1. To provide our Service
What we use your information for?

This includes:

  • Making our website and Platform available to you;
  • Creating and managing your account;
  • Sharing your information with your chosen Pharmacy;
  • Tailoring our Services and advice to you;
  • Customer support;
  • Communicating with you about our Services, including order management and billing.
What information we actually use ?

As more particularly defined in section 2 (what information does Charac collect about me):

  • Account and contact details;
  • NHS details;
  • Information relating to your health (Platform only – to the extent such information is provided by you, or your pharmacist);
  • Billing details;
  • Customer service information
The reason we use your information
  • To provide our service/perform our contract;
  • Legitimate business interests – to provide, facilitate or coordinate services you have requested, communicate with you, to keep our records up to date;
  • Consent – we ask for your consent when you sign up and or update your details on the platform.

You may withdraw your consent at any time, please see section 7 (What are my privacy rights) for additional information.

2. To manage our relationship with you
What we use your information for?

Including:

  • Notifying you of changes in our terms or privacy policy
  • Asking you to leave a review or take part in a survey
What information we actually use ?

As more particularly defined in section 2 (what information does Charac collect about me):

  • Account and contact details;
  • Customer service information
The reason we use your information
  • To provide our service/perform our contract;
  • To comply with our legal obligations;
  • Our legitimate business interests (keeping our records up-to-date, studying how customers use our products/services)
3. To improve our Services
What we use your information for?
  • To conduct research and analysis of users’ behaviour to improve our Services and content (for instance, we may decide to change the look and feel or even substantially modify a given feature based on users’ behaviour); and
  • To develop new features and services (for example, we may decide to build a new interests-based feature further to requests received from users).
What information we actually use ?

As more particularly defined in section 2 (what information does Charac collect about me):

  • Device, usage and geolocation information.
  • Feedback in your communications with us.
The reason we use your information
  • Consent for the use of analytics cookies and similar technologies to improve your user experience and our Services.
  • For non-cookie derived information our legitimate interests to improve your user experience and our Services.

You may withdraw your consent at any time, please see section 7 (What are my privacy rights) for additional information.

4. To suggest products/services which may be of interest to you
What we use your information for?
  • To suggest products/services which may be of interest to you;
  • To use data analytics to improve our website, products/services, marketing, customer relationships & experiences
What information we actually use ?

As more particularly defined in section 2 (what information does Charac collect about me):

  • Account and contact details;
  • Device, usage and geolocation information.
  • Feedback in your communications with us
The reason we use your information
  • Our legitimate interests (developing our products/services, growing our business)
  • Where required by applicable law and marketing rules, your consent to receive marketing communications.

You may withdraw your consent at any time, please see section 7 (What are my privacy rights) for additional information.

5. To develop anonymised insights applicable to our Services, and the pharmaceutical industry more broadly
What we use your information for?
  • In some circumstances we may anonymise your personal information (so that it can no longer be associated with you). This can be for research or statistical purposes, in which case we may use the anonymised information indefinitely without further notice to you.
What information we actually use ?
  • Any information in section 2 (what information does Charac collect about me), only in so far as necessary to anonymise the information.
The reason we use your information
  • Our legitimate interests to develop insights and statistics as to the use of our Services, and to identify trends within the pharmaceutical industry more broadly.
6. To administer our business and prevent, detect and fight fraud or other illegal or unauthorized activities
What we use your information for?

We perform personal information analysis:

  • to better understand and design countermeasures against these activities and retain personal information related to fraudulent activities to prevent against recurrences.
  • To administer and protect our business, website and Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting & hosting data).
What information we actually use ?

As more particularly defined in section 2 (what information does Charac collect about me):

  • Account and contact details
  • Device, usage and geolocation information.
The reason we use your information
  • Where required by applicable laws, and as necessary to ensure legal compliance, or to assist law enforcement; or
  • Our legitimate business interests to prevent fraud or other illegal activities in line with industry best practice.
  • Our legitimate business interests (running our business, providing admin & IT services, network security, for a business reorganisation or group restructuring)
7.  To ensure legal compliance
What we use your information for?
  • To comply with legal requirements, assist law enforcement and enforce or exercise our rights, for example our terms and conditions.
What information we actually use ?
  • Any information in section 2, only to the extent it is strictly necessary.
The reason we use your information
  • Processing is necessary for compliance with a legal obligation to which we are subject;
  • Our legitimate business interests to establish, exercise or defend legal claims.

Automated Decision Making

In order to comply with our legal obligations and industry best practice, we use our user’s date of birth to determine their eligibility for features and content on the platform.If you would like further information about this assessment, including asking for a person to review a decision please contact us at dataprotection@charac.co.uk.Please note you also have a right to object to profiling, and solely automated decision making as detailed below in section 7 (Privacy Rights).

5. WHO DOES CHARAC SHARE YOUR INFORMATION WITH AND WHY?

With our service providersWe use third parties to help us operate and improve our Services. These third parties assist us with various tasks, including personal information hosting and maintenance, analytics, customer care, marketing, advertising, payment processing and security operations.We may also provide aggregated (anonymised) information to third parties as detailed below.A list of these third parties is available on request.

