Data Processors

Data processors and the information we share

As part of our policy to provide you with and open and transparent overview of what information we hold, we have listed the companies we work with. Below is a list who we share your information with to help provide our service to you and what that information is.

MailCoach

Why we use them

If you consent and opt-in to allow us to send you marketing communications, we use MailCoach to send those e-mails and to track who opens and what is clicked within those e-mails.

What we share

We maintain a list of e-mail addresses and keep a list of those e-mail addresses in Mailcoach. When you click on a link that information will be stored, and we will use that information to help us provide you with similar offers.

What safeguards are in place?

Information may be sent out of the EU for processing. MailCoach has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes and lawfully transfers EU/EEA personal data to the U.S. pursuant to our Privacy Shield Certification. We also complete a SOC II Type 2 examination on an annual basis for the Trust Principal Criteria of Security, Processing Integrity, Confidentiality, and Availability.

GDPR | Mailcoach

Stripe

Why we use them

We use STRIPE to process your payment if you opt to pay by card or Apple pay.

What we share

In order to identify you and to process your payment whilst making appropriate checks for fraud we send STRIPE your name, address, e-mail and billing address details and your transaction number. We use a secure method of sending them your card number, expiry dates and CVV that we cannot access and do not store. We do keep a token that relates to your transactions in order to verify payment.

What safeguards are in place?

Information may be transferred outside the EU.

Stripe has certified to the EU-US and Swiss-US Privacy Shield for this reason. Stripe’s Privacy Shield certification is here, and our Privacy Shield Policy here. For more information, please visit Stripe’s EU data transfer support page here.

RYFT


Why we use them

We use Ryft to process your payment if you opt to pay by card or Apple pay.

What we share

In order to identify you and to process your payment whilst making appropriate checks for fraud we send RYFT your name, address, e-mail and billing address details and your transaction number. We use a secure method of sending them your card number, expiry dates and CVV that we cannot access and do not store. We do keep a token that relates to your transactions in order to verify payment.

What safeguards are in place?

Information may be transferred outside the EU.

For details on their privacy policy: Ryft (ryftpay.com)

PayPal

Why we use them

We use PayPal to process payments

What we share

We send PayPal your name and delivery address. And the amount we need to charge you. As you sign in to their systems as they handle all of the payment we do not need to send any other information.

What safeguards are in place?

Information may be passed outside the EU. Further information can be found at: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Trustpilot

Why we use them

If you consent and opt to receive Trustpilot invitations, you will receive an e-mail invitation to review our service.

What we share

We will send them only what they need to contact you, your name and e-mail address along with the transaction number so that we can confirm that your review is a genuine review.

What safeguards are in place?

Information may be transferred outside the EU. Only the minimum amount of information required to provide the service you ask for is transferred. Further details available at: https://support.trustpilot.com/hc/en-us/articles/360000306528--How-do-we-protect-your-data-

Reviews.io


Why we use them

If you consent and opt to receive Reviews.io invitations, you will receive an e-mail invitation to review our service.

What we share

We will send them only what they need to contact you, your name and e-mail address along with the transaction number so that we can confirm that your review is a genuine review.

What safeguards are in place?

Information may be transferred outside the EU. Only the minimum amount of information required to provide the service you ask for is transferred. Further details available at: Data Protection - REVIEWS.io

Google

Why we use them

When you visit our website Google use cookies identify you and see what it is you look for on our website. We use this to see what people find interesting about our site so we can improve the services and products we offer.

What we share

Using this website will result in small data files being stored on your computer. These are known as cookies. Most websites do this.

We use cookies for:

· Remembering settings, so you won’t have to re-complete an entire form if there is a mistake.

· Measuring how our website is used so we can improve your experience (see Google Analytics below).

· Our cookies aren’t used to identify you personally. You can manage and/or delete them as you wish, refer to your web browsers help documentation and settings for details on how to do this, the information is usually found under privacy/security settings.

What safeguards are in place?

Google may transfer data outside the EU. They are committed to the highest levels of data security. Further details can be found at: https://privacy.google.com/businesses/compliance/#?modal_active=none

DPD

Why we use them

We use DPD to deliver your order to you.

What we share

In order to do this, we share your name and address along with your transaction number. We will also send them your contact details including e-mail and mobile telephone number to allow you to track your deliveries

What safeguards are in place?

DPD have high levels of security. Further details of their information security policy can be found at http://www.dpdlocal.co.uk/gdpr.pdf

Microsoft

Why we use them

We use some Microsoft services to provide the services you request. If we contact you or you contact us via e-mail then this information will be stored on Microsoft server computers.

