Signature Healthcare Services Limited (‘we’, ‘us, or ‘our’) gather and process your personal data in accordance with this privacy policy, and in compliance with relevant data protection regulation, notably the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This policy provides you with information surrounding our obligations and your rights and explains how, when and why we process your personal data through the course of providing our services to you.
We act as a data controller and are registered with the Information Commissioner’s Office under registration number ZA295138. Our registered office is at 6 The Marlins, Northwood, HA6 3NP and we are a company registered in England and Wales under company number 10279084. Signature Pharmacy, our trading number, is an online pharmacy registered with the General Pharmaceutical Council under registration number 9010486.
We process your personal information in order to meet our legal, statutory and contractual obligations, and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this policy. The types of personal data we may collect via our online form, or through email and phone interactions, include:
As a result of providing prescription services, we may also collect health or medical information from you or your medical practitioner. This is a type of special category data that we will only process in restricted circumstances as outlined in the section below.
Purpose | Lawful Basis |
To register you as a customer/patient | (i) Performance of a contract |
To fulfil orders and prescriptions, and to ensure that these can be packaged and delivered to your preferred address | (i) Performance of a contract (ii) Providing health treatment or the management of health |
To provide you with updates on your order | (i) Legitimate interests (ii) Performance of a contract |
To ensure that items on your prescription or your order are suitable for you, such as ensuring that the medication is age appropriate and that there are no interactions with any of your other medication or conditions | (i) Providing health treatment or the management of health |
To solicit feedback on our services | (i) Legitimate interests |
To administer and improve our products and services | (i) Legitimate interests |
To retain your personal data in line with legal obligations | (i) Legal obligation |
The security of your information is important to us and we take measures, both electronically and physically, to ensure that your information is not passed to person(s) or companies who are not authorised to receive it.
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. In certain scenarios, we share your information with third parties to help us provide you with our services, and they too are bound by the same data protection regulations as we are. Below are the categories of third party with whom we share your personal data:
• Royal Mail and couriers (including DHL and DPD) for the purposes of delivering your order or prescription
• Your medical practitioner
• The NHS Business Service Authority for the purposes of fulfilling NHS prescriptions
• TrustPilot for the purposes of administering feedback surveys
• IT infrastructure providers including Digital Ocean, One.com and RxWeb for the purposes of storing your data securely
We will never share your data for marketing purposes, and we do not transfer your data outside of the European Economic Area (EEA).
You have a number of rights with regards to the personal data that we process about you. These include:
• The right to access your personal data (known as a “subject access request”) and have a copy of this information provided to you
• The right to have your personal data erased, however, please note that there will be instances where we are required by law to retain your data for a minimum number of years
• The right to have your information corrected if it is inaccurate
• The right to restrict our processing of your data in narrow circumstances
• The right to object to our processing of your data where we are doing this based on our legitimate interests
• The right to have your data transferred to yourself or a third party in a structured, commonly used, machine-readable format
• The right to withdraw your consent in the event we rely on your consent to process your data. Please note that this may affect the products and services we provide to you
Should you wish to exercise any of these rights free-of-charge, please contact [email protected]. We may ask you to verify your identity before acting on the request so as to ensure that your data is protected and kept secure.
We retain your personal information for as long as is necessary to satisfy the purposes for which we collect it, as well as to satisfy our legal obligations. This means that different sets of data may be retained for different periods of time. For example, paper prescriptions are retained for 2 years following the date of the last prescription in the patient file, whereas patient medical records are retained for 10 years after the death of the patient in line with NHS guidelines. Further information on these retention periods can be provided upon request.
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, please contact [email protected].
You also have the right to lodge a complaint with the Information Commissioner’s Office via their phone number 0303 123 1113 or via their online complaints form https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.