CHARAC PRIVACY NOTICE
Welcome to Charac. We are Charac Limited (“we”, “us” or “our”) and are known as Charac. This privacy notice applies to your use of charac.co.uk and the web browser and mobile application based Charac Platform (our “Services”).Our Platform has been designed to improve the online accessibility of independent pharmacies and their services. Charac enables independent pharmacies to make their appointments, video consultations, prescriptions and other advice/services available to you from the comfort of your own home.At Charac, we are committed to protecting the personal information we process in connection with your use of the Platform. To maintain your trust and the trust of our local pharmacy partners, we aim to be as transparent as possible to ensure that you understand our privacy practices. This includes the information we collect, why we collect it, how it is used and the rights and choices available to you regarding our use of your personal information.
This notice covers the following areas:
1.How does Charac work? who is responsible for my personal information?2. What information does Charac collect about me?3. What cookies and similar technologies does Charac use?4. Why does Charac process my personal information and what are Charac’s legal bases for doing so?5. Who does Charac share your information with and why?6. How does Charac send information outside of my country?7. What are my privacy rights?8. How does Charac protect my personal information?9. How long does Charac retain my personal information?10. Can this Privacy Notice change?11. How can I contact Charac?
1. HOW DOES CHARAC WORK? WHO IS RESPONSIBLE FOR MY PERSONAL INFORMATION?
CharacWe are the operator of the Charac Platform, which has been designed to improve the digitisation of processes and services within community pharmacies. What this means for our users, is that if your local pharmacy has signed up to Charac, then you will be able to book and manage in-store and online appointments, consultations, manage prescriptions with your local pharmacy, as well as providing information ahead of your visit, to improve your instore experience. If you or your pharmacy uses Charac to provide or coordinate your access to pharmaceutical products or services, then we will be the party responsible for the processing of your personal information within the Charac environment (the data controller). Your pharmacyIf your local pharmacy has signed up to Charac, they will be able to coordinate, manage and deliver their products and services through the Platform. Both your pharmacist, and their administrative users will be able to access the Platform, as necessary to coordinate and deliver their services to you. This includes managing your appointments, and prescriptions and adding care notes to your account. The pharmacy will be independently responsible (as a separate and independent data controller) for both their use of the Platform, and their use and collection of your personal information in connection with the delivery of their services. For additional information about how your Pharmacy processes the personal information you provide through Charac, please see the Patient’s Privacy Notice appended at the end of this notice.
2. WHAT INFORMATION DOES CHARAC COLLECT ABOUT ME?
Information you give us You choose to give us certain information when signing up for and using our Service. Information we receive from others In addition to the information you provide us directly, we receive information about you from others, including:
3. WHAT COOKIES AND SIMILAR TECHNOLOGIES DOES CHARAC USE ?
We use and may allow others to use cookies and similar technologies (e.g., web beacons, pixels) to recognize you and/or your device(s). Some of these cookies are essential to our service, for example they ensure the Platform loads properly, they remember your cookie preferences, enable you to use payment functionalities, and enable Charac administrative users to login to the Platform. Others are analytical nature allowing us to better understand how you use our Platform. You can find more information about the individual cookies we use, the purposes for which we use them, and how you can better control their use in our Cookie Notice. You can also set your browser to accept or reject all specific cookies. You can set your browser to alert you each time a cookie is presented to your device or opt out of Google Analytics by installing Google’s opt-out browser add-on. You can delete cookies that have been stored on your device, but if you prevent us from placing cookies on your device, or if you subsequently delete a cookie, it may not be possible for you to use our Platform effectively. Please see our Cookie Notice for additional information.
We will only use your personal data if we have a proper reason to process it and the law allows us to do so.When we process your personal data, this will usually be:We process your personal information when you access our website or use the Platform, in accordance with our website and Platform terms of use, which are applicable to your use of our Services.
