Privacy Policy

Manage My Meds Privacy Policy

Important information and who we are?

Avicenna Retail Ltd (CRN: 04487641) is the controller and is responsible for your personal data (collectively referred to as, "we", "us" or "our" in this policy). You can read more about our responsibilities by visiting the Information Commissioner’s Office website at https://ico.org.uk/.  

We have appointed a data protection officer (DPO). If you have any questions about this Privacy Policy, please contact them using the details set out below.

Contact details

Our full details are:

  • Full name of legal entity: Avicenna Retail Ltd
  • Name or title of DPO: Rupen Sedani
  • Email address: DPO@avicenna.org  
  • Postal address: Selsdon House, 212-220 Addington Road, South Croydon, England, CR2 8LD
  • Telephone number: 020 8651 9953

You have the right to make a complaint, relating to the use of your personal data, at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Introduction

We take our responsibilities as custodians of your personal data very seriously. This policy (together with our terms of supply (the “Terms”) a copy of which is available on our site) applies to your use of the Manage My Meds mobile application software (the “App”), once you have downloaded a copy of the App onto your handheld device. Any capitalised words not defined in this Privacy Policy shall have the same meaning as provided in the Terms.

Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and your rights in relation to your personal data.

This Privacy Policy explains what personal information we collect, we obtain, how we use it and your rights with regards to this personal data.

You may have heard of the European Union’s General Data Protection Regulations (“GDPR”), which sets out some of the rules about how we should treat your personal information. There is also another set of guidelines called the Caldicott principles, specifically designed to ensure that UK patient data remains confidential. We have developed our systems and processes to ensure that we meet or exceed the standards required by both the Caldicott principles, GDPR and any other applicable laws relating to the use of personal data in England & Wales.

The App is not intended for children and we do not knowingly collect data relating to children.

Consent

During the installation of the App, you will need to indicate your consent to our processing of your personal data. This will be done by you selecting the option “YES” confirming that you consent to the installation of the App and for your personal data to be processed in accordance with the provisions of this Privacy Policy.

Once you provide consent by selecting "YES", you may change your mind and withdraw consent at any time by contacting us using the details provided in this Privacy Policy but your withdrawal of consent will not affect the lawfulness of any processing carried out before you withdrew your consent.

During the installation of the App, you will also need to indicate your consent to our processing of your location data. This will also be done by you selecting the option “YES” confirming that you consent to the collection and processing of your location data (including details of your current location disclosed by GPS technology). If you do not consent to the processing of your location data you can turn location tracking off for the App on your hand-held device by visiting the setting function on your device. Please note that where location tracking is turned off, you will not be able to utilise the location-enabled services on the App.  

What types of information do we collect?

We collect information that you give us to process your repeat prescription request and to better understand how our services are used. We’ve outlined the main types of information that we handle below.

There are some essential pieces of information that we require in order to process your repeat prescription request. If you fail to provide this information we will be unable to process your prescriptions for you or the person you are an Account Holder for. References to “your” in this Privacy Policy will refer to both you and the patient you are acting on behalf of (as relevant).

  • Personal information - such as name, address, date of birth and GP details;
  • Contact information - including phone number and email address;

 

  • NHS Number - details will then be verified directly with the NHS Personal Demographic Service (PDS) or via Proscript, our dispensary management system. When details have been successfully verified, your NHS number will be added to your profile;
  • Details regarding the medication you require - this could reveal information about your health which is considered sensitive;
  • Exemption details - if you do not pay for your prescriptions;
  • Electronic proof of your consent - so that we can request prescriptions on your behalf;
  • Details of your Nominated Pharmacy; and
  • Preferred delivery address information and contact details (only where the dispensing pharmacy offers such a service).

We also collect the following information:

  • Your GP’s address - if you choose to turn on your location, location information from your phone will be used to make it easier for you to search for your GP and automatically populate address fields in the app. If you do not choose to turn on your location, you are able to enter your GP address manually;
  • Behavioural data - such as when you accessed the App and what actions you took within the app. This is to continually improve our service for our users; and
  • Technical information - such as glitches and crash data so we can understand when things break and improve the service.

How do we collect your information?

We collect your information when you provide it to us through the App:

  • Personal information - collected upon completing the registration to use the App;
  • Contact information - collected upon completing the registration to use the App;
  • NHS Number – obtained from NHS Personal Demographic system or using Proscript, our dispensary management system upon completing registration;
  • Details regarding the medication you require - collected upon completing the registration to use the App. If details are not entered during registration they will only be collected once the user enters them;
  • Your registered GP practice, collected from you and verified against NHS Personal Demographic service when you place a repeat prescription request with us;
  • Exemption details - collected upon completing the registration to use the App. If details are not entered during registration they will only be collected once the user enters them;
  • Electronic proof of your consent - collected upon completing the registration to use the App;
  • Preferred delivery address information and contact details (only where the dispensing pharmacy offers such a service) – collected by your dispensing pharmacy;
  • Your Nominated Pharmacy - collected upon completing the registration to use the App and each time you change your nomination via the App;
  • Your GP’s address - collected upon completing the registration to use the App;
  • Behavioural data - collected once you have completed the registration to use App and throughout the time you use the App; and
  • Technical information - collected once you have completed the registration to use the App and throughout the time you use the App.

