Privacy Policy

This privacy notice tells how and for what purposes we collect and use personal data from our pharmacy patients and service users and what to expect us to do with your personal information when you contact us or use one of our services

We’ll tell you:

  1. why we are able to process your information
  2. what purpose we are processing it for
  3. whether you have to provide it to us
  4. how long we store it for
  5. whether there are other recipients of your personal information

GDPR has six main principles. These are listed below together with an explanation of how we comply with these principles.

Processed lawfully, fairly and in a transparent manner

This means having a lawful basis (reason) for processing data, handling the data honestly, and being unambiguous about how we intend to use this data.

We have developed procedures to ensure that all information collected about you is processed fairly, lawfully and in a transparent manner.

We process your personal data in the performance of a task in the public interest for the provision of healthcare and treatment. We process your personal data in the performance of a task in the public interest for the provision of healthcare and treatment.

In addition, we have developed this guidance to help you understand the purpose of our data collection and the steps we have taken to protect your data.

Collected for specified, explicit and legitimate purposes

This means being open and clear about why personal data is being collected and outlining the exact legal purpose for processing.

We will only collect data that is necessary and relevant to the delivery of our pharmacy services, or for any future products, or services, we may offer you from time-to-time.

We process your personal data, which includes information from your prescriptions and any other pharmacy and health care services we provide to you (including medicines use reviews, flu vaccinations, stop smoking services etc.) for the purposes of:

Your care – providing pharmacy services and care to you and, as appropriate, sharing your information with your GP and others in the wider NHS;

Our payments – sharing your information with the NHS Business Services Authority, others in the wider NHS, and sometimes Local Authorities, and only limited information to those external to the NHS who negotiate and check the accuracy of our payments; and,

Management – sharing only limited information with the NHS Business Services Authority and others in the wider NHS and sometimes Local Authorities

As part of providing a professional, safe and efficient service, there is certain information that we record. This includes details of drugs and appliances dispensed against NHS prescriptions as well as significant advice given, and referrals made to other health professionals and any other relevant information.

Information recorded may include;

  1. basic details about you, such as address, date of birth, next of kin;
  2. records of medicines you have been prescribed by your doctor or another qualified prescriber, and which have been supplied by this pharmacy;
  3. details of medicines purchased from the pharmacy without a prescription (“over the counter medicines”);
  4. other details and notes about your health and medical treatment;
  5. information relevant to your continued care from other people who care for you and know you well, such as other health professionals and relatives; and
  6. any other services we provide to you, for example, a flu vaccination.

How we will use your data

We use this data for your care – that is providing a range of pharmacy services and as appropriate sharing your information with your GP and others in the wider NHS including the NHS Business Services Authority and Local Authorities. We share limited information to those external to the NHS who negotiate and check the accuracy of our payments or those who ensure that we maintain appropriate professional and service standards and that your declarations and ours are accurate

The information you give to us will be used to provide you with the pharmacy service for which it was intended. We may be required to share your data as part of our contractual requirements – for example if you take part in the NHS New Medicine Service or the Medicines Review Service we may need to share the information discussed with your GP.

In addition your data may be used to

• Contact you if we need to resolve a query

• Enable us to deliver an effective pharmacy service

• Assess the quality of the services we have provided to you

• Help us assure quality and safety of the services we provide to you in the future

• Ensure consistent quality and safety of other services we may provide to you

• Provide us with broad demographic data

• Provide us with information in order to develop new products or services

We may be legally obliged to share your data upon receipt of a legitimate request, but we will only do so in accordance with the law.

Your data and third parties

We may share or discuss your data with appropriate parties involved in your care, but we will only do so in line with data protection requirements. For example, we may need to discuss your prescription with your prescriber, or we may need to obtain information from another pharmacy from which you have obtained pharmacy services previously, in order to ensure the service we are providing to you is clinically appropriate.

From time to time, we may use the data we obtain from you for statistical analysis and research. We may also provide data showing trends to third parties – for example, we share some data with the NHS to help improve patient safety. It will not be possible to identify you or any other individual from such data.

We will not share your information with any third parties for the purposes of direct marketing.