We may also use your personal information where we have legitimate interests to do so. For example, we rely on our legitimate interests to process personal information about unregistered users, when Pharmacies enter such information into, or invite unregistered users to our Platform. We also rely on legitimate interests to analyse users’ behaviour on our Services to improve our offerings, for targeted advertising and for administrative, and other legal purposes.
In some cases, applicable laws may require us to process certain information about you.
We may ask for your consent to use your personal information for certain specific reasons. You may withdraw your consent at any time by contacting us at the address provided at the end of this Privacy Notice.
The table below sets out all the ways in which we plan to use your personal data, which of the legal bases we rely on to do so and, where relevant, what the legitimate business interests are. There may be more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us at dataprotection@charac.co.uk if you want to know which specific legal basis we are relying on where more than one is set out in the table below.
1. To provide our Service
What we use your information for?
This includes:
- Making our website and Platform available to you;
- Creating and managing your account;
- Sharing your information with your chosen Pharmacy;
- Tailoring our Services and advice to you;
- Customer support;
- Communicating with you about our Services, including order management and billing.
What information we actually use ?
As more particularly defined in section 2 (what information does Charac collect about me):
- Account and contact details;
- NHS details;
- Information relating to your health (Platform only – to the extent such information is provided by you, or your pharmacist);
- Billing details;
- Customer service information
The reason we use your information
- To provide our service/perform our contract;
- Legitimate business interests – to provide, facilitate or coordinate services you have requested, communicate with you, to keep our records up to date;
- Consent – we ask for your consent when you sign up and or update your details on the platform.
You may withdraw your consent at any time, please see section 7 (What are my privacy rights) for additional information.
2. To manage our relationship with you
What we use your information for?
Including:
- Notifying you of changes in our terms or privacy policy
- Asking you to leave a review or take part in a survey
What information we actually use ?
As more particularly defined in section 2 (what information does Charac collect about me):
- Account and contact details;
- Customer service information
The reason we use your information
- To provide our service/perform our contract;
- To comply with our legal obligations;
- Our legitimate business interests (keeping our records up-to-date, studying how customers use our products/services)
3. To improve our Services
What we use your information for?
- To conduct research and analysis of users’ behaviour to improve our Services and content (for instance, we may decide to change the look and feel or even substantially modify a given feature based on users’ behaviour); and
- To develop new features and services (for example, we may decide to build a new interests-based feature further to requests received from users).
What information we actually use ?
As more particularly defined in section 2 (what information does Charac collect about me):
- Device, usage and geolocation information.
- Feedback in your communications with us.
The reason we use your information
- Consent for the use of analytics cookies and similar technologies to improve your user experience and our Services.
- For non-cookie derived information our legitimate interests to improve your user experience and our Services.
You may withdraw your consent at any time, please see section 7 (What are my privacy rights) for additional information.
4. To suggest products/services which may be of interest to you
What we use your information for?
- To suggest products/services which may be of interest to you;
- To use data analytics to improve our website, products/services, marketing, customer relationships & experiences
What information we actually use ?
As more particularly defined in section 2 (what information does Charac collect about me):
- Account and contact details;
- Device, usage and geolocation information.
- Feedback in your communications with us
The reason we use your information
- Our legitimate interests (developing our products/services, growing our business)
- Where required by applicable law and marketing rules, your consent to receive marketing communications.
You may withdraw your consent at any time, please see section 7 (What are my privacy rights) for additional information.
5. To develop anonymised insights applicable to our Services, and the pharmaceutical industry more broadly
What we use your information for?
- In some circumstances we may anonymise your personal information (so that it can no longer be associated with you). This can be for research or statistical purposes, in which case we may use the anonymised information indefinitely without further notice to you.
What information we actually use ?
- Any information in section 2 (what information does Charac collect about me), only in so far as necessary to anonymise the information.
The reason we use your information
- Our legitimate interests to develop insights and statistics as to the use of our Services, and to identify trends within the pharmaceutical industry more broadly.
