Privacy Policy

  1. Home
  2. Privacy Policy

Last Updated: 11/3/25

1. Introduction

[Pharmacy Advance] (“we”, “us”, “our”) is a distance selling pharmacy providing NHS services remotely, as well as private and advanced in‑store services across the UK. Our pharmacists and their staff are key members of your local healthcare team dedicated to delivering high‑quality, safe, and professional care. To provide this service, we collect and process your personal and health data in strict accordance with UK data protection laws—including the UK GDPR—and guidance from regulators such as the GPHC and NHS. All staff are contractually bound to uphold confidentiality and data security at all times.

2. Information We Collect and Record

2.1 Personal and Sensitive Data

We collect the personal information necessary for delivering safe and effective pharmacy services. This includes:

  • Identification Data:
    • Name, address, contact details, date of birth, and next of kin.
  • Health and Medical Data:
    • NHS numbers, medical history relevant to prescriptions and treatments, records of medicines prescribed by your doctor or another qualified prescriber and dispensed by us, details of over‑the‑counter purchases, and any other notes about your health and ongoing care.
    • Information that supports your continued care, including details shared by other health professionals or family members.
  • Financial Data:
    • Payment information processed via secure hosted payment pages (e.g., through PayPal). No card details are stored on our website.

2.2 Data from Website Interactions

When you access our website, we may automatically collect technical data such as:

  • IP address, browser type, device details, and cookie data
    to enhance your browsing experience, improve our services, and safeguard against malicious activity.

3. How We Use Your Information

We process your personal data for several key purposes:

  • Provision of Care:
    • Delivering our NHS and private healthcare services, including processing prescriptions, managing appointments, and supporting ongoing care.
    • Allowing our pharmacy professionals to access and consult relevant records (such as NHS Summary Care Records or local shared care records) to ensure accurate and timely care.
  • Service Management and Improvement:
    • Using technical data to maintain and improve website functionality, enhance security, and monitor system performance.
  • Financial Processing:
    • Managing secure payment transactions using third‑party payment providers.
  • Regulatory and Quality Assurance:
    • Complying with statutory obligations and NHS/GPHC guidelines to maintain accurate records and uphold professional standards.
  • Communications:
    • Sending you service updates, appointment reminders, and responses to enquiries.

4. Sharing Your Information

We may share your information with third parties under controlled circumstances:

  • Healthcare Providers:
    • For NHS services, your data may be shared with your GP surgery or other relevant health professionals to coordinate care.
  • Payment Processors:
    • Limited financial information is provided to our secure payment provider (e.g., PayPal) solely for transaction processing.
  • Delivery Services:
    • Your contact and address details are shared with Royal Mail to facilitate the delivery of medications.
  • Website Hosting and Security:
    • Our data is hosted on servers managed by Pharmacy Mentor, which implements robust security measures.
  • Regulatory Bodies:
    • We may disclose data to regulators such as the GPHC, NHS, and NHS Business Services Authority as required by law or to verify service quality.
  • Consent‑Based Sharing:
    • For our private services, we share your data with third parties only when you have provided explicit consent.

5. Data Storage and Security

5.1 Data Storage

  • Secure Hosting:
    • Your data is stored on Pharmacy Mentor’s servers, with access limited to authorised personnel.
  • Retention Period:
    • We hold your information for as long as required by NHS guidelines and legal obligations.

5.2 Website and Server Security

  • Website-Level Protections:
    • Login Security: Use of security plugins (e.g., Defender) to protect login forms against brute force attacks, including automatic IP blacklisting and hardening measures against XSS attacks.
    • Regular Updates: Site updates and maintenance are performed at least once per calendar month to install critical patches.
    • Audit Logging: All administrative activities—including plugin installations, configuration changes, and admin logins—are recorded in an audit log, with notifications sent to our team.
    • SSL Encryption: SSL certificates are installed and HTTPS connections are enforced to ensure secure data transmission.
  • Server-Level Protections:
    • Regular patching of server software.
    • Implementation of a web access firewall to block unused ports and services.
    • Mitigation or patching of PCI‑DSS specific vulnerabilities based on the OS and hosting management software.

6. Cookies and Tracking

We use standard cookies on our website for the following purposes:

  • Enhancement of User Experience:
    • To remember your preferences and enable smooth navigation.
  • Analytics and Performance:
    • To collect anonymised data that helps us understand user behaviour and improve our services.
  • Personalisation:
    • To deliver content tailored to your interests.

For further details, please see our Cookie Policy.

7. Your Rights

In accordance with data protection laws, you have the following rights regarding your personal data:

  • Access:
    • You can request a copy of all pharmacy records we hold about you. In most cases, printed copies are provided free of charge. We will respond to your request within one month. Adequate identification (e.g., full name, address, date of birth, and a form of ID such as a passport or driving licence) may be required.
  • Correction:
    • Should any information be inaccurate or incomplete, you have the right to request corrections.
  • Deletion:
    • You may request that your personal data be deleted, subject to legal or regulatory retention requirements.
  • Restriction:
    • In certain circumstances, you may request that we restrict processing of your data.
  • Data Portability:
    • You have the right to receive your personal data in a structured, commonly used format.
  • Objection:
    • You may object to the processing of your data in specific situations.
  • Right to View Your Health Record:
    • You are entitled to ask for a copy of all pharmacy records held about you, whether in paper or electronic form, and to have any inaccuracies corrected.

7.1 National Data Opt-Out

In line with the NHS National Data Opt-Out policy, you can choose to opt out of having your data used for planning and research purposes. Opting out does not affect the care you receive. To exercise this right, you can:

  • Visit the nhs.uk/yournhsdatamatters website portal.
  • Use the NHS App.
  • Follow the written instructions on the NHS website.
  • Call NHS Digital at 0300 303 5678 (Monday to Friday, 9am–5pm).

8. Confidentiality and Professional Standards

Your privacy and the confidentiality of your records are paramount. In providing our services:

  • Confidentiality:
    • We handle your personal and health data in strict confidence, in line with the NHS Code of Practice on Confidential Information and the common law duty of confidence.
  • Professional Responsibility:
    • All pharmacy staff and professionals are required to keep your information secure, accurate, and confidential.
    • We process your data solely to ensure high‑quality care and compliance with professional and regulatory standards.
  • Record Management:
    • We maintain detailed records of your care, including information on medications dispensed, advice given, referrals made, and other services provided (such as flu vaccinations).

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or regulatory requirements. Any updates will be posted on this page with a revised “Last Updated” date. We encourage you to review this Policy regularly.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the details below:

  • Email: support@pharmacyadvance.co.uk
  • Postal Address: 4 Beare Green Court, Dorking, RH5 4SL
  • Telephone: ‪01306 326872‬