PRIVACY POLICY

LAST UPDATED: Wednesday, January, 2023

THIS PRIVACY POLICY is to provide affiliated medical entities or general physicians and their patients, job-seeking clinical pharmacists, and affiliated clinical pharmacists (hereinafter referred to as “you” or “user”) of Virtual Pharmacist, with its office at Virtual Pharmacist LTD, Bramwell Rd, Allerton Bywater, Castleford WF10 2GQ , (hereinafter referred to as “we”, “us”, “our”) with a detailed description on how and why we may collect, store, use, and/or share (hereinafter referred to as “process”) your information. 

The processing of Personal Information, such as the name, address, email address, or telephone number of a user, shall always be in line with the General Data Protection Regulation (the “GDPR”) and in accordance with the country-specific data protection regulations applicable to us. 

You must read this Privacy Policy, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data and what data protection rights you have.

Terms not defined under this Privacy Policy will have the same meaning as that defined under the Terms and Conditions and Cookie Policy available on our website and in the policy folder within the VP panel (https://virtualpharmacist.co.uk/). 

1. what information do we collect?

   1. Personal Information Disclosed. We collect Personal Information that you voluntarily provide us when you engage in our services or agree to provide services to us or show interest in engaging in our services or providing services to us. All personal information you provide must be true, complete, and accurate, and you shall notify us of any changes to such personal information. Personal Information includes:

      1. Personal Information you provide, and we collect include without limitation, name, phone number, email address, mailing address, job titles, contact preferences, billing address, debit, or credit card numbers. 

      2. Sensitive information you provide, and we collect include without limitation, health data, financial data, medical records, genetic data, information revealing race or ethnic origin, social security numbers or other governmental identifiers, age, and gender.

      3. confidential patient information you provide, and we collect include information that can identify you and information about your health care or treatment. 

      4. Payment data you provide, and we collect is necessary to ensure all transactions are successfully processed.

   2. Information automatically collected. Non-identifiable, non-personal information are automatically collected by us when you visit, use, or navigate our website. This information does not reveal your specific identity but may include device and usage information, Internet Protocol (IP) address, browser and device characteristics, operating system, language preferences, device name, country, location, and other technical information. This information is primarily needed for our internal analytics.

   3. Like many businesses, we also collect information through cookies and similar technologies. Please refer to the Cookie Policy for a detailed description of the policy.

2. WHY DO WE PROCESS YOUR INFORMATION?

We process your Personal Information for a variety of reasons, depending on the nature of our professional relationship with you, that includes (i) for the performance and delivery of services to you; (ii) for responding to your inquiries or to offer support to you; (iii) for you to deliver and perform services for us; (iv) for administrative purposes; and (v) for communication. 

3. What legal basis do we rely on?

   1. The General Data Protection Regulation (GDPR) and UK GDPR requires us to explain valid legal basis in order to process your personal information. Such legal basis include:

      1. Consent. We may process your information if we have received your permission or consent to use your personal information. You may withdraw your consent at any time. 

      2. Contract. We may process your Personal Information when we believe it is necessary to fulfil contractual obligations that includes providing or performing services.

      3. Compliance With Law. We may process your information where necessary for compliance with our legal obligations that includes cooperating with law enforcement bodies or regulatory agencies, exercising or defending our legal rights, or disclosure of your information as evidence in litigation when made mandatory by appropriate court or applicable law.

      4. Record Keeping. We may process your Personal Information for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to provide services to you in the most efficient manner in accordance with this policy.

4. WHO WE SHARE Personal Information WITH?

   1. We may share your information with our affiliates, business partners and professionals who shall be bound by the same amount of confidentiality as we are with regard to your personal information. 

   2. We may also share your Personal Information with providers of other IT, digital, and technology products and services, which we use to operate our business. For example, providers of website hosting services, website and app analytics services, customer email services, digital marketing services, and social media advertising services. We impose contractual obligations on the above providers to ensure that your Personal Information is protected. 