6. To administer our business and prevent, detect and fight fraud or other illegal or unauthorized activities
What we use your information for?
We perform personal information analysis:
- to better understand and design countermeasures against these activities and retain personal information related to fraudulent activities to prevent against recurrences.
- To administer and protect our business, website and Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting & hosting data).
What information we actually use ?
As more particularly defined in section 2 (what information does Charac collect about me):
- Account and contact details
- Device, usage and geolocation information.
The reason we use your information
- Where required by applicable laws, and as necessary to ensure legal compliance, or to assist law enforcement; or
- Our legitimate business interests to prevent fraud or other illegal activities in line with industry best practice.
- Our legitimate business interests (running our business, providing admin & IT services, network security, for a business reorganisation or group restructuring)
7. To ensure legal compliance
What we use your information for?
- To comply with legal requirements, assist law enforcement and enforce or exercise our rights, for example our terms and conditions.
What information we actually use ?
- Any information in section 2, only to the extent it is strictly necessary.
The reason we use your information
- Processing is necessary for compliance with a legal obligation to which we are subject;
- Our legitimate business interests to establish, exercise or defend legal claims.
Automated Decision Making
In order to comply with our legal obligations and industry best practice, we use our user’s date of birth to determine their eligibility for features and content on the platform.If you would like further information about this assessment, including asking for a person to review a decision please contact us at dataprotection@charac.co.uk.Please note you also have a right to object to profiling, and solely automated decision making as detailed below in section 7 (Privacy Rights).
5. WHO DOES CHARAC SHARE YOUR INFORMATION WITH AND WHY?
With our service providersWe use third parties to help us operate and improve our Services. These third parties assist us with various tasks, including personal information hosting and maintenance, analytics, customer care, marketing, advertising, payment processing and security operations.We may also provide aggregated (anonymised) information to third parties as detailed below.A list of these third parties is available on request.
With your chosen pharmacyAs further detailed in section 1 (How does Charac work?) Charac provides a platform through which you are able to access services from local pharmacies who have signed up to our Platform. When you use the Platform you will be asked to select your chosen Pharmacy. The selections you make in relation to their services, will be shared with the Pharmacy as necessary for their coordination, management, and delivery of services/products requested by you through the Platform.Please see the privacy notice available through your pharmacist’s website for additional information.
In corporate transactionsWe may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
When required by lawWe may disclose your personal information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.
To enforce legal rightsWe may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
With your consent or at your requestWe may ask for your consent to share your personal information with third parties. In any such case, we will make it clear why we want to share the information.
Anonymised dataWe may use and share anonymised data (meaning information that, by itself, does not identify who you are such as device information, general demographics, general behavioural personal information, geolocation in de-identified form), as well as personal information in an aggregated, hashed, non-human readable form, under any of the above circumstances. We may combine this information with additional anonymised data or personal information in hashed, non-human readable form collected from other sources.
6. HOW DOES CHARAC SEND INFORMATION OUTSIDE OF MY COUNTRY?
All personal information processed as part of the Services, is held securely by our information hosting provider AWS on servers in the UK..We do not routinely transfer personal information outside the UK. However in the event we need to transfer your personal information outside the UK or European Economic Area (“EEA”) we will ensure we have in place adequate safeguards to do so. These can include standard contract clauses approved by the UK or European Commission or other suitable safeguards to permit personal information transfers from the UK and European Economic Area (“EEA”) to other countries.
7. WHAT ARE MY PRIVACY RIGHTS?
In certain circumstances, as a UK or EEA resident, you may exercise the rights available to you under the GDPR and the Data Protection Act 2018, these can include:If you wish to access, correct, update or request deletion of your personal information.
8. HOW DOES CHARAC PROTECT MY PERSONAL INFORMATION?
We have implemented, and will maintain current, reasonable physical, technical, and organizational security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.Unfortunately, the transmission of information via the internet is not completely secure. Although we have security measures in place to protect your personal information, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk.