How to opt out of disclosure of your information

If you would like to explicitly refuse consent for information to be shared, for example with other healthcare professionals involved in providing care to you, it may mean that the care that can be provided to you is limited. You should advise the staff of your wishes and discuss the potential implications on your care or treatment.

Adequate, relevant and limited to what is necessary in relation to the purposes of processing

This means only holding the amount of information sufficiently necessary for the purpose(s) intended

We ask only for data that is to be used to provide you with information relating to the service you are accessing. Sometimes we may aggregate data so we can identify trends and draw wider conclusions. In these circumstances the data will be processed to prevent identification of any individuals.

Accurate and where necessary, kept up-to-date

This means taking reasonable steps to ensure accuracy of information, and verifying and rectifying/updating information without delay as required. only holding the amount of information sufficiently necessary for the purpose(s) intended

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose, those purposes, or for the purpose of any future services provided by us

The information that we collect from you and from which you are identifiable will be updated at your request. We may ask for appropriate evidence before updating this information.

If you would like to update your details, please contact our staff to make the appropriate changes. If this does not meet your requirements, if you have a specific or detailed query about the use of your data, which is not covered within this guidance, or if you would like to obtain a copy of the data held about you, please speak to our staff.

Kept in a form which allows the identification of an individual for no longer than is necessary

Taking into account the purpose(s) for which information is held, this means reviewing the length of time information is kept, and making sure information is not kept for longer than necessary.

We are legally required to keep some information for a certain length of time. Your information will be held in line with our legal requirements. It will be held for an appropriate period of time which allows us to provide an effective pharmacy service to you and to refer back to the information in the future, if we may reasonably be required to do so. For example, in the event that you had a complaint about our pharmacy services, we may need to check the information we held at the time

Processed in a manner that ensures appropriate security

This means preventing data breaches by having suitable security measures in place to fit the type of data processed (for example, physical security measures such as locks on manual filing systems, and electronic security measures such as passwords on computer terminals).

We have various physical and technical security measures in place to prevent unauthorised access to your data, such as passwords on computer systems to which only our staff have access. We also have systems to prevent unexpected loss of your data, such as secure computer backup facilities.

Your Rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

You have the right to confidentiality under the General Data Protection Regulation and [the Data Protection Act 2018] and the common law duty of confidence

We also comply with the NHS Code of Practice on Confidential Information and pharmacists have a requirement under their professional standards to keep records about you confidential, secure and accurate. All of our staff contracts of employment contain a requirement to keep patient information confidential.

Your right to view your health record

You have the right to ask for a copy of all pharmacy records about you (generally in paper or electronic form). There are some exemptions, which means you may not always receive all the information we process.

Generally, there will be no charge for a printed copy of the information we hold about you. We are required to respond to your request within one month.

You will need to give adequate information in order for pharmacy staff to identify you (for example, full name, address and date of birth). You will be required to provide ID, for example a passport, full driving licence or credit/debit card before any information is released to you.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent.

Generally, you are not required to pay any charge for exercising your rights. We have one month to respond to you

Please contact us if you wish to make a request.

Where your data will be stored

Your data will be held on the computer system(s) within our pharmacy and on any paperwork relevant to the provision of pharmacy services to you. Your data may also be held by systems and support networks involved in your care. Your data may also be backed up or archived within purpose-built, professionally managed, secure data storage facilities in the UK, which will be monitored 24 hours a day, 365 days of the year. Appropriate security measures are in place in line with our NHS requirements to protect your data.

How we comply with the General Data Protection regulation (GDPR

We have internal procedures to ensure that all information which is collected and held about you is held in accordance with the legal requirements and principles of GDPR which came into effect on 25th May 2018.

Data Protection Officer

We have designated a Data Protection Officer (DPO), Mr Adam Peel. Adam is a qualified pharmacist and experienced in Data Protection and Confidentiality matters and is taking full responsibility for all matters relating to data protection and GDPR compliance. Our DPO is responsible for making sure that our business processes and decision making are in line with GDPR requirements and good practice. The DPO will ensure that we are accountable and transparent to the supervisory authorities.

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact Adam by e-mail or by writing: adma.peel1@nhs.net or via our postal address (85 – Newpark road, London SW2 4ES). Please mark the envelope ‘Data Protection Officer’.