Personal information and sensitive information
Personal information is information or an opinion about an identified or reasonably identifiable individual, whether or not the information or opinion is true and whether or not the information is recorded in a material form. Sensitive information is personal information that includes information about a person’s health (among other things).
Types of personal information we collect and hold
We collect and hold personal information about individuals for the provision of our products and services and purposes connected to those products and services.
Consistent with the provision of our products and services, the types of personal information we may collect and hold include:
- Your identity and contact details - includes your name, date of birth, gender, email address, home postal address, delivery address (if different), and your contact telephone numbers;
- Your payment details - your bank details and payment card details. Please note payment transactions are encrypted by the acquiring bank so we will not retain any payment card details submitted by you;
- Your profile data - if you register a customer account, this includes the profile you create to identify yourself when connecting to our website and other data about purchases and your personal preferences;
- Other information – we may collect text of communications gathered in the course of our interaction with you on social media and emails, and other information from your interactions with us online including cookies information (and information from other similar technologies), including IP address, URL’s, search histories and other associated information.
We may also collect and hold sensitive information from you. The types of sensitive information we might collect includes prescription information, retinal imagery, medical histories, appointment information, family health histories and medicine regimes.
The basis for our processing of your personal information under the General Data Protection Regulation (GDPR) is with your consent and to enable us to perform the contract with you related to the services you have asked us to provide. If you don’t provide us with personal information we are unlikely to be able to provide you with our services.
How we collect and hold personal information
We may collect personal information in the course of providing our products and services, from our website using cookies (data files placed on your device or computer) and other similar technologies, via our clients who pass on your information or third party agents, or directly from you.
Personal information is held securely, is subject to various security protections and is held only for as long as the information remains relevant to the purpose for which it was collected.
We take reasonable steps to ensure the security and integrity of the personal information we collect in store, use and disclose including restricted server access, encryption and other industry standard security protocols like use of firewalls and complex password protection.
Purposes for which we hold, use and disclose information
We will not use or disclose personal information for any secondary purpose, unless that secondary purpose is related to the primary purpose for which we have collected that information, and you would reasonably expect the disclosure in the circumstances, or unless you consent to that use or disclosure.
For the purposes of the GDPR we are a data processor and a data controller.
The purposes for which we hold, use and disclose and process information include:
- conducting our business which includes providing our services, or the services of a third party, to you;
- maintaining the safety and security of our operations (e.g. electronic and other security monitoring, maintaining management records);
- to communicate information about our products and services or third party products or services that may be of interest to you;
- for our internal administrative, research, planning, marketing and development purposes; and
- for our regulatory and legal compliance, including without limitation compliance with our licensing obligations.
We may also disclose personal information to third party technology, marketing and analytics partners and service providers.
Access and correction
We will take all reasonable steps to ensure any personal data we collect, use or disclose is up to date and accurate. If you believe personal information we hold about you is not up to date or accurate, you may ask us to correct it.
You may ask us to provide you with details of the personal information we hold about you, and copies of that information. We will respond to your request and attempt to provide you with the data within 30 days of receipt of your request.
If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
Please direct all requests for access and correction to [email protected]
Changes to this policy