you have made, for example the currency you’d like prices to be displayed in. This helps us to provide you with a better, more personal experience.
Marketing and advertising:
These cookies are used to show adverts to you, based on items you’ve searched for or looked at online. They also can limit the number of times you see a particular advert, and measure how an advertising campaign has performed. The cookies remember that you have visited a website and this information may then be shared with other organisations for advertising purposes.
What cookies do we use?
The list below sets out more information about the individual cookies used on www.gordonsdirect.com and the purposes for which they are used:
Necessary Cookies help make a website usable by enabling basic functions like display, page navigation and access to secure areas of the website. The website cannot function properly without these cookies. Necessary cookies used on www.gordonsdirect.com include:
Preference Cookies remember certain features relating to you, in order to make your browsing experience more personalised. Preference Cookies used on www.gordonsdirect.com include:
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. Statistics cookies used on www.gordonsdirect.com include:
_utmz (Google Analytics tracking codes)
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual. Marketing cookies used on www.gordonsdirect.com include:
Ads/ga-audiences (used by Google Adwords)
fr, tr (used by Facebook)
_AVESTA_ENVIRONMENT (used by MailChimp).
Restricting or blocking Cookies:
As above, some areas of our website require cookies in order to function correctly. By default, cookies will be enabled on your computer or device. You can disable these in your web browser, however doing so will affect your experience on www.gordonsdirect.com. You’ll be limited to browsing, viewing and searching for products, but may not be able to place an order with us. You may also experience technical difficulties with other features on the site. You’ll need to re-enter your basic details every time you visit gordonsdirect.com, and we won’t be able to make the site more personal to you.
If you'd still prefer to restrict, block or delete cookies from gordonsdirect.com or any other website, it is straightforward to do so in your internet browser. Each browser is different, so you’ll need to go to the 'help' menu on your browser and look for how to change your ‘cookie preferences’.
Your privacy and shared computers:
If you access www.gordonsdirect.com from a shared computer, cookies may cause your email address to be displayed in the login field to anyone who uses our website on that computer after you. You can avoid this by clearing the cookies that are stored by the web browser. The option to do this is normally in the Settings menu of your browser.
When you place an order with Gordons Direct, we gather and process a range of personal data, mainly for the purposes of processing the order. Examples of this are: name, addresses (billing & delivery), email address, telephone number, goods ordered, your order value, and IP address.
Creating a Customer Account with us creates a history of your ordering with us, and enables you to complete any future orders you may place with us more quickly. In addition to the information we require in order to process an order, a Customer Account will also record the date/time that the account was created, and the date/time that the customer last logged into their Customer Account.
If you make an enquiry to Gordons Chemists via the Enquiry Form located on our Contact Us page, or by emailing us; your name, telephone number, email address and your enquiry will be retained.
Other information is collected indirectly – for example when you engage with us through our social media accounts. This may include your user name. If you raise a query or a complaint through our social media pages, we’ll only use this data to enable us to correspond with you and resolve the matter you’ve raised. The information may be shared internally with relevant personnel within Gordons Chemists in order to resolve the matter to your satisfaction.
PHARMACY OR BUSINESS ACQUISITIONS
In the course of business, we may acquire additional pharmacies or businesses. In such circumstances we will display notices in the relevant pharmacy or business to inform you that your data has been passed to us. If you have any queries about this or do not wish for it to happen please speak to the manager at the premises.
YOUR HEALTHCARE INFORMATION
At Gordons Chemists in addition to dispensing services, we also provide a range of clinical and healthcare services. In these circumstances and whilst dispensing prescriptions we will use the information you give us only to provide you with the relevant care, and in so doing to meet our legal and regulatory obligations. This information would include, but is not limited to your full name, date of birth, HCN/CHI number and prescribed medicines. We may supplement this information with other data which we obtain from our dealings with you or other health professionals via emails, telephone conversations and other written and verbal communication. Your data is maintained securely in a Patient Medication Record (PMR).
We do not use your healthcare information for marketing services, although we may use it to offer you additional health services which may be of benefit to you - for example a Medicines Use Review/Chronic Medication Service. If you are offered these services and choose to take avail of them we will be required to obtain additional data relating to you, in order to fulfil our contractual obligations.
