PharmaCare (Europe) Limited and its related brands including Bioglan, Bioglan Superfoods, Fat Blaster, Menoflavon, Real Health, Sambucol, Skin Doctors & Promensil (together we, us, our and other similar expressions) are committed to protecting your personal privacy. This Privacy Notice tells you who we are, how we collect, store, use and disclose your personal information. Information is your ‘personal information’ if it is about you as an identified or identifiable individual. We encourage you to read this notice carefully so that you understand how we deal with that information.
Our Privacy Principles
We are bound by the GDPR (General Data Protection Regulation). We have adopted internal policies and procedures to ensure that personal information that we collect, store, use and disclose is dealt with in accordance with the GDPR. You can see the full text of the GDPR online at https://www.gov.uk/government/publications/data-protection-law-eu-exit or alternatively visit the ICO’s webpage for more information at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/.
Information we collect
In order to provide our customers and consumers with our products and services, we may collect and use personal information about them. If we are not provided with all the personal information we request, we may not be able to supply our products and services to you, and you or your organisation may not be able to participate in future offers of goods or services which we supply.
The type of information we collect includes names, addresses, email addresses and other contact details. We may also collect additional details such as your age, gender, health, and lifestyle habits if you partake in marketing surveys and provide consent for us to collect and store this ‘sensitive information’. Where appropriate or we are required and able to do so, we will ask for your consent before collecting your sensitive information, and will take care to let you know the purpose and appropriate lawful basis being relied upon for the processing at the same time. You must be over 18 years old to take part in such surveys.
However, credit card numbers are NOT stored in any form by us on any internal or external database – all transactions are completed through a secure payment gateway. We will retain your order information for 5 years.
Our Payment Service Provider is Sage Pay (formerly Protx) – the largest independent payment service provider (PSP) in the UK and Ireland. Sage Pay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way. Sage Pay uses a range secure methods such as fraud screening, I.P address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards. Sage Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable. Sage Pay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation. In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL. So when buying through our sites, you can be sure that you are completely protected.
How we collect personal information
Generally, we collect your personal information directly from you. For example, we may collect information from you when you register an account on our website or sign up to our email marketing database, or when you provide us with information, whether in person, by telephone, online or in writing. If you submit an order (including by telephone or online), we will collect information necessary to fulfil that order.
How we store personal information
We take all reasonable steps to keep secure any personal information which we hold about you and to protect your personal information from loss, misuse or unauthorised alteration. Any personal information you provide to us is stored on secure servers. We also maintain physical security procedures to manage and protect the use and storage of records containing personal information.
Our employees are obliged and trained to respect the confidentiality of any personal information held by us.
To help us protect your privacy, you should maintain the secrecy of the user names and passwords you use to access and use our websites.
We are not responsible or liable for the security of data sent via the internet.
Purpose of collection
We collect, hold and muse personal information so we can:
- meet our legal obligations;
- identify our customers, potential customers and their representatives as well as the consumers of our products;
- provide our products and services
- communicate with you;
- inform you about our products and services, the benefits of using our products and about offers or other benefits that may become available;
- seek your opinion or comments about our products and services;
- carry out billing and debt recovery activities;
- carry out our management, administrative, quality assurance and complaint handling activities in a professional and efficient manner;
- develop and implement initiatives to improve our products and services; and
- contact you to enable us to manage your account (if any) and fulfil our obligations to you or your organisation.
PharmaCare (Europe) Limited is the controller of your personal information that you provide via this website, unless otherwise stated.
Data controllers must define their lawful justifications for processing personal information. Where PharmaCare (Europe) Limited act as data controllers, the lawful basis for processing are either:
Consent: the individual has given clear consent for PharmaCare (Europe) Ltd to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract PharmaCare (Europe) Ltd have with the individual, client or organisation in the provision of a contract, or because they have asked PharmaCare (Europe) Ltd to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for PharmaCare (Europe) Ltd to comply with the law (this applies to additional regulation, such as HMRC guidance). Where PharmaCare (Europe) Ltd are data processors acting on written instructions of a data controller that is relying on a ‘legal obligation’ basis, PharmaCare (Europe) Ltd will verify the data controller has confirmed this lawful basis for processing before completing any activity on the controller’s behalf.