With your chosen pharmacyAs further detailed in section 1 (How does Charac work?) Charac provides a platform through which you are able to access services from local pharmacies who have signed up to our Platform. When you use the Platform you will be asked to select your chosen Pharmacy. The selections you make in relation to their services, will be shared with the Pharmacy as necessary for their coordination, management, and delivery of services/products requested by you through the Platform.Please see the privacy notice available through your pharmacist’s website for additional information.

In corporate transactionsWe may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.

When required by lawWe may disclose your personal information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.

To enforce legal rightsWe may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.

With your consent or at your requestWe may ask for your consent to share your personal information with third parties. In any such case, we will make it clear why we want to share the information.

Anonymised dataWe may use and share anonymised data (meaning information that, by itself, does not identify who you are such as device information, general demographics, general behavioural personal information, geolocation in de-identified form), as well as personal information in an aggregated, hashed, non-human readable form, under any of the above circumstances. We may combine this information with additional anonymised data or personal information in hashed, non-human readable form collected from other sources.

6. HOW DOES CHARAC SEND INFORMATION OUTSIDE OF MY COUNTRY?

All personal information processed as part of the Services, is held securely by our information hosting provider AWS on servers in the UK..We do not routinely transfer personal information outside the UK. However in the event we need to transfer your personal information outside the UK or European Economic Area (“EEA”) we will ensure we have in place adequate safeguards to do so. These can include standard contract clauses approved by the UK or European Commission or other suitable safeguards to permit personal information transfers from the UK and European Economic Area (“EEA”) to other countries.

7. WHAT ARE MY PRIVACY RIGHTS?

In certain circumstances, as a UK or EEA resident, you may exercise the rights available to you under the GDPR and the Data Protection Act 2018, these can include:If you wish to access, correct, update or request deletion of your personal information.

  • You can object to processing of your personal information, profiling and use of solely automated decision making, ask us to restrict processing of your personal information or request portability of your personal information.
  • If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. This may mean your access to certain services is restricted or denied as a result. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

8. HOW DOES CHARAC PROTECT MY PERSONAL INFORMATION?

We have implemented, and will maintain current, reasonable physical, technical, and organizational security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.Unfortunately, the transmission of information via the internet is not completely secure. Although we have security measures in place to protect your personal information, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk.

9. HOW LONG DOES CHARAC RETAIN MY PERSONAL INFORMATION?

Your personal information will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this policy or as otherwise required by applicable law. Unless we are required to retain your personal data by law, or to provide you with the Service, we will aim to keep your data for no more than seven years.

10. CAN THIS PRIVACY NOTICE CHANGE?

This Notice may be amended from time to time. We will post any changes we may make on this page and, where appropriate, notify you via e-mail. When amendments are made, we will update the "last updated" date at the top of this Notice.

11. HOW CAN I CONTACT CHARAC?

If you have any questions or comments, please contact us at dataprotection@charac.co.uk .

Annex 1

How pharmacies use the personal information in connection with your use of Charac

The following section of this notice details how pharmacies use the information associated with your use of the Charac platform. The Pharmacies are independently responsible for their compliance with this annex, and for providing you with any additional information associated with their use of your personal data. Please contact your chosen Pharmacy is you have any questions, queries or rights you wish to exercise in respect of their use of your information.

Patient’s Privacy Notice

1.Welcome

This Privacy Notice (“Notice”) has been prepared by Charac Limited for the benefit of its customers, such as local pharmacies, and in connection with the online pharmacy services provided through the Charac platform. The purpose of this Notice is to explain how local pharmacies Charac engages with typically handle personal data about you and outline the rights that you have under the applicable data protection laws.Note that “you” and “your” include any users or patients that may be registered to Charac’s platforms.Your local pharmacy may be referred to in this Notice as “they” or “them”.Your local pharmacy will be the controller of your personal data. Please note that you can access the services provided by your local pharmacy via online (including booking appointments and video consultation, among others) through the Charac platform. You can consult Charac Limited privacy notice atprivacy-policy

2.What information does your local pharmacy collect about you?

Your local pharmacy may collect and process your personal data in accordance with applicable laws to pursue its business activities.Your local pharmacy may collect and process information about you including:

  • Contact details such as your name, address, telephone number and email address, gender.
  • Health Data such as the information related to any disease you may be suffering, any specific diagnosis or medical treatment you may receive.
 You may decide not to provide your personal data to your local pharmacy. However, if you do not provide it, your local pharmacy may not be able to provide you with their services.

3. How does your local pharmacy obtain your personal data?

Your local pharmacy may collect your information:

  • Directly from you through your interactions with them, such as when you book an appointment with them or when they have video consultations with you; or
  • From third party sources, such as Charac Limited as the owner of the Charac platform in which you are registered and where you upload your personal data, as well as from your relatives, where you cannot provide your personal data directly.