NURSING AND RESIDENTIAL HOMES
Where patients live in Nursing or Residential Homes the care home may share information with us in order to ensure we provide safe and effective pharmacy services whilst fulfilling our contractual obligations.
SHOPPING WITH US IN PHARMACIES OR HEALTH AND BEAUTY STORES
A number of our outlets offer premium beauty counters, for example Estee Lauder, Clarins and Clinique. If you give your contact details and any other personal information (for example your skin type and purchase history) at one of these counters, we will retain this information on file cards.
In addition to the images you supply to us (digital media, prints or tapes) or the passport images taken by us, we will obtain your contact details.
What do we do with the information?
At Gordons Chemists and at www.gordonsdirect.com we use your personal information in the normal course of business and to provide the products, services, offers or news you have requested and also for administrative purposes.
When we use your data we must have a reason for doing so and you have certain rights regarding this. Some of the legal reasons for processing your data are summarised below along with your rights in relation to each category:
Consent - For example you ‘opt in’ to a service via granting consent such as agreeing to marketing emails or consent to receive a flu vaccination in the pharmacy. You may amend, update, withdraw or request deletion of this consent.
Contractual - For example the provision of NHS contracted services such as dispensing, require us to use data to meet our contractual obligations. You may amend your data or ask for it to be deleted provided we do not have a legal requirement to keep it.
Legal Obligation - For example for the purposes of detecting crime or where we have a legal obligation to provide data to Health Boards where we provide NHS services.
These functions are essential to fulfil our legal obligations in relation to our services. If you object to them we will no longer be able to offer these services.
Legitimate Interest - For example if we share marketing information with you (to which you have consented) we have an interest in ensuring that this information is relevant. You do however have the right to object or withdraw consent at any time.
What does this mean for you?
Your health related information is used in various ways to:
- Provide you with medicines prescribed by your GP
- Update you with information regarding your prescription
- Maintain a Patient Medication Record (PMR)
- Confirm identification when you contact us
- Provide ordering, collection and delivery services as agreed by you were available
- Contact you in the event of a product recall
- Contact you in the event of an emergency where we have a duty of care where information relates to your health
- Deal with queries or complaints you may have in relation to medicines or services
As a NHS healthcare provider we are regulated by Pharmaceutical Society of Northern Ireland (PSNI) and Department of Health (Northern Ireland), and General Pharmaceutical Council (GPhC) and Health Boards (Scotland), and are also bound to comply with NHS Information Governance requirements. We understand the sensitive nature of this data and will only use it to provide services and fulfil legal and contractual obligations within the NHS.
Information gathered online is also used in various ways to:
- Process and fulfil orders, and to enable us to contact you regarding your order
- Collect payment
- Respond to enquiries you may make
- Contact you in an emergency situation such as an urgent product recall or when we are made aware of something that may impact on your health and wellbeing.
- Contact you by email for marketing purposes, if you have given your consent. We may occasionally send you our email newsletter. Every email we send will contain an ‘unsubscribe link’ – meaning that you can opt-out from receiving our email newsletter at any time.
PAYMENT INFORMATION GATHERED ONLINE
When you place an order with us online, Fraud Prevention checks are performed by our Payment Process Providers, validating the information you share with us against appropriate 3rd party databases.
Making Payment by Debit/Credit Card:
When you choose to make payment to Gordons Direct with a credit/debit card, we use Realex Payments for the handling of this transaction. Realex Payments are based in Dublin, Ireland. Realex Payments keep your details secure via a number of measures - ensuring your safety when making a payment to Gordons Direct. Any Personal Data that you provide Realex Payments with when making payment is not shared with Gordons Chemists, other than those details necessary for Order Processing and Fraud Prevention. Gordons Chemists employees for example do not have access to your payment information.
Numerous layers of technology are in place to ensure the confidentiality, authentication and integrity of information. Visa and MasterCard have accredited Realex Payments with the highest level of Payment Card Industry security compliance standards, demonstrating a continued commitment by Realex Payments to exceeding industry standards.
