This Policy applies to Phelan’s Pharmacy Ltd and all associated companies defacto within the Phelan Group structure and /or as defined in section 2 subsection 6 of the Companies Act 2013 (“Phelan’s Group”).
Information we may collect from you
We collect Data from you which you volunteer when you provide such Data to us, or via our services with which you interact. We may also be given other Data relating to you by other persons, or we may obtain such other Data about you as may be provided to us in the course of our legitimate business activities.
We may collect and process Data; including the following in the course of providing services to you, which could contain your Data:
Your full name; your address; your various email addresses; your various phone numbers including mobile phone numbers; your nationality; your address; financial information about you, including your bank account details, credit card details, or other payment details; details of contracts you have entered with third parties for us to provide services to you; details of your relationship to other parties; your date of birth and age; details of your children and other relations including their age; medical details, genetic details including details of allergies and other health information to include sensitive health data, details of your driving licence; and details of your passport and pps numbers.
We may also process other data, which is not personal data.
When you use our services, some of the information we collect may be about your health and include data from healthcare providers such as your GP or hospital. We understand the sensitivity of this information and will only use it to provide you with these services and fulfil our legal, ethical and contractual obligations. A copy of your data may be shared with the PCRS (HSE) who in many cases pay us for the service/prescription provided. We may send you offers on healthcare or other products or services that we offer.
We will never use information about your prescriptions for postal or email or social media marketing, although we may use it to let you know about services or products we provide that might be useful and relevant to you. For example, when you collect a prescription a Pharmacist might ask if you would like to take advantage of our Flu Vaccination Service or other similar services that may be relevant and useful to you. We may use your information to contact you about orders you have placed, appointments you have booked or to send you reminders (e.g. about repeat prescriptions or when your next flu vaccination is due). We may also contact you in emergency situations such as an urgent product recall or where we have a duty of care to notify you of information that relates to your health. These services are voluntary but if you choose to use them we will need to ask you some health-related questions. The information you give us in response will only be shared with the relevant health bodies or your medical practitioner where applicable. We do not use it for any other purpose.
As a Pharmacy-based retailer, research is vital to our business. Occasionally, we contact customers and we may invite you to take part in market research activities such as customer surveys, questionnaires or focus groups. Again, we will never pass your personal Data to external companies for this purpose without your consent.
We may collect Data from users of our online shopping applications in a variety of ways, including, but not limited to, when users visit our site or our App, register on our site or our App, place an order, subscribe to a newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our site.
Security and where we store your Data
We are committed to protecting the security of your Data. We use a variety of security technologies and procedures to help protect your Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.
The transmission of information via the internet is not completely secure and may involve the transfer of data to countries outside of the European Economic Area (EEA). This occurs typically through use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered to us through the Cloud. We do not however authorise any third party to use your Data for their own purposes. Non-EEA countries may not provide an adequate level of protection in relation to processing your Data. By submitting your data, you agree to this transfer, storing and processing.
Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to us. Any transmission of data is at your own risk. Once we receive your Data, we use appropriate security measures to seek to prevent unauthorised access.
Uses made of your Data
We use your Data that we hold to:
- In our legitimate interest of advertising our services, provide you with information, products or services that you request from us, or deal with us on, or which we feel may interest you, or where you have consented to be contacted for such purposes;
- Carry out our obligations arising from any contracts entered into between you and us;
- In our legitimate interest of advertising our services, provide details of any loyalty scheme or promotion;
- Comply with legislation; and/or
- Notify you about changes to our services.
List of services:
- Retail and online shopping
- Pharmaceutical services
- Drug dispensing services
- Health care services including flu vaccines, contraceptive pill and bool pressure monitoring
- Photography development services
- HSE needle exchange scheme
We may use your data to send you information relating to our services, events and products which may be of interest to you. If you do not want us to use your data in this way, please notify us to that effect, at firstname.lastname@example.org.
We keep your Data for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your Data to provide this service to you, you can request that we erase your Data and close your account with us. Please note that if you request the erasure of your Data:
- We may retain some of your Data as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety
- We may retain and use your Data to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting and auditing obligations.
- Because we maintain our records to protect from accidental or malicious loss and destruction, residual copies of your Data may not be removed from our backup systems for a limited period of time.
