Privacy Policy

Important information and who we are?

Avicenna Retail Ltd (CRN: 04487641) is the controller and is responsible for your personal data. You can read more about our responsibilities by visiting the Information Commissioner’s Office website at https://ico.org.uk/.

Avicenna Retail Ltd is part of a corporate group which is made up of different legal entities, details of which can be provided upon request. This privacy policy is issued on behalf of the Avicenna Group so when we referred to as, "we", "us" or "our" in this policy, we are referring to the relevant company in the Avicenna Group responsible for processing your data. To confirm Avicenna Retail Ltd is the controller and responsible for this website.

We have appointed a data protection officer (DPO). If you have any questions about this Privacy Policy, please contact them using the details set out below.

Contact details

Our full details are:

  • Full name of legal entity: Avicenna Retail Ltd
  • Name or title of DPO: Rupen Sedani
  • Email address: DPO@avicenna.org
  • Postal address: Selsdon House, 212-220 Addington Road, South Croydon, England, CR2 8LD
  • Telephone number: 020 8651 9953

You have the right to make a complaint, relating to the use of your personal data, at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Introduction

We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and your rights in relation to your personal data.

This Privacy Policy explains what personal information we collect, we obtain, how we use it and your rights with regards to this personal data.

You may have heard of the European Union’s General Data Protection Regulations (“GDPR”), which sets out some of the rules about how we should treat your personal information. There is also another set of guidelines called the Caldicott principles, specifically designed to ensure that UK patient data remains confidential. We have developed our systems and processes to ensure that we meet or exceed the standards required by both the Caldicott principles, GDPR and any other applicable laws relating to the use of personal data in England & Wales.

Our website is not intended for children and we do not knowingly collect data relating to children.

What types of information do we collect?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data” includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

Contact Data” includes address, email address and telephone numbers.

Technical Data” includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

Profile Data” includes your username and password, enquiries made by you, your interests, preferences, feedback and survey responses.

Usage Data” includes information about how you use our website.

Marketing and Communications Data” includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Whilst our website does not collect any “Special Categories of Personal Data” about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data), where you contact us in relation to a career opportunity advertised on our website, Special Category Personal Data may be collected and processed as part of the application process. This will also include any information about criminal convictions and offences. Where we do collected any special category personal data from you in relation to a job opportunity or otherwise, such data will only be collected and processed with your consent.

How do we collect your information?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity and Contact by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • create an account on our website;
  • subscribe to any of our publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; and/or
  • give us feedback or contact us.

Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy [LINK] for further details.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • where we are required to get in touch with you i.e. responding a general enquiry or job applications;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
  • where we need to comply with a legal obligation.

Please refer to the ICO website to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally (save as in relation the special category personal data), we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Why do we process your information?

We will only process your information where we have a lawful basis for doing so. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

The purpose for which we may process your personal data collected through your interaction with our website includes:

  • managing our relationship with you;
  • to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you;
  • to use data analytics to improve our website, products/services, marketing, customer relationships and experiences; and/or
  • to make suggestions and recommendations to you about goods or services that may be of interest to you.

Whilst such information will not be collected directly via our website, for the avoidance of doubt any personal data which can be linked to a medical condition will only be processed with your explicit consent and we will not be able to rely on any other lawful basis for doing so.

Please be aware if you are uncomfortable with the methods of communication we may use to send information to you that have been outlined directly above, please cease from interacting with our website.

Who your data is shared with

We do not sell, trade or rent your information to third parties. We will share your personal data with service providers working on our behalf, or to meet certain other requirements, such as to comply with the law. We will never share your information with any third parties for marketing, advertising or any other purposes.

In some circumstances, we may share your information externally to organisations which process data on our behalf. This may also include sharing your personal data with either our parent companies and/or our subsidiaries. Such sharing of your personal data will only be done in compliance with the applicable data protection legislation and regulatory requirements.

Please note that we are obliged to share information as necessary to comply with UK law and regulations. For example, we might need to share your information with regulators.

For further information about who your personal information is shared with, please get in contact with us using the details set out in this Privacy Policy.

Please note that where we do share your personal data, we will only do so to the minimum extent required in order to achieve any of the purposes set out in this Privacy Policy.

Third party links

Our website contains links to other Avicenna owned or third party websites. Where you are redirected to another website, the privacy policy displayed on that website will apply. For the avoidance of doubt, where you are looking to requests online repeat prescriptions you will redirected to our ManageMyMeds website and, therefore, the ManageMyMeds privacy policy shall apply.

Advertising

Cookies may be used to deliver adverts that are more relevant to you as well as to limit the number of times you see a particular advertisement and to measure the effectiveness of advertising campaigns. We may analyse your personal information, including the products you view and buy, your browsing habits and other ways you interact with our website. We will do this to evaluate the effectiveness of our advertising and to help us provide you with more relevant offers, advice and information.

Do we transfer your personal data to other countries?

Given the worldwide nature of online communications and services, it is very common for users’ data on sites like ours to be transferred outside of the country in which it was collected. For example, the servers which host our sites could be located abroad. Where we transfer your data to countries outside of the European Economic Area (“EEA”), we will only do so if measures to maintain to protect your data and its privacy have been put in place.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

How your data is kept secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your data, your choice

We want to make sure you find it easy to access and amend the personal data we hold about you. Subject to limitations, you can also make certain requests about that personal data. Please contact us using the details set out below if you wish to exercise your data rights, or contact the data protection regulator (the ICO) to find out more about them.

The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Policy.

The right of access. You have the right to obtain access to your personal data (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.

The right to rectification. You are entitled to have your personal data corrected if it is inaccurate or incomplete. You can update your information by contacting us using the details set out in this Privacy Policy. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data that we hold.

The right to restrict processing. You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but will not use it further.

The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving information about our products and services which may be of interest to you via email or post).

The right to data portability. You have the right to obtain and reuse your personal data for your own purposes across different services. To our best ability we will provide your personal data in an easily accessible format.

The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your personal data with the national data protection regulator.

The right to withdraw consent. If you have given your consent to anything we do with your personal data (i.e. we rely on consent as a legal basis for processing your personal data and cannot rely on any other legal basis where it relates to your medical personal data), you have the right to withdraw that consent at any time. Please note that withdrawing your consent does not make unlawful what we have done with your personal data up to that point (when your consent was active).

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Retaining your data

We will not store or process your personal data for any longer than necessary.

In general we only retain your personal data for as long is necessary so that we can provide you the services you request, meet our legal obligations (such as rules on the retention of medical data) and defend claims made against us. For more information about how long and/or how we decide how long to store your personal data, please contact us using the details set out in the Privacy Policy.

By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes.

Updates to the Privacy Policy

We keep our privacy policy under regular review and from time to time we may need to update this Privacy Policy in order to comply with changes in legislation so we suggest that you check this page periodically.