Church Pharmacy Cookies Policy

This website uses cookies to improve your browsing experience. If you continue, we'll assume that you are happy to receive cookies from our website, although you can change your browser's cookie settings at any time. To find out more about how we use cookies and how to manage your browser settings, please read our Cookies Policy.
Ok got it

Information Charter

The information Charter is part of Order Line Ltd’s Privacy policy.

The privacy of our visitors and customers (and the patients we directly or indirectly serve) is extremely important. This document outlines more details of the types of personal (and sensitive) information we process as well as some of the steps we take to safeguard that information. We hope this will helps you make an informed decision about submitting personal information to us and/or using Order Line Ltd’s websites (including

Visitors to our websites and general communications.

When someone visits (or any company under Order Line Ltd) we may collect standard internet logging information that details visitor behaviour patterns. We do this to discover information such as the number of visitors to the various parts of the site. Due to legal regulations, we do collect some personally identifiable information but this data is protected and we do not share information unless required by law or based on legitimate interest reasons. We also do need to collect personally information through our services (such as including phone/fax/email/messaging) which may be required for customer management.

Use of Contractors and 3rd Parties

Order Line Ltd may use contractors to help ensure an efficient and professional operation of the company. The type of contractors could vary such as locum pharmacists who are not employees of Order Line Ltd, contractors such as accounting auditors, or contractors for securely shredding confidential information or for efficient messaging systems (such as WhatsApp) or for outsourcing your delivery solutions such as courier companies or for outsourcing the order processing/software requirements for the running of the services we offer and so on.

All contractors we may use sign up to strict confidentiality agreements/contracts to ensure the personal data (and sensitive data such as patient data) is held securely and within the rules of the Data Protection Act and GDPR.

The Church Pharmacy (Order Line Ltd) website and our order processing services is co-managed by our solutions partner SpaceStem Pvt Limited (contractor) based outside of the EEA in line with Principle 8 of the Data Protection Act.

Your personal and any sensitive data (including your client’s/patient data) is processed by Church Pharmacy and SpaceStem Pvt Limited to help enable us in providing the best customer service possible such as running and maintaining the website and processing your prescription orders throughout the day as efficiently as possible.

The processing of the personal and sensitive data by Order Line Ltd (and it’s approved contractors including SpaceStem Pvt Limited) is based on strict policies in line with the Data Protection Act, GDPR and Department of Health guidelines to ensure UK compliance.

The storage of the personal and sensitive data which is stored on I.T systems, is located on local and cloud based environments in a secure manner. Transfers of data between storage environments is carried out in a secure manner including the use of encryption.

Some of these data centres are based outside of the UK/EU/EEA to help ensure efficiency and redundancy of systems which are all compliant with industry standard guidelines to ensure high levels of security compliance.

We will not redistribute any personal data to companies outside of Order Line Ltd and its approved contractors for their own marketing purposes without your consent, however some manufacturer's/suppliers may contact you for direct marketing purposes (on the grounds of legitimate interests) and you will have the right to opt out of marketing communications if you wish. Data may be shared with approved 3rd parties only for legitimate interest reasons, customer consent or by contract based on UK laws and the Data Protection Act/GDPR, refer to Recital 47 of the GDPR.

How we collect and use your information:-

This section further details of what to expect when Order Line Ltd collects personal information. It applies (but not limited to) information we collect about:

  • visitors to our websites (also see our cookies policy)
  • complainants and other individuals in relation to a data protection or freedom of information complaint or inquiry
  • people who use our services, eg who receives our newsletter or request a publication from us

1. People who call our helpline

When you call Order Line Ltd we may collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness. The CLI data is stored in a secure system.

We may record phone calls for training and monitoring purposes. The recordings are stored in a secure system.

2. People who make a complaint to us or third parties.

When we receive a complaint from a person we create a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We may have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for a limited period before closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will use the information supplied to us (as well as any relevant information from or systems) to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

If we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually we do not, identify any complainants unless the details have already been made public.

In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.

3. People who use Order Line Ltd’s services (including visitors to our websites).

Order Line Ltd offers various services to its customers and potential customers. For example, we send out publications and distribute an electronic newsletter. We may use a third party’s to deal with some publication requests, but they are only allowed to use the information to send out the publications, not for their own use. For example contractors which are used for e-newsletters are MailChimp and Zoho.

We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services but change their mind later, they can cancel their customer account at any time and are given an easy way of doing this by contacting our customer services dept via the website contact us page.

4. Access to personal information

Church Pharmacy tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who could it be disclosed to; and
  • let you have a copy of the relevant information

To make a request to Church Pharmacy for any personal information we may hold you need to put the request in writing addressing it: D.P.O, Information Governance department, or writing to the address provided below.

If we do hold information about you which may be incorrect, you can ask us to correct any potential mistakes by, once again, contacting the Information Governance department. This request may take some time as we may need to verify the corrections that may be submitted by you including re-verifying your identity.

