Privacy Policy of this Pharmacy application
Introduction
Your personal data is collected by us for the purposes of allowing you to use this app. This app has been designed to enable you to send your prescriptions in advance to the pharmacy in which you have registered with the aim of reducing your waiting time in store.
We are committed to protecting your personal data and this privacy policy sets out why we require your personal data, how we process it in compliance with data protection legislation and what your rights are under the legislation. You may contact us at any time to exercise your rights as a data subject or where you require further clarification on the information provided in this policy by emailing us through this app.
Categories of Personal Data Collected
When you register in store to use this app, we require information on you such as your name, and date of birth for the purposes of verifying your identity when you download the app and to accurately register you on our database to keep a record of the prescriptions you purchase for the purposes of patient safety. We store your email address and password for authentication purposes only.
We use your location data with your permission to show nearby pharmacies, however, we do not store your location on our servers.
We access the camera and the photo gallery on your phone to scan the QR registration code and to also send a photo of your prescription to the pharmacy.
We store details of your name or the patient who you are collecting the prescription on behalf of, and you may choose to change this if you wish.
In respect of information collected on your medication, we store the drug name, strength and directions from you registered pharmacy in order for you to view this information from within the app.
We do not use information that you have provided us with through the app for marketing purposes other than where you may have opted-in separately to receive marketing communications.
Legal Basis for Collecting Personal Data
We do not require information on your health status to use the app, however, from the prescriptions that you order from us, it may be possible to infer information relating to your health from this data, and therefore we may collect information classified as special categories of data as defined under Article 9 of the General Data Protection Regulation (GDPR) and by using this app and uploading prescriptions to it you provide us with your explicit consent to process this category of data on you. We rely on your consent to contact you through the app where the pharmacist may have a query in relation to the prescription you have submitted through the app.
You are free to withdraw your consent at any time by deleting your account which removes all data from our servers.
We also rely on Article 6(f) of the GDPR to process your personal data for the purpose of running analytics on our sales and website to determine how we can optimise and improve the app for the benefit of its users.
Retention of Personal Data
Where you upload prescriptions to the app, whether on an ad hoc or repeated basis, we retain this information on the app for the purposes of ensuring we accurately dispense the repeat dosages and for the purposes of ensuring your safety and wellbeing as a patient.
We have a statutory basis for retaining this information in the interests of patient safety for a period of three years (five years in the case of unlicensed medicines) as we are obliged under Regulation 10 of the Medicinal Products (prescription and Control of Supply) Regulations 2003 (as amended) to retain prescriptions or duplicate copies of prescriptions on the pharmacy premises from the date of dispensing or in the case of repeat prescriptions from the last date of dispensing. We will therefore take a copy of the prescription when you arrive to collect the medicine and will retain this on our premises for the purposes specified.
Disclosure of Personal Data
Your data will not be shared with any third parties and will only be accessed in limited circumstances by the developers of the app with prior approval from us and your explicit consent where their assistance is required with troubleshooting issues with the app. A data processing agreement has been put in place with this third party in their capacity as data processor of this data to ensure that they adequately protect your data and keep it confidential, safe and secure.
Where required by law to disclose this data to law enforcement authorities we are under a legal basis to do so.
Security
We have implemented appropriate security measures to protect your personal data against unauthorised access, alteration, destruction or disclosure including encryption using industry standard techniques and tokenisation to mask patient details stored on our servers. The QR code used to register patients on the app also expires after 7 days to ensure that it is not misused by a third party. Access to and management of data is limited to those staff members who have appropriate authorisation. Where data is stored in hard copy format, we have procedures in place and staff training to ensure that paper records are stored securely.
Unfortunately, no data transmission over the Internet or electronic storage system can be guaranteed as secure, however, we will ensure that the technical and organisational measures in place are regularly reviewed to ensure that they are up-to-date and functioning effectively.
Your Rights
You have a number of rights as a data subject which you may choose to exercise at any time by contacting us
Where you wish to access a copy of your personal data held by us, you may do so by contacting us in writing and we will respond to this request in 30 days.
Where you wish the data that we hold on you to be rectified, you have the right to request this in writing. 
Where you wish to exercise your right to have your personal data erased, we will do so without undue delay, subject to the exemptions provided for in Article 17(3) of the GDPR.
You have the right to obtain restriction of processing of your personal data where you contest the accuracy of the data for a period allowing us to verify the accuracy of the data; where the processing is unlawful and you oppose the erasure of your data and request the restriction of its use instead; where we no longer need the data for the purposes for which it was collected but it is required by you for legal purposes; where you have objected to the processing pursuant to Article 21(1).
You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
You have the right to object to the processing of your personal data where your data is processed on the basis of our legitimate interests.
You also have the right to complain to the Data Protection Commission where you believe that your personal data has not been processed in compliance with this legislation.