Privacy Policy

Version 2.0
Effective Date: 25.02.2026

This Privacy Policy explains how Pharmulous Healthcare Ltd (“Pharmulous”, “we”, “us”, “our”) collects, uses, stores and protects your personal data when you use our website, place an order, complete a consultation, or interact with our services.

Nothing in this policy affects your statutory rights.

1. Who We Are

Pharmulous is a trading name of Pharmulous Healthcare Ltd, a company registered in England and Wales (Company No. 15076607), with its registered office at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ.

Pharmulous Healthcare Ltd is the Data Controller responsible for your personal data.

If you have any questions about data protection, you can contact us at:

Email: [email protected]

2. Our Regulatory Framework

We process personal data in accordance with:

• UK General Data Protection Regulation (UK GDPR)

• Data Protection Act 2018

• Human Medicines Regulations 2012

• Applicable healthcare and pharmacy regulations

As a regulated pharmacy, we process certain health data under strict confidentiality obligations.

3. The Data We Collect

We may collect and process the following categories of personal data:

a) Personal Identification Information

• Full name

• Date of birth

• Email address

• Telephone number

• Billing and delivery address

• Identity verification details (including age verification)

b) Health and Medical Information (Special Category Data)

• Medical history

• Current conditions

• Medication history

• Consultation responses

• Prescription information

c) Account and Transaction Data

• Login credentials

• Order history

• Payment details (processed securely via payment providers)

d) Technical and Usage Data

• IP address

• Device and browser type

• Website usage data

• Cookie and analytics data (see Cookies Policy)

4. How We Use Your Data

We use your personal data to:

• Process and fulfil orders

• Provide clinical consultations and issue prescriptions

• Verify your identity and age (including via AgeChecked)

• Maintain secure patient records

• Comply with legal and regulatory obligations (GPhC, MHRA, NHS requirements where applicable)

• Communicate with you regarding orders and services

• Improve our website and services

• Prevent fraud and misuse

Clinical decisions are not made solely by automated systems. All prescribing decisions involve review by a qualified healthcare professional.

5. Lawful Basis for Processing

We process personal data under Article 6 UK GDPR on the following lawful bases:

• Contract – to provide pharmacy services and fulfil your order

• Legal obligation – to comply with healthcare and tax regulations

• Legitimate interests – to operate and secure our business

• Consent – where you have explicitly agreed (e.g. marketing)

Where we process health and medical information (special category data), we rely on:

Article 9(2)(h) UK GDPR – processing necessary for the provision of health care or treatment by or under the responsibility of a healthcare professional.

6. Sharing Your Data

We may share your data with trusted third parties, including:

• Licensed pharmacists and prescribing clinicians

• Payment service providers

• Delivery couriers

• Identity verification providers (e.g. AgeChecked)

• IT hosting and security providers

• Legal or regulatory authorities where required

We do not sell your personal data.

All third parties are required to process data securely and lawfully.

7. International Data Transfers

Your data is stored on secure servers located in the UK or European Economic Area (EEA).

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

• UK adequacy regulations; or

• Approved contractual clauses.

8. Data Security

We implement appropriate technical and organisational measures, including:

• Encrypted communications (HTTPS/SSL)

• Secure server infrastructure

• Access controls for sensitive health data

• Staff confidentiality obligations

• Regular security assessments

Health information is handled with enhanced confidentiality protections.

9. Data Retention

We retain personal data only as long as necessary and in accordance with regulatory requirements.

• Pharmacy and prescription records: minimum 8 years

• Financial records: typically 6 years (tax compliance)

• Marketing data: until consent is withdrawn

• Inactive accounts: retained or archived in line with regulatory obligations

Where possible, data may be anonymised for audit or quality improvement purposes.

10. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data

• Rectify inaccurate or incomplete data

• Request erasure (subject to regulatory obligations)

• Restrict processing

• Object to processing based on legitimate interests

• Data portability

• Withdraw consent (where processing is based on consent)

Requests can be made by contacting us at [email protected] 

We may request proof of identity before fulfilling a request.

11. Marketing Communications

We will only send marketing communications where you have provided consent.

You may unsubscribe at any time using the link in the email or by contacting us directly.

Withdrawing consent does not affect the lawfulness of prior processing.

12. Children’s Data

Our services are intended for individuals aged 18 years and over.

We do not knowingly collect personal data from individuals under 18.

13. Complaints

If you have concerns about how your data is handled, please contact us first at [email protected] 

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk

Phone: 0303 123 1113

14. Changes to This Policy

We may update this Privacy Policy from time to time.

The version in force at the time of your interaction with our services will apply.

Significant changes will be notified on our website.