9. HOW LONG DOES CHARAC RETAIN MY PERSONAL INFORMATION?
Your personal information will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this policy or as otherwise required by applicable law. Unless we are required to retain your personal data by law, or to provide you with the Service, we will aim to keep your data for no more than seven years.
10. CAN THIS PRIVACY NOTICE CHANGE?
This Notice may be amended from time to time. We will post any changes we may make on this page and, where appropriate, notify you via e-mail. When amendments are made, we will update the "last updated" date at the top of this Notice.
If you have any questions or comments, please contact us at dataprotection@charac.co.uk .
Annex 1
How pharmacies use the personal information in connection with your use of Charac
The following section of this notice details how pharmacies use the information associated with your use of the Charac platform. The Pharmacies are independently responsible for their compliance with this annex, and for providing you with any additional information associated with their use of your personal data. Please contact your chosen Pharmacy is you have any questions, queries or rights you wish to exercise in respect of their use of your information.
Patient’s Privacy Notice
1.Welcome
This Privacy Notice (“Notice”) has been prepared by Charac Limited for the benefit of its customers, such as local pharmacies, and in connection with the online pharmacy services provided through the Charac platform. The purpose of this Notice is to explain how local pharmacies Charac engages with typically handle personal data about you and outline the rights that you have under the applicable data protection laws.Note that “you” and “your” include any users or patients that may be registered to Charac’s platforms.Your local pharmacy may be referred to in this Notice as “they” or “them”.Your local pharmacy will be the controller of your personal data. Please note that you can access the services provided by your local pharmacy via online (including booking appointments and video consultation, among others) through the Charac platform. You can consult Charac Limited privacy notice atprivacy-policy
2.What information does your local pharmacy collect about you?
Your local pharmacy may collect and process your personal data in accordance with applicable laws to pursue its business activities.Your local pharmacy may collect and process information about you including:
3. How does your local pharmacy obtain your personal data?
Your local pharmacy may collect your information:
4. Why does your local pharmacy process your personal data for and what are the legal bases they rely on?
Your local pharmacy may process your personal data for the purposes below and based on the following legal bases:i. They shall rely on the compliance with applicable laws and regulations for the following purposes:
5. How does your local pharmacy keep your personal data safe?
Your local pharmacy implements appropriate technical, physical, and organizational measures which are intended to safeguard any information you provide to them, and to protect it from unauthorised access, loss, misuse, alteration or destruction.
6. Who is your personal data disclosed to?
Your local pharmacy will only disclose your personal data in accordance with the applicable laws and for the above-stated purposes, to the following parties:
7. What are your rights?
You have rights in relation to your personal data arising from the applicable data protection legislation. These include the right to:
8.How long will your local pharmacy retain your personal data?
Your local pharmacy generally retains personal data for as long as needed for the specific purpose(s) for which it was collected. In some cases, they may be required to retain your personal data for a longer period where applicable laws or regulations require or allow them to do so.Where possible, your local pharmacy aims to anonymise the information or remove unnecessary identifiers from records that they may need to keep for longer periods beyond the specified retention period.
9. Who do I contact to ask questions about this Notice?
If you have any queries or concerns about this Notice or you wish to exercise your rights and/or make complaints concerning the handling of your personal data, please contact your local pharmacy.If you are still dissatisfied, you have the right to complain to your data protection authority. The relevant national data protection authority is responsible for overseeing compliance of the privacy laws in each EEA country. You may contact your local data protection authority for more information about your rights, or if you are not able to resolve a problem directly with your local pharmacy and wish to make a complaint. A list of European data protection authorities is available here:http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
10. Can this Notice be updated?
This Notice is kept under regular review in order to reflect changes in the law, regulatory guidance or data privacy practices in compliance with the law. When this happens and where required by law, you shall be provided with a new or an updated Notice detailing how the use of your personal data is changing.