Privacy Policy

We collect and use your Personal Information in accordance with this Privacy Policy.

The majority of the Personal Information we receive and hold will be based on the information you provide to us by:

• Visiting ChurchPharmacy.co.uk (or associated Order Line Ltd websites such as BeamWave Technologies and associated mobile apps [such as DigitRx] and so on).
• Contacting us by telephone, email, social media or other messaging systems, traditional post.

Please do not submit such personal information to us if you do not wish us to collect it.

However, please be aware, some Personal Information may include information you voluntarily, but unintentionally provided to us.

We also collect from:

• Our websites (the “Websites”);
• The software applications made available by us for use on or through computers and mobile devices (the “Apps”);
• Cookies (“Cookies”);
• The publicly available information and other resources (I.e Social Media, Credit Check Agencies, etc.).
• Third-party services such as Facebook, FreshChat/Desk, Instagram, WhatsApp, Hotjar and others.

Personal Information we collect may include the following for us to provide products and services:

• General identification and contact information of you: your name; address; email; IP address; telephone details; gender; date and place of birth; physical attributes including photos, your location.
• Other sensitive information: Patient/client details such as from Prescription records, possible criminal/non-compliance records, and other records from regulatory authorities and associations. Documents and details to verify your identity: I.D documents, utility bills, agency searches.
• Documents and details to verify your identity: I.D documents, utility bills, agency searches.
• Marketing preferences: enter a contest or prize draw or other sales promotion, or respond to a voluntary customer satisfaction survey.
• Statistical information: aggregate statistical information about site visitors and users for internal use and for other lawful purposes. Where we provide such information we will provide this in an anonymous format and not include any Personal Information unless for legitimate interest reasons (See our Information Charter for more details).
• Information from Apps: submit comments to the Site, participate in message boards, blogs, send us emails or any other user-generated content facility.
• Publicly available information (or information you submit to us) in relation to professional history: educational background; employment history; skills and experience; professional licenses and affiliations; educational and professional qualifications.
• Your professional details you may send to us: For example Qualifications details, Training certificates, Insurance cover, affiliations to associations.

Consent

On some occasions, Order Line Ltd processes your data with your consent as part of becoming a customer with us or by explicit request by your self (Opt-in). You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

To fulfil a contract

Order Line Ltd may process your data when we need to do this to fulfil a contract with you, such as offering you with products and services as part of visiting our website or registering with us as a customer.

Legitimate Interest

Order Line Ltd also processes your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights as per GDPR rules.

Our legitimate interests include:

• Ensuring the security and integrity of our Services and in ensuring that our Websites and Apps operate effectively;
• Offering and supplying goods and services to our customers;
• Protecting customers, employees and other individuals and maintaining their safety, health and welfare;
• Promoting, marketing and advertising our products and services;
• Sending promotional communications which are relevant and tailored to individual customers;
• Understanding our customers’ behaviour, activities, preferences, and needs;
• Improving existing products and services and developing new products and services;
• Handling customer contacts, queries, complaints or disputes; and
• Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
• The processing is necessary because of a legal obligation that applies

Order Line Ltd may process your data to comply with our legal and regulatory obligations eg preventing, investigating and detecting crime, fraud including working with law enforcement agencies, suppliers/manufacturer's, I.D check agencies and so on. (Please refer to our Information Charter for further details).

Order Line Ltd may make Personal Information available to:

Our Group/Sister Companies

We may share your personal data with our sister company SkyNet Ltd and SpaceStem Pvt Ltd which operate in supporting Order Line Ltd’s needs in operating the business. Where they have access to your personal data they will use it only for the purposes set out in this Privacy Policy. Order Line Ltd will remain overall responsible for the management and security of jointly-used Personal Information. Access to Personal Information within Order Line Ltd and our group of companies/sister companies is restricted to those individuals who have a need to access the information for our business purposes.

Consultants, Contractors, Self-Employed Workers

In the course of our business to help provide the products and services we offer, Order Line Ltd may make Personal Information available to third parties such as Locum Pharmacists, Self-employed workers and other intermediaries and agents and other business partners.

Our Service Providers

This includes external third-party service providers, such as accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers (some based outside of the EEA) and similar third-party vendors and outsourced service providers such as Royal Mail, DPD, etc that assist us in carrying out business activities.

Governmental Authorities and Public Authorities

Order Line Ltd may share your (or your patient/client’s) Personal Information with governmental or other public authorities (including, but not limited to, regulatory authorities, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law (b) to comply with legal process; (c) to respond to requests from public and government authorities (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.

