Privacy Policy

This policy outlines 3CEES Pharmacy's commitment to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It ensures that personal data is processed lawfully, fairly, and securely to safeguard the rights of patients, customers, and partners.

This policy applies to all employees, patients, customers, healthcare partners, and third-party service providers who handle personal data within 3CEES Pharmacy operations. It governs the collection, storage, processing, and sharing of personal data to uphold compliance and protect individual privacy.

All personal data processed by 3CEES Pharmacy will adhere to the following principles:

• Lawfulness, Fairness & Transparency: Data is processed legally, fairly, and with transparency.
• Purpose Limitation: Data is collected for legitimate, specified purposes only.
• Data Minimisation: Only relevant and necessary data is processed.
• Accuracy: Data is maintained accurately and updated where required.
• Storage Limitation: Data is retained for appropriate periods, in line with regulatory requirements.
• Integrity & Confidentiality: Data is protected from unauthorised access, loss, or misuse.
• Accountability: 3CEES Pharmacy ensures compliance with data protection regulations.

Personal data is collected and processed for the following purposes:

• Prescription Services: Managing prescription dispensing, patient medication records, and pharmaceutical care.
• NHS Services: Providing NHS consultations, Pharmacy First services, and health screenings.
• Healthcare Communication: Contacting patients regarding prescription updates, health advice, or appointments.
• Travel Health Services: Managing travel vaccinations and health consultations.
• Mental Health Support: Providing confidential mental health consultations and support.
• Regulatory Compliance: Meeting legal obligations and pharmaceutical regulations.

To ensure data security and prevent breaches, 3CEES Pharmacy implements the following measures:

• Secure password-protected systems and encrypted databases for all electronic records.
• Physical records stored in locked cabinets, accessible only to authorised healthcare personnel.
• Strict access controls and regular security audits of our systems.
• Staff training on data protection and confidentiality requirements.
• Secure transmission of data when sharing with healthcare partners or regulatory bodies.

As a patient or customer, you have the following rights regarding your personal data:

• Access your personal data upon request.
• Request corrections to inaccurate or incomplete data.
• Request deletion of personal data where applicable (subject to legal requirements).
• Restrict processing under specific circumstances.
• Object to certain data uses, such as marketing communications.
• Data portability - receive a copy of your data in a commonly used format.

To exercise these rights, please contact our Data Protection Officer or pharmacy manager in writing.

• Personal data is only shared with NHS systems, regulatory bodies, healthcare professionals, or service providers when necessary for patient care or legal compliance.
• Third-party processors must comply with GDPR standards to ensure data protection and security.
• We may share anonymised data for research purposes to improve healthcare outcomes.
• Emergency situations may require sharing of health information with emergency services or healthcare providers.

• Prescription records are stored for a minimum of 2 years in accordance with pharmaceutical regulations.
• Patient health records are retained for 7 years or as required by NHS and healthcare regulations.
• Personal data no longer required is disposed of securely, preventing unauthorised access.
• Digital records are securely deleted and physical records are shredded using confidential waste services.

• Any data breach must be reported immediately to our Data Protection Officer and pharmacy manager.
• Serious breaches will be reported to the Information Commissioner's Office (ICO) within 72 hours.
• Affected individuals will be notified promptly if the breach poses a high risk to their rights and freedoms.
• We maintain a breach register and conduct investigations to prevent future occurrences.

Our website may use cookies to improve user experience. We use:

• Essential cookies: Required for basic website functionality.
• Analytics cookies: To understand how visitors use our website (anonymised data).
• Marketing cookies: Only with your consent for personalised content.

You can manage cookie preferences through your browser settings.