Disclosure of your information
We may disclose your Data to third parties who provide a service to us or in the event that we sell or buy any business or assets, in which case we may disclose your Data to the prospective seller or buyer of such business or assets or if we are under a duty to disclose or share your Data in order to comply with any legal obligation, or to protect our rights, property, or safety of staff or customers. Currently we disclose your Data to the following providers.
|Provider/Recipient||State “EU” or “Non-EU” or alternatively state jurisdiction to which the Data is transferred|
|Third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii) you ask us to share your information||EU and Non-EU|
|Service providers who provide us with support services
Your authorised representatives including family members
|EU and Non-EU
EU and Non-EU
|Statutory and regulatory bodies (including central and local government) and law enforcement authorities in order to any applicable laws, grant applications and /or court orders;||EU|
|Third parties in connection with a sale or purchase of assets by us:||EU and Non-EU|
|Service providers who provide us with marketing including online marketing services, wifi services, website and social media services including Phelan app and facebook page.
The HSE, hospitals, your GP and other health professionals
|EU and Non-EU
EU and Non-EU
|Trade associations and professional bodies, non-statutory bodies and members of trade associations;||EU and Non-EU|
|Business or joint venture partners||EU and Non-EU|
Some jurisdictions may not have adequate safeguards for the protection of personal data, and where this is the case we comply with Chapter 5 of the General Data Protection Regulation (“GDPR”) to provide an alternative method of safeguarding your personal data.
We do not conduct profiling.
Where we process your Data based only on your consent, you may withdraw your consent.
You have the right to bring a complaint to a supervisory authority if you have any complaints about the processing of your Data. In Ireland the Data Protection Commission is the supervisory authority.
In circumstances where the provision of your Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will advise you at the point of collecting your Data whether the Data is a required field, and the consequences of not providing the Data.
Where the Data is not provided by you we will set out what the categories of Data are, and where we obtained the Data here.
We may need to collect the following information, as it is necessary for the adequate performance of the contract with you and to comply with applicable law (such as anti-money laundering regulations).
- Payment Information. When you make payments, we require certain financial information (like your bank account or credit card information) in order to process payments and comply with applicable law.
- Identity Verification and Other Information. We may require identity verification information, in order to verify your identity and comply with applicable law.
How we use the payment data collected
- Enable you to pay for our products and services.
- Detect and prevent fraud, abuse, security incidents, and other harmful activity.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources.
- Comply with legal obligations (such as anti-money laundering regulations).
- Enforce our payment terms.
We process this information in our legitimate interest in providing goods and services and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.
If you are not a customer, you may still opt to receive electronic or telephonic marketing communications from us which we consider may be of interest to you. You will be asked to opt-in if you wish to receive these. If you wish to be removed from our list (opt-out), at any time, you can do so by clicking on the unsubscribe link at the bottom of each communication you receive from us. You can also opt out by contacting our Privacy Co-Ordinator at email@example.com
If Phelan’s Group undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your Data in connection with such transaction or in contemplation of such transaction (e.g., due diligence).
Acquiring or disposing of pharmacy businesses
If you are a customer of a pharmacy business that has been taken over by us or from us, we will receive your Data from them or give your Data to them as part of the handover process.
As an individual, under EU law you have certain rights to apply to us to provide information or make amendments to how we process data relating to you. These rights apply in certain circumstances and are set out below: –
- The right to access data relating to you (‘access right’). Please see Form 1a here;
- The right to rectify/correct data relating to you (‘right to rectification’). Please see Form 2a here;
- The right to object to processing of data relating to you (‘right to object’). Please see Form 3a here.
- The right to restrict the processing of data relating to you (‘right to restriction’). Please see Form 4a here;
- The right to erase/delete data relating to you (i.e. the “right to erasure”). Please see Form 5a here; and
- The right to ‘port’ certain data relating to you from one organisation to another (‘right to data portability’). Please see Form 6a here;
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
The controller of your Data for the purposes of GDPR is Phelan’s Pharmacy Ltd.
Changes to this policy
We reserve the right to change this Policy from time to time in our sole discretion. If we make any changes, we will post those changes here so that you can see what information we gather, how we might use that Data and in what circumstances we may disclose it. By continuing to use our site or our services or otherwise provide Data after we post any such changes, you accept and agree to this Policy as modified.
Questions, comments, requests and complaints regarding this Policy and the information we hold are welcome and should be addressed to us at Privacy Co-Ordinator at firstname.lastname@example.org
All requests will be dealt with promptly and efficiently.
Click the links below to download a PDF version of the form.