   3. We may also:

      1. share your Personal Information with members of our staff;

      2. disclose your Personal Information to professional advisers (e.g., lawyers, accountants, auditors, or insurers) who provide professional services to us;

      3. disclose your Personal Information to certain third-party such as the NHS if specifically requested or agreed with you;

      4. disclose and exchange certain Personal Information (where applicable) with law enforcement agencies and regulatory bodies to comply with our legal obligations; and

      5. Such data recipients will be bound by confidentiality obligations.

5. HOW LONG WE KEEP Personal Information

   1. We will retain your Personal Information for as long as reasonably necessary or up to a term of five (5) years, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

   2. To determine the appropriate retention period for Personal Information , we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we Process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

   3. We may also anonymize your Personal Information (so that it can no longer be associated with you) for analytics, research, or statistical purposes, in which case we may use this information indefinitely without further notice to you.

6. DATA SHARING OPT-OUT

We are compliant with the following two (2) different types of data-sharing opt-out options.

1. Stop Your GP Surgery From Sharing Your Data. This is called a Type 1 Opt-out. To do this a patient will need to fill in an opt-out form and return it to their general physician. Only their general physician can process this opt-out form. They will be able to tell you if, and when, you have been opted out. If you choose a Type 1 Opt-out, your GP will not share your data for research and planning. However, NHS Digital will still be able to collect and share data from other healthcare providers, such as hospitals.

2. Stop NHS Digital And Other Health And Care Organisations From Sharing Your Data. This is called the National Data Opt-out. If you choose this opt-out, NHS Digital, and other health and care organisations will not be able to share any of your personal data with other organisations for research and planning, except in situations as required by law.

7. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the services, you represent that you are granting, or have received consent, from parent or guardian of the minor, for providing such personal information.

8. YOUR RIGHTS

   1. In this section we have listed the rights that you have under applicable data protection law. Your principal rights under applicable data protection law are:

      1. the right to access – you can ask for copies of your Personal Information;

      2. the right to rectification – you can ask us to rectify inaccurate Personal Information and to complete incomplete Personal Information;

      3. the right to erasure – you can ask us to erase your Personal Information;

      4. the right to restrict processing – you can ask us to restrict the processing of your Personal Information;

      5. the right to object to processing – you can object to the processing of your Personal Information;

      6. the right to data portability – you can ask that we transfer your Personal Information to another organisation or to you;

      7. the right to complain to a supervisory authority – you can complain about our processing of your Personal Information; and

      8. the right to withdraw consent – to the extent that the legal basis of our processing of your Personal Information is consent, you can withdraw that consent.

   2. These rights are subject to certain limitations and exceptions. You may exercise any of your rights in relation to your Personal Information by written notice to us, using the contact details set out below.

9. INFORMATION SECURITY

   1. We have appropriate security measures to prevent Personal Information from being accidentally lost, used, or accessed unlawfully. We limit access to your Personal Information to those who have a genuine business need to access it. Those Processing your Personal Information will do so only in an authorised manner and are subject to a duty of confidentiality.

   2. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

10. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy was last updated on the date first mentioned above. We may change this Privacy Policy from time to time; when we do, we will publish the latest version of the Privacy Policy on our website. If you are our User, we may also inform you via email or post. However, by continuing your access to our website you agree that you have read the updated Privacy Policy and are bound by it.

11. REPRESENTATIVES

    1. Our representative within the EU with respect to our obligations under data protection law is: 

2. Our representative within the UK with respect to our obligations under data protection law is: 

12. 1. Our data protection officer’s contact details are: 

13. 1. If you have any questions regarding any part of this Privacy Policy or our use of your Personal Information, please contact us by email at hello@virtualpharmacist.co.uk, by post to Stonehill 4 Peplow Close Burton Salmon Leeds LS 25 5RA, or by phone on 01138715065.