If you are an account holder acting on behalf of another patient, you may be providing data on behalf of that patient in the ways set out above. It is your responsibility to ensure that you are authorised to provide this data on their behalf and that you make them aware of their rights and how the data will be used as set out in this Privacy Policy.

Why do we process your information?

In general, the App only collects your information to provide you with our services – to help you request a repeat prescription and keep track of your prescriptions and to dispense your prescriptions. We take our data protection responsibilities very seriously and will only process your information for clear and lawful purposes.

We will only process your information where we have a lawful basis for doing so. This will be the case if:

  • You have given us your consent to process the data;
  • We need to process the data to perform our contractual obligations or to take steps in order to enter a contract (i.e. we need certain contact details and details of your prescription in order to provide the service to you);
  • We have to process your information to meet our legal obligations as a data controller (i.e. VAT and tax accounting rules); or
  • We have a legitimate interest in processing your data (see the next section below for more details).

For the avoidance of doubt any personal data which can be linked to your medical condition will only be processed with your explicit consent and we will not be able to rely on any other lawful basis for doing so.

We collect and process your information for a variety of purposes, but in general to provide the services you request of us. These purposes include:

  • Storing your data in databases so that we can create and maintain your account;
  • Verifying your identity so that we can complete your registration;
  • Communicating with GP surgeries and internally so that your repeat prescription requests can be processed and your prescriptions dispensed;
  • Auditing and analysis of your data, in particular to help us respond to issues and improve our services;
  • Managing returns and confidential waste;
  • Communicating to you via email, push alerts and in-app notifications so that you are fully updated with the progress of your repeat prescription request and any related communications; and
  • On the rare occasion, we may need to contact you by phone; this would only be in relation to your repeat prescription request or a query you have raised.

Please be aware if you are uncomfortable with the methods of communication we may use to send information to you that have been outlined directly above, please do not use this service.

Legitimate interest

We have a legitimate interest in improving our service from a technical perspective. In order to do this we collect technical information so we can carry out service improvement related research. Furthermore, this information is also used for auditing and ad hoc issue investigation.

We have a legitimate interest in improving our service for you, the user. In order to do this we collect behavioural information so we can see what actions you take within the App so we can continually improve the service for you.

You are entitled to receive more information about our legitimate interests on request. If you would like to receive more information please contact us using the details set out in this Privacy Policy.

Who your data is shared with

The App does not sell, trade or rent your information to third parties. We will share your personal data to service providers working on our behalf, or to meet certain other requirements, such as to comply with the law. We will never share your information with any third parties for marketing, advertising or any other purposes.

In order for your repeat prescriptions to be dispensed, we will need to share your personal data with your Nominated Pharmacy and your GP. When signing up to the App you will need to select a Nominated Pharmacy and your data will only be shared with the pharmacy that you have selected for this purpose. Please note that not all pharmacies available on the App for nomination are owned by us or another member of our corporate group. Where you select such a pharmacy as your Nominated Pharmacy, your personal data will be shared with the third party owner of such Nominated Pharmacy in order to dispense your repeat prescription to you.

In some circumstances, we may share your information externally to organisations which process data on our behalf. This may also include sharing your personal data with either our parent companies and/or our subsidiaries. Such sharing of your personal data will only be done in compliance with the applicable data protection legislation and regulatory requirements.

Please note that if you access the Service using your NHS Login, the identity verification services are managed by NHS Digital. NHS Digital is a data controller for any personal information you provided to NHS Digital to obtain an NHS Login account and verify your identity. NHS Digital processes your personal information solely for such purpose. For personal information provided to NHS Digital, we act as a data processor and any processing carried out by us will be in accordance with the documented instructions of NHS Digital when verifying your identity. This restriction does not apply to the personal information you provide to us separately which is handled in accordance with this Privacy Policy. For confirmation as to how your personal data will be handled by NHS Digital, please click the link for a copy of NHS Digital’s privacy notice.

We appreciate the sensitive nature of your personal medical data which will only be shared and/or processed with your explicit consent and to the minimum extent required to achieve the necessary purpose. Where you withdraw such consent we will immediately cease any sharing and/or processing of your personal medical data both internally and externally. Please note that such withdrawal of consent will, however, mean that we may no longer be able to provide the Service to you.

