Privacy notice
Data controller
H I Weldrick Ltd. Trading as Weldricks Pharmacy is the data controller.
What personal data we collect
We will collect the following types of personal information:
- name
- age (date of birth)
- sex
- gender
- address
- email address
- medication details
- IP addresses and device types
How we use your data (purposes)
The data we collect is to allow us to complete the contract to supply medication, and if requested, undertake marketing activities to promote our products and services. Weldricks will process your personal data in accordance with the Data Protection Act 2018 (DPA) and in most circumstances this will mean that your personal data will not be disclosed to third parties. We may need to contact you if we have had a request under the Freedom of Information Act 2000 (FOIA).
By submitting a prescription for processing to H I Weldrick Ltd or signing up to one of our NHS or private Services you consent to an employee (or locum acting on our behalf) registrant of the GPhC accessing your Summary Care Record (National Care Records Service) where necessary to safely provide your care, prescription or service.
Legal basis for processing personal data
Under the UK General Data Protection Regulation (GDPR), the lawful basis we rely on for processing this information is:
- Article 6(1)(a) UK GDPR
- Article 6(1)(b) UK GDPR
- Article (9)(h) UK GDPR
Data processors and other recipients of personal data
Weldricks Pharmacy is the data processor. We use a number of companies to process data to deliver the services requested Details of those companies and the safeguards in place to protect your data can be found at https://www.weldricks.co.uk/information-data-processors.
International data transfers and storage locations
Any personal information collected will be stored in the UK and EU. Where required to fulfil the service requested, we may use companies that adhere to EU-US Privacy Shield Certification rules and/or Model Contractual Clauses
Storage of data by Weldricks Pharmacy is provided through secure AWS servers located in the UK.
Retention and disposal policy
We process your personal data in the performance of a task in the public interest, for the provision of healthcare and treatment and the management of healthcare systems. A pharmacist is responsible for the confidentiality of your information.
We hold your information for as long as advised by the NHS. You have a right to a copy of the information we hold for you (in paper or electronic form) and generally without charge. You may seek to rectify any inaccurate information.
For Non-NHS services we will keep your information for as long as you remain an active customer with us to assist you in placing future orders and to allow you to download, for example, VAT receipts should they be required. If your account becomes dormant, we will delete your data after a period of 7 years.
Our payment handling partners & identity check partners will keep your information for as long as they are legally required to do so for Fraud detection and Anti Money Laundering purposes as determined by the fourth schedule of the anti-money laundering directive.
You may object to us or any third party we have passed your information to, holding your information. You may lodge a complaint with the Information Commissioner’s Office.
How we keep your data secure
Weldricks uses a range of technical, organisational and administrative security measures to protect any information we hold in our records from:
- loss
- misuse
- unauthorised access
- disclosure
- alteration
- destruction
Weldricks has written procedures and policies that are regularly audited and reviewed at a senior level.
Weldricks is Cyber Essentials certified. This is a government backed scheme that helps organisations protect themselves against the most common cyber-attacks.
Your rights as a data subject
By law, data subjects have a number of rights, and this processing does not take away or reduce these rights under the EU General Data Protection Regulation (2016/679) and the Data Protection Act 2018 applies.
These rights are:
- the right to get copies of information - individuals have the right to ask for a copy of any information about them that is used
- the right to get information corrected - individuals have the right to ask for any information held about them that they think is inaccurate, to be corrected
- the right to limit how the information is used - individuals have the right to ask for any of the information held about them to be restricted, for example, if they think inaccurate information is being used
- the right to object to the information being used - individuals can ask for any information held about them to not be used. However, this is not an absolute right, and continued use of the information may be necessary, with individuals being advised if this is the case
- the right to get information deleted - this is not an absolute right, and continued use of the information may be necessary, with individuals being advised if this is the case
Comments or complaints
Anyone unhappy or wishing to complain about how personal data is used as part of this programme, should contact customerservices@weldricks.co.uk in the first instance or write to:
C/O Data Protection Officer
Mallard House
Heavens Walk
Doncaster
South Yorkshire
DN4 5HZ
Anyone who is still not satisfied can complain to the Information Commissioners Office. Their website address is www.ico.org.uk and their postal address is:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Automated decision making or profiling
No decision will be made about individuals solely based on automated decision making (where a decision is taken about them using an electronic system without human involvement) which has a significant impact on them.
Changes to this policy
This privacy notice is kept under regular review, and new versions will be available on our privacy notice page on our website. This privacy notice was last updated on 19 December 2023.