Making payment via PayPal:
PayPal is a safe, fast, secure way to pay online. When using PayPal to make a payment to Gordons Direct, your financial details are not shared with us. PayPal stores and safeguards your bankor card details, so you don't need to submit these to us when you make a payment.
In selected pharmacies and health and beauty stores we may employ the use of CCTV to prevent and detect crime and anti-social behaviour. In line with the Information Commissioner’s Surveillance Camera Code of Conduct where we do this we will display a sign letting you know this at the entrance to an area covered by CCTV and within the area. Where we use CCTV we do so in a way which minimises any potential impact on your privacy.
YOUR RIGHTS FOR HEALTH, ONLINE AND PAYMENT INFORMATION AND CCTV
We have legal and contractual reasons for using your data in these ways in addition to a legal obligation to ensure the personal data we hold is up to date and accurate.
You may opt out where separate consent has been sought and obtained for services such as prescription collection and/or delivery or emails with newsletters or promotions.
SHOPPING WITH US IN PHARMACIES OR HEALTH AND BEAUTY STORES
If we hold your information in our outlets at premium beauty counters we hold these securely. They are only accessed by the designated consultant, or someone acting on their behalf. We will use these details to offer you advice and information on the products we offer and those you choose to buy. We will only use your contact details to contact you with special offers or promotions we feel may be of interest to you if you have given your consent for us to do so. Data from the file cards may be shared with the relevant cosmetic company. If this is the case it will be explained to you when you are completing the consent form. In turn Privacy Policies will also be available for these companies.
You may opt out of this service at any time.
Printing services – Gordons Chemists will print images from camera film, printed images or other media that you may supply to us. The images in the format they are supplied to us will only be used by our colleagues to print images or provide any other service requested.
Video and audio transfer - Video and Audio transfer services are provided by Happy Ireland Productions (439 Lisburn Road, Belfast, BT9 7EY). We only share the information they need to provide the requested service, including the media to be copied, your name and telephone number. These details are only used to allow the service provider to contact you to answer queries raised, clarify pricing and/or confirm the service required. A digital copy of these transfer services is retained for 30 days to allow for queries or reprinting requests and then deleted.
Passport Photography Services – The images we capture in store may either be supplied as prints or emailed to you (subject to availability). Images and contact details (where email is required) will be stored for a maximum of one month (to allow reprint requests) and then deleted. Passport images are not shared with any third party.
ANALYSIS OF HEALTHCARE DATA
We analyse data regarding the prescriptions which we dispense. This also helps us to understand how we are operating and enables us to develop products and services. The data provides us with information on dispensing activities which we may share with partner organisations. This information is anonymised and as such you are in no way linked to the information.
Since the data is anonymised, it is not personal data and as such there is no legal right to object to it.
CUSTOMER SURVEYS AND MARKET ANALYSIS
Occasionally we may ask you to give feedback on the services you’ve used in the form of questionnaires or customer surveys. We will only contact you by email if you’ve have given your consent to receive marketing emails from Gordons.
You will always be able to decline to take part in research activities and you can opt out of these types of emails from Gordons as well as other marketing emails. You can do this by contacting us at email@example.com, by updating your communication preferences in your Customer Account, or by clicking on the unsubscribe link that is contained within every email we’ll send you.
Who do we share your data with?
We will never sell your data to third parties.
SHARING WITH THE NHS
In order to provide NHS dispensing services and other NHS services as may apply we are legally required to share information with the NHS. This would include but is not limited to where the information is required to assess the effectiveness of services offered, or where we are legally required to submit information in order to receive payment for services.
Occasionally we may need to let your GP know if we have prescribed an item or provided you with a service, for example if you are given an emergency supply of your medication under the Unscheduled Care Service or are prescribed varenicline for smoking cessation in Scotland.
Should you choose to avail of other NHS services provided in our pharmacies such as Minor Ailments Schemes, Chronic Medication Services or Medicines Use Reviews we may be required to gather further health related information which we need to share with NHS bodies in order to meet our contractual obligations. We will not use this data in any other way.
There are circumstances where your interests are best served by us sharing information in relation to your medication history with an NHS provider, such as a hospital assisting in emergency care, or as part of your treatment or review within the hospital setting.
