Berts Apothecary – Privacy Policy

 

Introduction

At Berts Apothecary, your privacy is as important to us as your wellbeing. This policy explains how we collect, use, store, and protect your personal information when you use our services — whether online, in‑person, or by phone.

1. Information We Collect

We may collect and process the following categories of personal data:

  • Identity Data – name, date of birth, gender, preferred pronouns.
  • Contact Data – address, email, phone number.
  • Health Data – relevant medical history, prescriptions, symptoms, lifestyle information.
  • Transactional Data – payment details, purchase history.
  • Technical Data – IP address, browser type, usage patterns on our website.
  • Correspondence – messages, emails, consultation notes.

2. How We Use Your Information

We process your personal data to:

  • Provide safe, effective, and tailored holistic care and clinical services.
  • Fulfil regulatory requirements for healthcare records.
  • Manage appointments, prescriptions, and product orders.
  • Improve our website, services, and customer experience.
  • Communicate with you about updates, offers, and relevant wellbeing content (only with your consent).
  • Handle billing, payments, and account administration.

3. Legal Basis for Processing

We process your personal data under:

  • UK GDPR and Data Protection Act 2018.
  • Consent – where you explicitly agree (e.g., marketing or certain health assessments).
  • Contractual necessity – to provide the services you request.
  • Legal obligation – to comply with healthcare regulations.
  • Legitimate interests – to improve our services and protect our business.

4. Data Security

We implement technical and organisational safeguards, including encrypted systems, secure clinical software, and restricted access protocols.

5. Data Sharing

We do not sell your data. We may share your information with:

  • Regulated healthcare providers involved in your care.
  • Pharmacies, laboratories, and approved suppliers.
  • IT service providers for secure systems hosting.
  • Regulatory bodies, when legally required.

6. Data Retention

  • Health records: retained for the period required by UK healthcare regulations (usually 8 years, or until a child turns 25).
  • Non‑health personal data: kept only as long as necessary for the purposes collected.

7. Your Rights

You have the right to:

  • Access a copy of your personal data.
  • Request correction or deletion.
  • Restrict or object to processing.
  • Withdraw consent at any time (where applicable).
  • Lodge a complaint with the ICO (Information Commissioner’s Office).

8. Contact Us

Data Protection Lead – Berts Apothecary
Email: Stu@bartsapothecary.co.uk
Address: FORMA HOUSE

40 BOWLING GREEN LANE

LONDON

UNITED KINGDOM

EC1R 0NE

 

9. Policy Updates

We may update this policy to reflect changes in law or practice. The latest version will always be available on our website.

Effective Date: 01/08/2025