LAST UPDATED: 4.12.19
The privacy of our visitors and customers (and the patients we directly or indirectly serve) is extremely important. This document outlines more details of the types of personal (and sensitive) information we process as well as some of the steps we take to safeguard that information. We hope this will helps you make an informed decision about submitting personal information to us and/or using Order Line Ltd’s websites (including ChurchPharmacy.co.uk).
Visitors to our websites and general communications.
When someone visits www.ChurchPharmacy.co.uk (or any company under Order Line Ltd) we may collect standard internet logging information that details visitor behaviour patterns. We do this to discover information such as the number of visitors to the various parts of the site. Due to legal regulations, we do collect some personally identifiable information but this data is protected and we do not share information unless required by law or based on legitimate interest reasons. We also do need to collect personal information through our services (such as including phone/fax/email/messaging) which may be required for customer management.
How we collect and use your information
This section further details of what to expect when Order Line Ltd collects personal information. It applies (but not limited to) information we collect about:
When you call Order Line Ltd we may collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness. The CLI data is stored in a secure system.
We may record phone calls for training and monitoring purposes. The recordings are stored in a secure system.
When we receive a complaint from a person we create a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We may have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for a limited period before closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will use the information supplied to us (as well as any relevant information from or systems) to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
If we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually, we do not identify any complainants unless the details have already been made public.
In many circumstances, we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.
Order Line Ltd offers various services to its customers and potential customers. For example, we send out publications and distribute an electronic newsletter. We may use a third party’s to deal with some publication requests, but they are only allowed to use the information to send out the publications, not for their own use. For example, contractors which are used for e-newsletters are MailChimp and Zoho.
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services but change their mind later, they can cancel their customer account at any time and are given an easy way of doing this by contacting our customer services dept via the website contact us page.
Church Pharmacy tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
To make a request to Church Pharmacy for any personal information we may hold you need to put the request in writing addressing it: D.P.O, Information Governance department, or writing to the address provided below.
If we do hold information about you which may be incorrect, you can ask us to correct any potential mistakes by, once again, contacting the Information Governance department. This request may take some time as we may need to verify the corrections that may be submitted by you including re-verifying your identity.
We may share certain information relating from your customer account (collected from you or the people that represent you) to approved third parties.
The reasons why this information may need to be shared to third parties would be on the grounds of legitimate interests – within the rules of the Data Protection Act and GDPR.
Most of the information we may share to third parties would be limited to the following:
1. Customer account name, the contact names given on the account, customer account postal addresses and contact details such as email/telephone listed on the customer account.
2. The products purchased on your customer account including batch/serial numbers and quantities.
3. Your profession (i.e Doctor/Dentist/Nurse) and the status of your training and insurance certificates.
4. (See further below***)
The above information would generally be similar to what would appear on your customer invoice.
An example of the third parties which may need to have access to areas of the data outlined above includes:
A. Contractors to help Order Line Ltd carry out its requirements as a business including Courier companies (I.e Royal Mail), software/operational support (I.e SpaceStem Pvt Ltd), Locum Pharmacists, Bookkeeping and Accountants, Consultants (I.e Solicitors, Regulatory affairs), - Credit Check Agencies (I.e Experian) and Credit Card processing agents (I.e Visa/Mastercard), etc
B. Regulatory Authorities (I.e MHRA, GPHC, Police/Law Enforcement, PCI, etc)
C. Manufacturer's/Suppliers of the product(s) you may purchase from Order Line Ltd; further details below**
C**: Customer account information shared with Manufacturer's/Suppliers (based on the legitimate interests clause within the Data Protection Act/Recital 47 of the GDPR):-
Your purchasing statistics including product, quantities, batch/serial numbers (and possibly your account name/address) may be required by the supplier/manufacturer of the product(s) you purchase to aid them with any of the below requirements:
1. Stock traceability.
2. Anti-Fraud purposes.
3. Statistical analysis.
4. Supporting the Falsified Medicines Directive.
The above is required as part of a resource to help in overall auditing needs by the manufacturer/supplier related to the products they have supplied to Order Line Ltd and purchased by you. Any of the customer account data we share with the manufacturer/supplier will be under the following conditions:
***4. Disclosure of personal sensitive data to 3rd parties:
Sensitive information such as data which identifies a patient would be classed as sensitive information which would be shared to a limited number of third parties as follows:
Agreeing to Terms
How to contact us
D.P.O, Information Governance Dept.
7 Prince William Road