CHANGES TO OUR BUSINESS STRUCTURE
If as a business we restructure or change ownership of some or all of our operations, we will transfer your personal information to the new body or owner so that there is no interruption in service provision. If you have any queries about this or do not wish for it to happen please speak to the manager at the premises.
WHEN WE ASK OTHERS TO PROVIDE SERVICES ON OUR BEHALF
In order to provide products and services, including the supply of medicines, we may appoint other organisations to carry out some processing activity on our behalf eg Sangers Surgical. In these circumstances we will ensure that information is properly protected and that the processing entity has a GDPR compliant Privacy Notice.
There are times when we may share data with service providers who will in turn provide services on our behalf this could include providers outside the EEA. This could include couriers, data hosting services, manufacturers and suppliers. We will ensure that these companies provide the same level of privacy and data security as we do.
SOME ACTIVITIES THAT ARE CARRIED OUT ON OUR BEHALF BY OTHERS:
- Order delivery
- Market research
- Manufacturers or suppliers
- Payment providers
- Providers of web hosting, content providers, competitions, etc.
- Companies that complete fraud and money laundering checks
- Companies who provide other IT support services
DELIVERY OF YOUR ORDER
We will share certain data with Royal Mail and DPD, to enable them to deliver your order to you. This will include your name and address. It may also include your contact telephone number. We won’t share any information with our couriers that is not necessary for them to deliver your order to you.
When placing an order with Gordons Direct we will send you several emails relating to your order. These are intended to keep you informed about your order. We recommend that you retain a copy of these, for your records.
We use MailGun (www.mailgun.com) to send these emails to you. We’ll only share with MailGun information contained in these emails (which includes your name, address, telephone number(s) and email address, and details of what you have ordered), and information necessary for them to send this to you via email (your email address). MailGun is located in United States of America. MailGun has put in place appropriate safeguards, to protect your personal data.
You may subsequently be contacted after your order has been received by TrustPilot (www.uk.trustpilot.com), inviting you to give feedback on the product and service you have received. We use TrustPilot to request feedback from you relating to your order, and to process this. We do this in order to improve our services.
We’ll provide TrustPilot with your email address and order reference. You can unsubscribe from receiving any emails from TrustPilot (including those sent on the behalf of other merchants) by clicking on the link included in the email you’ll receive from them. TrustPilot is located in Denmark. TrustPilot has put in place appropriate safeguards, to protect your personal data.
We may from time to time send you our newsletter by email, in order to inform you of a promotion or special offer that we feel may be of interest you. We use MailChimp (www.mailchimp.com) to manage our email database and send these emails. We will not share any of your personal information with MailChimp other than that which is necessary for us to contact you, using their services. This will include your name and email address. MailChimp is located in United States of America. MailChimp has put in place appropriate safeguards, to protect your personal data.
We will not send you our newsletter without your express permission. You subsequently can stop receiving our newsletter by advising us of this by email (firstname.lastname@example.org), or by updating your communication preferences in your Customer Account, or by clicking on the unsubscribe link that is contained within every email we’ll send you.
The details of enquiries are shared internally and may also be shared anonymously with manufacturers or suppliers if this is required in order to resolve your inquiry.
SHARING DATA WITH THOSE OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)
When Personal Data is transferred, processed and stores within the EEA, an adequate level of protection is offered – to keep your Personal Data safe and secure. There are a number of additional countries which offer a similar level of protection, which includes United States of America.
WHO ELSE HAS ACCESS TO YOUR PERSONAL DATA?
Our website is built on an Ecommerce Platform called Magento. Magento’s headquarters are based in California, USA. Magento have offices worldwide, located in both the European Economic Area, and outside of this. Magento’s developers might have remote access to personal data stored in the EU from locations outside the EU. Magento has put in place appropriate safeguards for such remote access.
Our website is hosted by Simple Servers Ltd. (www.simpleservers.co.uk). Their head office is located at: Simple Servers Ltd, 3 Chestnut Court, Jill Lane, Sambourne, Redditch, B96 6EW. Their data centres (i.e. where your personal data will be stored) are based in the United Kingdom. Simple Servers Ltd. has put in place appropriate safeguards, to protect your personal data.
