Version 1.0.
Updated February 2022
Introduction
Reids Pharmacy Limited (“Reids Pharmacy”) respects your privacy and is committed to protecting your personal data. We aim to set a very high standard for the processing of any personal data that we control.
This privacy policy (the “Policy”) will inform you of how we look after your personal data when you visit our website and will tell you about your privacy rights and how the law protects you.
1. Important information
1.1. Purpose of this Policy
This Policy gives you information on how Reids Pharmacy collects, uses, maintains and discloses information collected from users of Reids Pharmacy’s services, and of www.reidspharmacy.je (the “Website").
1.2. Data Controller
Reids Pharmacy Limited (company registration number: 38763), having its registered office at 16 Charing Cross, St. Helier, JE2 3RP, Jersey, is the Data Controller and is responsible for your personal data (collectively referred to as “Reids Pharmacy”, “we”, “us” or “our” in this Policy).
Reids Pharmacy Limited is registered with the Jersey Office of the Information Commissioner (“JOIC”), with the registered number 16953.
1.3. Data Subject
You are the Data Subject, which means the information we collect may identify you as an individual.
1.4. Contact details
Full name of legal entity: Reids Pharmacy Limited
Contact name: Alasdair Reid
Email address: alasdair.reid@reidspharmacy.je
Postal address: Lido Medical Centre, St Helier, Jersey, Channel Islands, JE2 7LA
You have the right to make a complaint at any time to the JOIC, the supervisory authority for data protection issues in Jersey. We would, however, appreciate the chance to deal with your concerns before you approach the JOIC, so please contact us in the first instance.
1.5. Governing legislation
Reids Pharmacy Limited is incorporated in Jersey. The States of Jersey decided to incorporate the principles, timing and effects of the EU General Data Protection Regulation into local law. Accordingly, the Data Protection (Jersey) Law 2018 (“GDPR”) had effect from the same day as the EU General Data Protection Regulation, 25th May 2018.
GDPR lays out our obligations in regard to the data we collect, what we do with that information, who we may share it with, and your choices and rights to that information.
1.6. Third party links
This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy policies.
2. The data we collect from or about you
“Personal Data” is any information about an individual that enables the identification of that individual. Personal Data does not include data where the identity has been removed (“Anonymous Data”).
We may collect, use, store, share and transfer different kinds of Personal Data about you, including:
Identity Data: First name, last name, username or similar identifier, title, date of birth, gender.
Healthcare Data: Prescription and medicine details, and healthcare information provided by other healthcare providers, pharmacies and medical professionals as appropriate.
Contact Data: Billing address, delivery address, email address, telephone numbers.
Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website.
Usage Data: Information about how you use our website.
Marketing & Communications Data: Your preferences in receiving marketing from us and your communication preferences.
Aggregated Data: Statistical or demographic data for any purpose, which may be derived from your Personal Data but is not considered Personal Data in law as it does not directly or indirectly reveal your identity.
3. The data we collect from or about you
We collect your Personal Data through a number of methods, including:
Direct interactions: You may provide us with your Identity and Contact Data by corresponding directly with us via email, telephone, post or otherwise.
Technological interactions: We may automatically collect your Technical Data as you interact with our Website, by using cookies, server logs and other similar technologies. You can read more about our usage of cookies in section 12 of this Policy.
Third parties and public sources: We may receive your Personal Data from third parties or publicly available sources, including:
Online search engines such as Google and Bing, based inside and outside of the European Union;
Providers of technical, payment and delivery services;
Regulatory bodies and authorities; and
Public business and information sources such as Companies House and the Electoral Register.
4. How we use your Personal Data
We only use your Personal Data when we are permitted to, or required to, by law.
We may use your Personal Data as follows:
4.1. Data provided to us
Personal Data provided by you to us is used:
to enable us to fulfil our contractual obligations with you;
to provide pharmacy services and care to you and, as appropriate, share your information with your GP and others in the wider States of Jersey healthcare system;
to enable us to meet our legal obligations;
to respond to your requests for information;
to notify your of any changes to our terms of business or services;
to investigate any suspected contractual breach by you; or
to deal with investigations by regulatory bodies or by law enforcement agencies.
4.2. Data we collect
Technical Data about you and collected by us is used:
to monitor and improve the performance and usability of our Website; and
to ensure the safety and security of our Website by monitoring usage in the interests of continual improvement.
4.3. Data we receive
Personal Data received from other sources is used:
to provide pharmacy services and care to you and, as appropriate, share your information with your GP and others in the wider States of Jersey healthcare system;
to enable us to fulfil our contractual obligations with you; and
to enable us to meet our legal obligations.
5. Disclosures of your Personal Data
We may have to disclose your Personal Data for the purposes set out in section 4 of this Policy. Personal Data may be disclosed to the following parties:
External third parties including service providers, partners, subcontractors or professional advisors such as lawyers, bankers, auditors and insurers.
Other parties such as regulatory bodies and law enforcement agencies where we are under a duty to comply with a legal obligation, or to protect our rights, or to protect the rights, property or safety of Reids Pharmacy Limited, our clients or others.