Other Third-Parties

Occasionally, we may share your (or your patient/client’s) Personal Information with other third parties (Please refer to Information Charter for further details). We will always do this under contract and within UK law including the Data Protection Act and GDPR.

We use Personal Information for some or all of the following:

• Communicate with you as part of our business;
• Send you important information regarding changes to our policies, other terms and conditions, our Websites and Apps and other administrative information;
• Provide improved quality, training and security and manage other commercial risks;
• Carry out market research and analysis, including satisfaction surveys;
• Provide marketing information to you (including information about other products and services offered by selected third-party partners) in accordance with preferences you can express to us. Please be aware you can always change these preferences.
• Allow you to participate in contests, prize draws and similar promotions, and to administer these activities. Some of these activities have additional terms and conditions, which could contain additional information about how we use and disclose your Personal Information, so we suggest that you read these carefully;
• Facilitate social media sharing functionality;
• Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;
• Resolve complaints, and handle requests for data access or correction;
• Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process, and respond to requests from public and governmental authorities).
• Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.

Personal Information which you supply to us is generally stored and kept inside the European Economic Area.

However, due to the requirements of our business and the technologies required, your Personal Information may be transferred to third-party service providers outside the EEA (such as SpaceStem Pvt Ltd – one of our software solutions partners); In such situations, we transfer the minimum amount of data necessary, anonymise it where possible and enter legal contracts to aim to ensure these third parties handle the Personal Information in accordance with this Privacy Policy and UK Law including GDPR. Another example would be using other third-party service providers such as FreshDesk, WhatsApp, MailChimp/Zoho etc where some messaging and customer account data may be hosted on their own servers, however, the data would not be accessible by them based on their own strong Privacy policies and security systems.

When you access our website online (without login), we store some information about you. This is anonymous and used for statistical purposes.

When you create an account and log-in to your 'My Account' area, it is protected by your password and may only be accessed by you.

You can de-activate your account at any time, by contacting us. Customers who do not have website access such as wholesale customers, you can contact us on managing the information we hold for you. You may also request for our Retention Policy for further details.

Order Line Ltd is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold.

Our security measures include:

• Secure I.T systems in place for our website, app, and other services such as encryption, strong password protections, firewalls, VPN tunnels, and so on.
• Review our information collection, storage and processing practices, including physical security measures as part of the Pharmacy Information Governance rules;
• Restrict access to personal access to personal information to Order Line Ltd employees, contractors and agents who need to know that information in order to process it for us and who are subject to contractual confidentiality and processing obligations. They may be disciplined/contract terminated/legal prosecution if they fail to meet these obligations; and
• Internal policies setting out our data security approach and training for employees.

We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Online Behavioural Advertising

We partner with third-party specialists so that we can display advertising which is more relevant to you and your interests on our Web sites and apps. We and our network partners (such as Google Analytics) may utilise cookies or web beacons along with other codes such as your Identifier for Advertising (IFA) or Android ID for your phone to better understand your interests from the web pages you interact with and the search terms you use on our site to build a picture of the category of interests or preferences you have and to provide advertisements about goods and services that may be of interest to you. Our network partners do not collect and do not have access to any information from which you

can be directly identified such as your real name or address or email. They may, however, anonymously track your Internet usage across other websites in their networks beyond these Sites. If you wish to opt-out of tailored advertising you can do so by contacting us. You can also learn more about our use of cookies and similar technologies and your choices by reading our cookies policy. Please note that if you opt-out you may receive generic advertising (when browsing on our website/apps) that has not been targeted to you and your interests. Please refer to our Cookies Policy for more information.

Direct Advertising and Communication

We regularly use emails to communicate with our customers with it being a fast form of updating on news and changes. We from time to time use SMS when there is a significant piece of news which may benefit you. We do not use hard copy materials to communicate with our customers on a regular basis due to costs and delays in this form of communication but it can be helpful when a customer’s email settings may block our e-shots. Therefore we use all forms of digital and non-digital communications to reach out to our customers where practically possible however we do encourage our customers to also check our website for the latest information.

E-newsletters, SMS, Social Media, Online messaging, hard copy leaflets, etc

Order Line Ltd uses various digital and non-digital forms of direct advertising such as E-newsletters, SMS, Social Media, Online messaging, hard copy leaflets, etc for advertising.