5. Changes to the privacy policy and sub policies including Information Charter, Cookies Policies, etc:

We keep our privacy notice under regular review, please check at the bottom of the Privacy Policy Page for when it has last been updated.

6. Disclosure of personal data and non-personal data to 3rd parties:

We may share certain information relating from your customer account (collected from you or the people that represent you) to approved third parties.

The reasons why this information may need to be shared to third parties would be on the grounds of legitimate interests – within the rules of the Data protection Act and GDPR.

Most of information we may share to third parties would be limited to the following:

1. Customer account name, the contact names given on the account, customer account postal addresses and contact details such as email/telephone listed on the customer account.

2. The products purchased on your customer account including batch/serial numbers and quantities.

3. Your profession (i.e Doctor/Dentist/Nurse) and the status of your training and insurance certificates.

4. (See further below***)

The above information would generally be similar of what would appear on your customer invoice.

An example of the third parties which may need to have access to areas of the data outlined above includes:

A. Contractors to help Order Line Ltd carry out its requirements as a business including including Courier companies (I.e Royal Mail), software/operational support (I.e SpaceStem Pvt Ltd), Locum Pharmacists, Bookkeeping and Accountants, Consultants (I.e Solicitors, Regulatory affairs), - Credit Check Agencies (I.e Experian) and Credit Card processing agents (I.e Visa/Mastercard), etc

B. Regulatory Authorities (I.e MHRA, GPHC, Police/Law Enforcement, PCI, etc)

C. Manufacturer's/Suppliers of the product(s) you may purchase from Order Line Ltd; further details below**

C**: Customer account information shared with Manufacturer's/Suppliers (based on the legitimate interests clause within the Data protection Act/Recital 47 of the GDPR):-

Your purchasing statistics including product, quantities, batch/serial numbers (and possibly your account name/address) may be required by the supplier/manufacturer of the product(s) you purchase to aid them with any of the below requirements:

1. Stock traceability.

2. Anti-Fraud purposes.

3. Statistical analysis.

4. Supporting the Falsified Medicines Directive.

The above is required as part of a resource to help in overall auditing needs by the manufacturer/supplier related to the products they have supplied to Order Line Ltd and purchased by you. Any of the customer account data we share with the manufacturer/supplier will be under the following conditions:

  • The customer purchasing account information (customer account name, account address, product(s) purchased, quantities purchased, batch/serial numbers of the product(s) purchased) shared with the manufacturer/supplier would only be related to the actual product(s) you may have purchased from us.
  • The customer account information will be shared in a secure manner and the storage and handling of the data will be within GDPR rules by Order Line Ltd and the manufacturer/supplier.
  • You may opt out of any marketing related communications which the supplier/manufacturer may contact you directly - as per GDPR rules (Ref Recital 47 of the GDPR)
  • We will only share the minimal amount of information to required by the manufacturer/supplier and would only share the information upon the manufacture/supplier sending a written and a valid request to Order Line Ltd for the information within the rules of the legitimate interests clause of the GDPR rules.
  • All data transfers from Order Line Ltd to the manufacturer/supplier would be within the rules of the Data Protection Act and GDPR. All manufacturer's/suppliers we may share information with would have technical agreements/contracts in place to adhere to the Data Protection Act/GDPR and covering the importance of confidentiality.

***4. Disclosure of personal sensitive data to 3rd parties:

Sensitive information such as data which identifies a patient would be classed as sensitive information which would be shared to a limited number of third parties as follows:

  • Regulatory Authorities – I.e GPHC/MHRA/Law enforcement authorities based on legitimate interests – Ref Recital 47 of the GDPR
  • SpaceStem Pvt Ltd – software and operational support to Order Line Ltd based on the needs of the business – Ref Principle 8 of the Data Protection Act.
  • Locum Pharmacists and contracted staff - based on legitimate interests – Ref Recital 47 of the GDPR.
  • Consultants contracted for regulatory support based on legitimate interests – Recital 47 of the GDPR.

All third parties have agreed on appropriate confidentiality rules/contracts to adhere to the Data Protection Act and GDPR rules. For further information, please refer to Privacy Policy page which is part of this Information Charter.


If you do not agree to the Order Line Ltd’s Policies as posted on this website, please do not use this site or any services offered by this site or Order Line Ltd. Your use of this site indicates acceptance of this privacy policy and the company’s terms and conditions. By using this website (and/or submitting data) to Order Line Ltd, you are entering into an agreement with our Privacy policies and agreeing to our full company terms and conditions available on our website. The main Privacy Policy has sub policies which is part of the main policy, sub policies such as the Cookies Policy and Information Charter. If you have any concerns or queries on how we safeguard personal data, please contact us using the contact us page from the website or you can write in to the following address: DPO, Information Governance Dept, Order Line Ltd, 7 Prince William Road, Loughborough, LE11 5GU.

How to contact us

Requests for information about our privacy policy or other related queries can be emailed to or by writing to:

D.P.O, Information Governance Dept.
7 Prince William Road
LE11 5GU