What we share

This may include your name and address, your e-mail address and other contact details such as telephone number along with sensitive personal information in the content of the e-mail. We have a retention policy which says we will not keep e-mails longer than is necessary.

What safeguards are in place?

Microsoft may send information outside the EU. Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield privacy and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.

Royal Mail

Why we use them

We use Royal Mail to deliver your order to you.

What we share

In order to do this, we share your name and address along with your transaction number. We will also send them contact details including e-mail and mobile telephone number to ensure you receive updates on the progress of your order.

What safeguards are in place?

Royal Mail Group may need to transfer personal information about customers to third parties located outside the UK. If we do, we will ensure that information is protected to a level which meets the requirements of UK law. https://www.royalmail.com/privacy-policy & https://www.royalmail.com/gdpr/. In all cases, Royal Mail will be the Data Controller for any information passed to them. 

Freshdesk

Why we use them

We use Freshdesk to help with our contact management. Our e-mails, live chat, twitter and Facebook contacts are run through Freshdesk.

What we share

The information held includes your name and contact details including e-mail address and location along with the content of any communication we have with you, which may include sensitive information. In addition, we may supplement this information with notes we make to help process your order.

What safeguards are in place?

Freshworks, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Freshworks, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list].

Algolia

Why we use them

We use Algolia to support our online search functionality.

What we share

We pass through limited details such as name and contact details which are indexed and stored in Algolia’s systems. We do not send any sensitive personal information.

What safeguards are in place?

Algolia, Inc. is a USA based company with subsidiaries in France and UK operating our services globally in more than 15 regions. Your data primarily stay in regions where you decide your data to reside. Logs of search queries and operations can be processed outside of the EU but always stay in a system respecting privacy and security.https://www.algolia.com/security

Amazon

We use Amazon servers to keep all of your data and to process that information in order to deliver the services you request from us. Our servers use the highest levels of security available including encryption at rest, London based servers using DMZ and encryption of data in transit using SSL.

The personal data we hold is:

Account details

Name, Addresses, E-mail, Gender, Date of Birth, Telephone number.

Order details

Status of order, internal notes relating to your order, the content of your order, how much you paid, delivery tracking details, IP address, any data passed back from payment providers, any information we needed to collect to verify your order.

Options

If you opt-in to receive different types of communication.

Notes

Relating to your order including any communication we have had with you, this may include sensitive information.

Partner orders

As above.

Lexis Nexis Risk Solutions 

Why we use them

We use Lexis Nexis Risk Solutions to verify your identity when you buy certain medicines, we use identity verification agents to search the files of credit reference and fraud prevention agencies (who will record the search).

If you provide false or inaccurate information and/or we suspect fraud, we will record this and we will be unable to fulfil your order.

Where we need to share information with our service providers, we give them only the minimum amount they need to provide services to us and you. Those we share your information with are not allowed to use it to try to sell their own services to you.

This is only done the first time you order or if you update your personal details. This check may appear on your credit record, however, will not affect your credit score. If you are alerted that a check has been performed by a credit agency, please contact us for more information or click on the link below.

What we share

We pass through limited details such as name Date of Birth and address details which are indexed and stored in Lexis Nexis Risk Solutions’ systems.

What safeguards are in place?

LexisNexis  Risk Solutions is part of the RELX Group™ of companies which is publicly listed, with shares traded on the London Stock Exchange, Amsterdam Stock Exchange and New York Stock Exchange (London: REL, Amsterdam: REN, New York: RELX). For more information please click here: https://risk.lexisnexis.co.uk/processing-notices/business/faq

BeWell


Why we use them

We use BeWell to provide our Weldricks App functionality. Weldricks is the data controller when you use the Weldricks App.

What we share

When you register an App account Weldricks will capture information including First name, Last name, Address, Postcode, Date of birth, Gender, Login email address, Mobile telephone number, NHS Number, Geo-location data , IP address, Registered GP Practice & address, Preferred Pharmacy & address, Your consent to use the Weldricks App and its services, Messages, emails, Consent for prescription ordered, Consent for Pharmacy service ordered, Prescription Exemptions, Medication information: Medicine currently taking (either retrieved from a third-party system, self-input, or otherwise), including name, dosage, dosing schedule. Your self-reported times and notes for when these medicines are taken.  Date of account creation. Date of account cancellation. 

What safeguards are in place?

BeWell has robust safeguards in place and further information can be found at: