CloudRx Limited ("we" or "us") provides online pharmacy prescribing services to the private healthcare sector (“our services"). This Privacy Policy explains how we collect, use, and share personal data in the course of providing our services and operating our website.
We may amend this Privacy Policy from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this
CloudRx is registered under the Data Protection Act, Registration No. ZA679233, with the General Pharmaceutical Council (“GPhC”) (Registration Number 9011284) and with Companies House (registered company number 12320975, 1 Hawthorn Park, Leeds, United Kingdom, LS14 1PQ).
Whose personal data do we collect?
We process personal data about the following persons:
We collect personal data when you fill in forms on our website – including the account registration form for healthcare professionals, and the order and payment form for patients. If you are a patient, we will obtain some personal data about you in the prescription submitted by your healthcare professional.
Our website automatically collects information about all visitors – see section 9 below for more information.
Unless otherwise indicated, all categories of information on our account registration and order and payment forms are mandatory in order to, respectively, create a prescribing account or complete a patient prescription order. Should you fail to provide us with the information required, we will be unable to proceed with the provision of your medicines.
What do we use personal data for?
In the table below we have provided a description of the different purposes for which we process personal data. For each purpose, we have indicated the legal basis we rely on under data protection law:
| Purpose | Personal Data | Legal Basis |
|---|---|---|
| Creating an account for a healthcare professional to use our services | Name; contact information; clinic address; password | Performance of our Terms of Use |
| Verifying a healthcare professional’s identity during account creation | Professional registration number (e.g., GMC; GDC; GPhC; NMC); UK passport or photo driving licence; details of professional liability / medical indemnity insurance | Performance of our Terms of Use |
| Processing a prescription submitted by a healthcare professional | Name; patient date of birth; details of patient’s medical information and prescribed medication |
Performance of our Terms of Use The provision of health or social care or treatment or the management of health or social care systems and services |
| Arranging prescription delivery and payment with a patient | Name; delivery address; payment card information; details of repeat prescriptions |
Performance of our Terms of Use The provision of health or social care or treatment or the management of health or social care systems and services |
| Submitting information to our regulators and complying with regulatory audits | Details of prescriptions processed | Compliance with a legal obligation |
| To respond to user queries or complaints, as well as medicine returns | Name; contact information; details of query or complaint |
Compliance with a legal obligation Legitimate interest in providing customer service |
| To collect information using cookies and similar technologies | IP address; device and browser generated information; information about site activity |
Consent (in relation to non-essential cookies – see below) Legitimate interest in providing a functioning and secure website (in relation to essential cookies – see below) |
| To conduct service analytics | Contact information; Clinic address; Information about your use of the services | Legitimate interest in understanding how our services are used in order to make improvements to them |
| To manage our commercial relationships with our customers and suppliers | Name; business contact information | Legitimate interest in conducting our business, including arranging the delivery and receipt of services and payment for those services |
Sometimes we use business partners to help us provide our services. Specifically, we use third party payment service providers (e.g., Stripe), to whom we fully outsource the handling and other processing of your payment card information. We also use third party service providers to deliver your prescription orders and provide you with order tracking notifications by email or text. Finally, we also use technology service providers to host our platform and to store your personal data. These providers are subject to contracts which require them to comply with our instructions and to only process your personal data in order to provide the service we have requested.
As well as disclosures to our service providers, we may disclose your personal data to third parties in the following circumstances:
We are a UK based business, and we store your personal data on servers based in either the UK or the European Economic Area (EEA).
We may engage technology service providers who access your personal data from outside of the UK and EEA, e.g., for support and maintenance purposes. Further, the providers of cookies used on our websites may also process your data overseas, including in the United Stated of America. In these cases, we put in place appropriate safeguards to protect your personal data – such as the standard contractual clauses – unless a relevant exemption applies.
We recognise the importance of keeping your data safe and take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal data from unauthorised access and disclosure. More information about the measures we use can be found in our Data Security Policy.
We assume no liability for interception, alteration or misuse of information transmitted over the internet.
Subject to certain exemptions, and in some cases dependent upon our legal basis (see section 2 above), you have certain rights in relation to your personal data. These are:
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
You have the right to lodge a complaint in relation to the processing of your data. This can be done by contacting the ICO (https://ico.org.uk/).
As a basic rule, we will store your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Policy.
Regulations applicable to pharmacists require that we retain records of prescriptions – including personal data relating to the prescribing healthcare professional and patient – for a minimum of 2 years.
We may store your personal data for longer periods of time so that we have an accurate record of medications that we have dispensed in the event that any issues arise, and so that we maintain an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
Like most websites, we use cookies and similar technologies that obtain information from, or store information on, your device. That information may constitute your personal data, for example where it is associated with you as a registered user or identified patient submitting an order.
Certain cookies that we use are ‘essential’ – meaning that they are necessary to make the website function as intended (e.g., cookies that remember information inputted into a form, or cookies used for load balancing). Other cookies are ‘non-essential’ – meaning that they aren’t necessary for the website to function, but are either used to enhance the functionality of the website, or to help us analyse how the website is used.
Please refer to our Cookie Policy for more information.
Should you have any queries in relation to our use of your personal data, please contact us or our Data Protection Officer directly using the details provided below.
CloudRx can be contacted in writing at (1 Hawthorn Park, Leeds, United Kingdom, LS14 1PQ) or by email ( [email protected]).
Our Data Protection Officer is Daniel Lee and can be contacted in writing at (1 Hawthorn Park, Leeds, United Kingdom, LS14 1PQ) or by email ( [email protected]).
We may from time to time, make changes to this Privacy Policy. We suggest you check back regularly to check to see if there have been any changes to this Privacy Policy.
This policy was last updated on 09/05/2022
Date Change
21/02/2020 First Version
09/05/2022 Second Version