Legitimate Interests: the processing is necessary for PharmaCare (Europe) Limited’s legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
We usually disclose the personal information we collect to our related entities, service providers and contractors that help us supply our products and services. For example, we may disclose the personal information we collect to our information technology providers (including database and cloud services providers), providers of marketing and promotional services, professional advisers such as legal practitioners and accountants, debt collectors and insurers.
Except as indicated above, we will not disclose your personal information to a third party unless:
- you have consented to the disclosure;
- the third party is our service provider or contractor, in which case we will contract with them to use and disclose the personal information only for the purpose for which it was provided to them and/or under our instructions;
- the third party is a person involved in a dealing or proposed dealing (including a sale) of all or part of our assets and business;
- the disclosure is permitted, required or authorised by or under law.
In some circumstances we may use personal information to advise you of new products and marketing initiatives that we think may be of interest to you. This could include product or service offerings, newsletters and general information about us.
When we plan or propose to market to you, we will do so within the law, either seeking your informed consent, or, where you create a customer account or order goods or services from us, under permitted ‘soft opt-in’ rules. If you prefer not to receive information about our products and services, you will either be able to decline our marketing up front, or you can ask at any later point to be removed from the relevant circulation list by contacting us using the contact details listed below or follow the unsubscribe link at the bottom of all our marketing emails.
We will never disclose personal information to a third party for the purpose of allowing them to direct market their products or services to you, unless you have first expressly consented to that disclosure.
We may contact you from time to time for market research purposes, as this is an important part of our continuing product and service development. We may contact you by email, phone or mail, and could also use the information we collect from you to customise our websites according to your interests.
Access, quality and correction
If at any time you want to know what personal information we hold about you, you are welcome to request access to that information by contacting us via the contact details listed below.
We always try to make sure that the information we hold about you is accurate, complete and up-to-date. If at any time you believe the personal information that we hold about you is incomplete or inaccurate, please let us know by contacting us at the contact details listed below. We will then use all reasonable efforts to correct the information as quickly as possible.
Websites and cookies
To ensure we are meeting the needs and wants of our website users, and to develop our online services, we collect aggregated information by using cookies or similar electronic tools.
Cookies are unique identification numbers like tags that are placed on the browser of our website users. These cookies are used to retain login and location information in order to make your experiences more convenient and personal. No other business or organisation has access to our cookies.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Changes to this policy
As our business evolves, our business processes and policies will be reviewed and may be amended. We may change this policy at any time. We will notify you of any change by posting an updated version of the policy on our website. Please be aware that it is your responsibility to check our website and make sure you keep up-to-date with any changes to this policy.
We are committed to constantly improving our procedures so that your personal information is treated appropriately. If you feel that we have failed to deal with your personal information in accordance with this notice or the GDPR, please contact us at the contact details listed below so we have an opportunity to resolve the issue to your satisfaction.
Our privacy officer will:
- listen to your concerns and grievances;
- discuss with you the ways in which we can remedy the situation; and
- put in place an action plan to resolve your complaint and improve our information handling procedures if appropriate.
Your data protection rights
Under data protection law, you have rights which are linked to the lawful bases we identify for data processing:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not usually required to pay any charge for exercising your rights. If you make a request, we will endeavour to respond to you within one month, though we reserve the right to seek to extend this or charge reasonable fees (such as for registered post) within the remit of the law.
See below for contact details if you wish to make a request.
If you require more detailed information about how we deal with personal information or if you have any concerns about how we have dealt with your personal information, please let us know by contacting us at:
PharmaCare Europe Ltd.
Unit 3, Dialog
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
We will respond to your concerns as quickly as possible.