Please note that we are obliged to share information as necessary to comply with UK law and regulations. For example, we might need to share your information with regulators.

For further information about who your personal information is shared with, please get in contact with us using the details set out in this Privacy Policy.

Please note that where we do share your personal data, we will only do so to the minimum extent required in order to achieve any of the purposes set out in this Privacy Policy.

Marketing

You have the choice to opt in or out of being contacted by us for marketing via post or email. If you decide to opt in, you will occasionally receive our e-newsletters. If you decide you no longer want to receive this e-newsletter, you can click on the link at the bottom of any email we have sent you to opt out on that particular type of email or contact us using the details above.

With your consent we may analyse your personal information, including the medication you are prescribed, your browsing habits and other ways you interact with the App. We will do this to evaluate the effectiveness of our advertising and to help us provide you with more relevant offers, advice and information.

With your explicit consent, we may contact you via post or email as to any ancillary pharmaceutical services offered by the pharmacies available for nomination on the App. Please note that, in order for us to ensure that these services are suitable for you, we may be required from time to time to process personal data relating your repeat prescription request (i.e. special category personal data). You may withdraw this consent at any time by contacting us or changing your preferences within the App. Where you do withdraw such consent, we will continue to provide the Service to you but we will not process any of your personal data for marketing purposes.

Do we transfer your personal data to other countries?

Given the worldwide nature of online communications and services, it is very common for users’ data on sites like ours to be transferred outside of the country in which it was collected. For example, the servers which host our sites could be located abroad. Where we transfer your data to countries outside of the European Economic Area (“EEA”), we will only do so if measures to maintain to protect your data and its privacy have been put in place.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

How your data is kept secure

We recognises the importance of keeping safe and secure the information collected about you. We have therefore taken time to put in place effective security features and all information you provide to us is stored on our secure servers.

The App’s platform is run using the latest technology from Microsoft Azure which provides built-in security services that include security intelligence to help identify rapidly evolving threats early.

Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We use 256-AES SSL encryption to transfer your information between your handheld device and our servers. Access to this information is restricted to our authorised personnel.

Where we have given you (or where you have chosen) a password that enables you to access the App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

How we use cookies on our App

No cookies will be stored on your handheld device from using the App. Therefore, your user experience will not be affected should you choose to disable all cookies on your handheld device.  

The App does, however, use token based authentication when logging into your account on the App. Every login request received by our App’s servers will be accompanied by a token which the App’s servers uses to verify the authenticity of the login request. This token will only remain active on your handheld device for 1 hour.

Your data, your choice

Your data, your choice

We want to make sure you find it easy to access and amend the personal data we hold about you. Subject to limitations, you can also make certain requests about that personal data. Please contact us using the details set out below if you wish to exercise your data rights, or contact the data protection regulator (the ICO) to find out more about them.

The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Policy.

The right of access. You have the right to obtain access to your personal data (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.

The right to rectification.  You are entitled to have your personal data corrected if it is inaccurate or incomplete. You can update your profile by going to Setting > Personal information or otherwise by contacting us using the details set out in this Privacy Policy. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data that we hold. Please note where you exercise this right we will remove all personal data from the App, however, your personal data stored by your Nominated Pharmacy will not be automatically erased.

The right to restrict processing. You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but will not use it further.

The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving information about our products and services which may be of interest to you via email or post).

The right to data portability. You have the right to obtain and reuse your personal data for your own purposes across different services. To our best ability we will provide your personal data in an easily accessible format.

The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your personal data with the national data protection regulator.

The right to withdraw consent. If you have given your consent to anything we do with your personal data (i.e. we rely on consent as a legal basis for processing your personal data and cannot rely on any other legal basis where it relates to your medical personal data), you have the right to withdraw that consent at any time. Please note that withdrawing your consent does not make unlawful what we have done with your personal data up to that point (when your consent was active).

Please note that, given the nature of the service we provide through your use of the App, if you withdraw your consent to the processing of your personal medical data we will no longer be able to provide our service through the App.

Retaining your data

We will not store or process your personal data for any longer than necessary.

In general we only retain your personal data for as long is necessary so that we can provide you the services you request, meet our legal obligations (such as rules on the retention of medical data) and defend claims made against us. For more information about how long and/or how we decide how long to store your personal data, please contact us using the details set out in the Privacy Policy.

By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes.

Personal data stored at a local level by your Nominated Pharmacy through your interaction with the App, will be stored in accordance with your Nominated Pharmacy’s privacy and data storage policy.

Updates to the Privacy Policy

We keep our privacy policy under regular review and from time to time we may need to update this Privacy Policy in order to comply with changes in legislation so we suggest that you check this page periodically.

When we make any material updates to this Privacy Policy we will notify you in writing.