The States of Jersey Pricing Authority, Local Authorities and those external to the States who negotiate and check the accuracy of our payments.
The States of Jersey, and sometimes Local Authorities; as well as those external to the States eg. NPA, GPhC who ensure we maintain appropriate professional and service standards and that your declarations and ours are accurate.
6. Data security
We have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Personal Data on our instructions and they are subject to a duty of confidentiality.
7. Data retention
We will only retain Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
8. Online appointment booking
Our online appointment booking service is provided by Squarespace, Inc. (“Squarespace”).
When you schedule an appointment by booking on the Website, we collect Personal Data from you to complete the booking. This Personal Data includes:
Your full name
Your email address
Your telephone number
We share this Personal Data with Squarespace so that they can provide online booking services to us. This Personal Data is transferred outside of the European Economic Area (EEA) and stored on Squarespace’s servers based in the United States of America.
Squarespace’s security measures and data protection policies provide equivalent compliance to GDPR, and we are satisfied that your Personal Data has protection equivalent to that under GDPR. More information can be found at the following links:
Squarespace Data Protection Addendum (“DPA”): https://www.squarespace.com/dpa
Overview of Squarespace’s compliance with GDPR: https://support.squarespace.com/hc/en-us/articles/360000851908
To ensure Personal Data is not stored on, and accessible from, Squarespace’s servers for more than a reasonable period of time, we undertake regular periodic deletions of Personal Data from our online appointment booking service.
9. Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process your Personal Data without your knowledge or consent, in compliance with the rules included in this Policy, where this is required or permitted by law.
10. Your legal rights
10.1. Individual rights
GDPR grants you legal rights in relation to the use of your Personal Data. These rights include:
Right to access: You have the right to access your Personal Data that we hold, by making a data subject access request (“DSAR”).
Right to be informed: You have the right to be informed about how your Personal Data is being used. You have the right to be informed of any changes to the use or purpose of Personal Data before changes occur, providing you with an opportunity to consent or object to the changes.
Right to data portability: You have the right to request your Personal Data to use for your own personal purposes.
Right to erasure: You have the right to have all your Personal Data erased from our systems and from those of any third parties that have legitimately accessed it under contractual obligations with you. In some circumstances, we are obliged to hold Personal Data for a period of time to meet certain legal, regulatory or accounting requirements.
Right to object: You have the right to object to the use of your Personal Data for any proposed use or purpose.
Right to rectification: You have the right to have any errors in your Personal Data held by a controller corrected.
Right to restrict or object to profiling: You have the right to object to, or request the restriction of, your Personal Data being used for automated decision making or for personal profiling objectives.
Right to restriction: You have the right to request that your Personal Data is restricted and not used for certain processes or purposes.
10.2. Data Subject Access Request (“DSAR”)
You have the right to make a DSAR, requesting the Personal Data that we hold about you and obtaining a copy of this information.
We will provide our response to any DSAR within 30 days, unless a particular DSAR is subject to other regulatory requirements as defined under GDPR, in which case we will inform you as required by those specific regulations.
11. Marketing preferences
Where you have consented for us to do so, we may use your Personal Data, including your name, address and email address, for marketing purposes. You can ask us to stop sending you marketing messages at any time, by contacting us at any time.
12. Cookies
12.1. What are cookies?
Cookies are small pieces of data stored on a website visitor's browser. They are typically used to keep track of the settings users have selected and actions they have taken on a website.
12.2. How do we use cookies?
We are legally allowed to store cookies on your browser if those cookies are classified as essential to the operation of our Website.
We legally require your consent to store non-essential cookies on your browser. By consenting to our cookie settings, you consent to the use of the data collected as set out in section 12.4 below.
12.3. Turning off cookies
You can disable cookies or remove them from your browser at any time. Removing or disabling essential cookies may impact the usability of our Website as you browse it.
Instructions for the disabling of cookies in popular Internet browsers are contained in the links below:
12.4. The cookies we use
We use Google Analytics to monitor and measure the usage and performance of our Website. Google Analytics uses cookies to anonymously monitor and analyse website usage, including the following optional cookies:
Name: _ga
Purpose: To store and count website page views, and to anonymously distinguish users
Duration: 2 years
Cookie type: Functional, optional
Name: _gid
Purpose: To store and count website page views, and to anonymously distinguish users
Duration: 1 day
Cookie type: Functional, optional
Name: _ga_<container-id>
Purpose: To persist session state
Duration: 2 years
Cookie type: Functional, optional
Name: _gcl_au
Purpose: If Google advertising is enabled, to store and track advertising conversions (placed by Google AdSense)
Duration: Persistent
Cookie type: Functional
13. Reids Pharmacy employees
All Reids Pharmacy employees are subject to strict terms of confidentiality regarding Reids Pharmacy’s data and business operations, and are subject to and protected by the terms defined in this Policy.
14. Changes to this policy
We regularly review this Policy and may change it without notice.