4. Why does your local pharmacy process your personal data for and what are the legal bases they rely on?

Your local pharmacy may process your personal data for the purposes below and based on the following legal bases:i. They shall rely on the compliance with applicable laws and regulations for the following purposes:

  • To establish, exercise or defend legal claims in suspected or actual legal proceedings or to exercise or perform any right or obligation which is conferred or imposed by law on them.
  •  Where they are legally required to process personal data in connection with health and safety legislation and other legal or tax related obligations.
ii. They shall rely on the performance of their obligations arising from the service contract or arrangement in place with you for the following purposes:
  • Performance of Service which includes making appointments, video consultations, prescriptions and other advice/services, available to you.
iii. They shall rely on your explicit consent, for the following purposes:
  • Processing your health data in case they need to collect and process it for the provision of their services.
 They shall notify you of any material changes to personal data they collect or to the purposes for which they collect and process it.

5. How does your local pharmacy keep your personal data safe?

Your local pharmacy implements appropriate technical, physical, and organizational measures which are intended to safeguard any information you provide to them, and to protect it from unauthorised access, loss, misuse, alteration or destruction.

6. Who is your personal data disclosed to?

Your local pharmacy will only disclose your personal data in accordance with the applicable laws and for the above-stated purposes, to the following parties:

  • Third-party service providers for the provision of services to your local pharmacy such as third parties supporting them with their IT systems and third parties providing external legal advice or litigation support. Your local pharmacy has appropriate contracts in place that define the legitimate use and sharing of personal data in accordance with this Notice and oblige such service providers to only process personal data that is necessary for the performance of the contract or are required by applicable laws.
  • Regulatory authorities and other public bodies, for the purposes of, including but without limitation, responding to official requests or inquiries, complying with a court order, administrative or judicial process, or when the disclosure is otherwise required by applicable laws and regulations.
  • Parties including prospective or actual buyers or sellers in the event of a merger, acquisition, or other reorganization or sale or disposition of all or any portion of your local pharmacy business and/or assets.
Some of these third parties may be located in a country outside the European Economic Area (“EEA”), where the applicable laws may not afford your personal data the same level of protection as your own country. Where your personal data is transferred abroad, your local pharmacy will ensure that adequate safeguards are in place (e.g. for residents of the EEA this includes the use of European Commission approved standard contractual clauses) and that all applicable laws and regulations are complied with. You may contact your local pharmacy for a copy of the safeguards which they have put in place to protect your personal data in these circumstances.

7. What are your rights?

You have rights in relation to your personal data arising from the applicable data protection legislation. These include the right to:

  • Access, rectify and erase your personal data: You may have the right to request access to information that your local pharmacy holds about you; request corrections or updates to your personal data; or, in some cases, ask your local pharmacy to erase your personal data except to the extent that they are required or permitted to retain it by law.
  • Restriction of processing: You may have the right to request the restriction of processing of your personal data, in which case, your personal data will only be processed for certain purposes.
  • Data portability: You may you have the right to receive the personal data which you have provided to your local pharmacy in a structured, commonly used and machine-readable format and you may have the right to transmit the personal data to another entity without hindrance from them.
  • Object: Where your local pharmacy relies on legitimate interests as a legal basis for processing personal data, you have the right to object, on grounds relating to your situation, at any time to the processing of your personal data by them and they are required to no longer process your personal data. If you exercise this right, your personal data will no longer be processed for such purposes unless otherwise authorised by law.
  • Consent withdrawal: You have the right to withdraw any consent you may have provided at any time without being penalised.
If you wish to exercise one of the above-mentioned rights, please refer to Section 9 “Who do I contact to ask questions about this Notice” below.Any request to exercise one of these rights will be assessed by your local pharmacy on a case by case basis. There may be circumstances in which your local pharmacy is not legally required to comply with your request or because of relevant legal exemptions provided for in applicable data protection legislation.

8.How long will your local pharmacy retain your personal data?

Your local pharmacy generally retains personal data for as long as needed for the specific purpose(s) for which it was collected. In some cases, they may be required to retain your personal data for a longer period where applicable laws or regulations require or allow them to do so.Where possible, your local pharmacy aims to anonymise the information or remove unnecessary identifiers from records that they may need to keep for longer periods beyond the specified retention period.

9. Who do I contact to ask questions about this Notice?

If you have any queries or concerns about this Notice or you wish to exercise your rights and/or make complaints concerning the handling of your personal data, please contact your local pharmacy.If you are still dissatisfied, you have the right to complain to your data protection authority. The relevant national data protection authority is responsible for overseeing compliance of the privacy laws in each EEA country. You may contact your local data protection authority for more information about your rights, or if you are not able to resolve a problem directly with your local pharmacy and wish to make a complaint. A list of European data protection authorities is available here:http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

10. Can this Notice be updated?

This Notice is kept under regular review in order to reflect changes in the law, regulatory guidance or data privacy practices in compliance with the law. When this happens and where required by law, you shall be provided with a new or an updated Notice detailing how the use of your personal data is changing.