Our website is maintained and developed by Web Bureau (www.thewebbureau.com). Their offices are located at: Studio 4, Potters Quay, 5 Ravenhill Road, Belfast, BT6 8DN. Web Bureau has put in place appropriate safeguards, to protect your personal data.
Your data is stored safely and securely inside the EEA but is accessible from outside the EEA. Since this is our storage solution, if you wish to opt out of having your data accessible from outside of the EEA, you’ll need to close your account with Gordons Direct and notify us that you wish your information to be deleted. Contact us at email@example.com.
How secure is my personal information?
We take the security of your personal information very seriously. We employ security technology including firewalls to safeguard information and have procedures in our outlets to ensure that paper and computer systems and databases are protected against unauthorised use, loss or damage.
How long do we keep your personal information?
Records are retained in line with our Retention and Disposal Schedule. This reflects the length of time we need to retain records for to fulfil legal or business obligations or to resolve disputes. We also follow NHS guidance in relation to data retention in our to fulfil our contractual and legal obligations in this regard. Your data will be held securely and will not be used for any other purpose.
Your information: your rights
Your information is exactly that and we want to make it simple for you to exercise the rights you have in relation to it. If you need us to amend or update your details or update your marketing preferences please let us know.
YOUR RIGHT OF ACCESS
If you wish to obtain a copy of any information Gordons Chemists holds about you or have any queries about the way we manage your personal information, please contact firstname.lastname@example.org.
You have to right to obtain a copy of any/all information that Gordons Chemists holds about you, such as personal details, correspondence, marketing preferences, consent etc. We will complete these requests within one calendar month and they are free of charge.
YOUR RIGHT TO RESTRICT PROCESSING
You have to right to request that Gordons Chemists stop certain data processing activities that involve processing your personal data. This isn’t an automatic right - what we are able to do will depend on the type of data that we hold about you and why. Please contact us to exercise your right to object to Gordons Chemists processing your data at email@example.com.
YOUR RIGHT TO DATA REMOVAL
As a customer, we will process and retain your data as described in this Notice. When you are no longer using our services we’ll hold your data as described in the data Retention and Disposal Schedule. You do have a right to request that Gordons Chemists deletes your personal data it holds. This isn’t an automatic right, what we are able to delete will depend on the type of data that we hold about you. Please contact firstname.lastname@example.org to request your data to be deleted.
For any of the above requests please contact us as described above, or by writing to us at:
74 Scarva Road,
We will process your request as quickly as possible but you should be aware that the General Data Protection Regulation allows the Company up to one calendar month to respond to your request. This can be extended up to three calendar months if your request is complex, however, you will be advised directly if this is the case. You may be asked for identification.
If you require access to CCTV footage (for example, if you’re the victim of a crime that takes place on our premises), you should write to us at:
Gordons Chemists Head Office
74 Scarva Road
We’ll ask the date and approximate time of the incident you wish to view and as much detail as you can to help us locate the correct footage. We’ll do our best to help, but there are situations in which we may be unable to make CCTV footage available to you, such as where the incident occurred some time ago or if we believe that allowing you to view it would breach someone else’s privacy.
Online customers need to be 16 years old or greater to create an online account with us, and/or to sign up to receive our newsletter. We do not knowingly collect Personal Data from children under the age of 16 years on our website. If you are under the age of 16 years, please do not submit any Personal Data through the Services.
We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Notice by instructing their children never to provide their Personal Data, without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us, please email us at email@example.com and we will endeavour to delete that information from our databases.
Contacting us about your personal data
Please contact us if you have any questions about this Privacy Notice or the information we hold about you; either by writing to:
74 Scarva Road,
or by emailing us at firstname.lastname@example.org.
WHO CAN YOU COMPLAIN TO?
If you are not satisfied with any aspect of how we deal with your information, or how we comply with your request for a copy of your information, you can contact:
Data Protection Officer for Gordons Chemists:
Mrs Joanne Wright (Data Protection Officer)
74 Scarva Road
Information Commissioner details for Northern Ireland and Scotland:
The Information Commissioner’s Office - Northern Ireland
The Information Commissioner's Office - Scotland
45 Melville Street