You may opt-out of any advertising of Order Line Ltd’s products and services however please be aware this may impact on the effectiveness of how we manage your customer account with us, for example, we may promote a new App service to help improve the efficiency of handling your customer account or a special discount on a particular product you have purchased in the past but if you have opted out of direct advertising then we would not be able to keep you informed of the products and services you may benefit from.

Marketing Related Communications - Processing and Consent

You can contact us for reviewing/updating your content options or if you have access to our website you can update your consent settings via the My Account page.

For Social Media Platforms, you may wish to review your links/tags if you have connected with us and remove yourself from our Social Media groups/pages if you do not wish to be contacted through Social Media for Marketing related material. Please note the company may process your data for Marketing related purposes as part of Recital 47 of the GDPR.

The Marketing material you would receive can be “processed” information based on the data we would collect from you (i.e ordering history, browsing habits) and/or data collected from other third party sources (i.e your company website), etc. Also, the Marketing material you would receive can be from “non-processed” information which would not be based on any background or customised data patterns (i.e traditional direct marketing).

You have the following rights:

• The right to ask what personal data we hold about you at any time, subject to a fee specified by law.
• The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
• (As set out above) the right to opt-out of any marketing communications that we may send you.

If you wish to exercise any of the above rights, please contact us.

Order Line Ltd’s B2B services are not directed towards individuals under the age of eighteen (18). No person under the age of 18 is allowed to access our website due to the nature of some of products we hold such as injectables.

Please note that we are not responsible for the data processing of any Personal Information you disclose to other organisations through our Social Media Pages.

Any Third parties who have received personal information from Order Line Ltd have confirmed to adhere to the Data Protection Act / GDPR including any companies outside of the EEA. Please refer to our Information Charter for more details.

Please note that we are not responsible for the data processing of any Personal Information you disclose to other organisations through our Social Media Pages.

Any Third parties who have received personal information from Order Line Ltd have confirmed to adhere to the Data Protection Act / GDPR including any companies outside of the EEA. Please refer to our Information Charter for more details.

Here are some examples:

• You may be a customer/agent who collects personal data on behalf of a patient/client, then forwards the data to Order Line Ltd. (i.e. You are the Prescriber, carried out a face to face consultation, then have forwarded the patient’s prescriptions to Order Line Ltd).
• You may be a customer/agent who collects personal patient data via your practitioners and then forwards the prescriptions to Order Line Ltd. (I.e You are part of a buying group/association who works with a team of practitioners/prescribers where you are exposed to personal data and then forwarding it onto Order Line Ltd).
• You may be a customer/agent who collects personal data from a prescriber and then forwards the data (I.e prescriptions) to Order Line Ltd. (I.e a Nurse running a clinic and working with an outsourced prescriber).

To be clear, any scenario where you are collecting personal data including your colleague’s personal details (I.e practitioner/prescriber) and patient/client personal details and then forwarding it onto Order Line Ltd – this would mean you would be jointly responsible for the data subject on handling, storing, transferring the personal data of your patient/client/practitioner/colleague to Order Line Ltd.

Therefore, it is extremely important that you, your colleges who work with you including practitioners/prescribers) who are exposed to any personal details must adhere to Data Protection rules including the GDPR; by using Order Line Ltd’s services or submitting data to Order Line Ltd means you are entering into a declaration that the data you have collected and submitted to us has been carried out lawfully and within the GDPR rules. If you are not in compliance with GDPR rules then you must cease submitting data to Order Line Ltd and inform our D.P.O immediately by emailing: compliance@churchpharmacy.co.uk

Please also see our Terms and conditions and Cookies Policy and Information Charter for more information.

The Privacy policy on this page mostly relates to Order Line Ltd’s customers however if you are also a customer of Order Line Ltd please take note of this Privacy policy and also refer to Staff Privacy Policy.

If you have any questions about this policy or our use of the data we hold you can email: compliance@churchpharmacy.co.uk or write to D.P.O, Information Governance Dept, Order Line Ltd, 7 Prince William Road, Loughborough, LE11 5GU.

The data controller responsible for your information is Order Line Ltd

We review this Privacy Policy and the general terms and conditions (which includes sub-policies such as the Cookie Policy and Information Charter) regularly and reserve the right to make changes at any time of the Privacy Policy to take account of changes in our business and legal requirements. We will place updates on our website; please take a look at the “LAST UPDATED” date above the title of this Privacy Policy to see when the Privacy Policy was last revised.