1. Introduction

Hickey’s Pharmacy is an Irish-owned Community Pharmacy Group providing expert healthcare advice for over 20 years., registered address Block 1, Unit 3, Northwood Court, Santry Demense, Dublin 9, and is the data controller of any personal data you provide in the context of engaging our services. We are committed to protecting your personal data in compliance with data protection principles. You may contact us at any time to exercise your rights as a data subject or where you require further clarification on the information provided in this policy by emailing dpo@hickeyspharmacies.ie.

By using this Website you are agreeing to the use of your personal data as described in this Privacy Notice.

2. Purposes of Data Collection

i. Performance of a Contract

Where you voluntarily provide your personal data for the purposes of enquiring about our products or services we rely on Article 6(1)(b) of the GDPR to process this data.

ii. Consent

We rely on Article 6(1)(b) and Article 9(a) of the GDPR to process special categories of data where it may be possible to infer the status of your health or any particular condition that you have by contacting us with regards to a query you may have regarding medicinal or health products. We also rely on your consent where you have provided your personal data to us for the purposes of applying for a job with Hickeys Pharmacies.

iii. Legitimate Interests

We also rely on Article 6(f) of the GDPR to process your personal data for the purpose of running analytics on our sales and website to determine how we can optimise and improve our business for the benefit of our customers.

3. Categories of Data Collected

We only collect personal data that is provided by you i.e. name, address, telephone number, email address. We also collect non-personal information: data collected for statistical purposes which is not associated with a specific identity. This site collects and analyses technical information in order to evaluate our Website. The type of technical information we log is confined to the following:

• The IP address of the visitor’s Web server

• The top-level domain-name used (for example .ie, .com, .org, .net)

• The pages visited on the this site Website, i.e. URL’s visited

• The previous Website address from which the visitor reached us, including any search terms used

• Clickstream data which shows the traffic of visitors around this Website (for example, pages accessed)

We use cookies on our website for the purposes of website functionality and optimising your browsing experience. For more information on cookies please refer to our cookies policy.

4. How is your Data Processed?

Your data is automatically synced with our mail servers and will be processed internally for the purposes outlined above.

4.1 Candidate Manager

If you click on “View Current Vacancies” in the Careers section of the website you will be diverted to a website hosted by our recruitment partner, Candidate Manager. Hickey’s Pharmacy are satisfied that Candidate Manager are compliant with all Data Protection Legislation and have taken appropriate steps to ensure that all data collected by them through our recruitment section is stored responsibly and securely. Furthermore, this data will only be used for the purpose it was intended, i.e. recruitment applications, and will not be shared with any other parties. All personal data held by Candidate Manager will be stored by them for a maximum of 365 days.

5. Who will this information be shared with?

Your privacy is very important to us. Your personal data may be shared with business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you. In the event of a purchase or sale of the business, we may disclose your personal data to third parties who are prospective buyers or sellers of such businesses or assets. If the Company or its assets are sold to a third party, personal data will be transferred as part of the transaction. However, the Company will ensure to the best of its ability that the privacy of your personal data is maintained on an ongoing basis. Personal information may also be disclosed to law enforcement, regulatory, or other government agencies, or to other third parties, in each case to comply with legal or regulatory obligations or requests.

6. How long will we hold your information?

We will hold your information for the duration required to fulfil our contractual and statutory obligations. Where you would like your information to be deleted, please refer to section 8 below.

7. Transfers to Third Countries

Where personal data that is processed for the purposes of providing our services to you and where this requires the transfer of this data outside of the EEA . Where personal data is transferred outside of the EEA, your rights as a data subject are protected by data transfer mechanisms such as Standard Contractual Clauses and EU/US Privacy Shield.

8. Your Rights

You have a number of rights as a data subject which you may choose to exercise at any time by contacting us at dpo@hickeyspharmacies.ie.

i. Access to Personal Data

Where you wish to access a copy of your personal data held by us, you may do so by contacting us in writing and we will respond to this request in 30 days.

ii. Rectification or Erasure of Personal Data

Where you wish the data that we hold on you to be rectified, you have the right to request this in writing. Where you wish to exercise your right to have your personal data erased, we will do so without undue delay, subject to the exemptions provided for in Article 17(3) of the GDPR.

iii. Restriction of processing

You have the right to obtain restriction of processing of your personal data where you contest the accuracy of the data for a period allowing us to verify the accuracy of the data; where the processing is unlawful and you oppose the erasure of your data and request the restriction of its use instead; where we no longer need the data for the purposes for which it was collected but it is required by you for legal purposes; where you have objected to the processing pursuant to Article 21(1).

iv. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

9. Security

We use reasonable technical and organisational security measures to protect your data and to prevent the loss, misuse or unauthorised alteration of any data in our control and will use our reasonable endeavours to ensure that such information is kept as secure as possible.

10. Amendments of this Privacy Notice

This Privacy Statement may be updated to reflect changes in privacy legislation, and any changes to this Notice should be reviewed when accessing the website.

11. Third Party Sites

Where links to third party websites are provided, we do not accept any liability or responsibility for the content or security of these websites.

12. Governing Law and Jurisdiction

This notice and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.

PRIVACY POLICY - HICKEY'S PHARMACY APP

The Hickey’s Pharmacy App (“Application”) collects certain Personal Data from its Users.

Data Controller and Owner

Hickey’s Pharmacy Limited, whose registered office is Unit 3, Northwood Court, Santry Demesne, Dublin 9, is the Data Controller of any personal data you provide in the context of engaging our services.

We are committed to protecting your personal data in compliance with data protection principles and this privacy policy sets out why we require your personal data, how we process it in compliance with data protection legislation and what your rights are under the legislation.

Your rights as a Data Subject

A Data Subject is anyone who has shared data with us through our Application or otherwise. As a Data Subject you are entitled to the following rights regarding the information we hold about you:

i. Access to Personal Data Where you wish to access a copy of your personal data held by us, you may do so by contacting us in writing and we will respond to this request in 30 days.

ii. Rectification or Erasure of Personal Data Where you wish the data that we hold on you to be rectified, you have the right to request this in writing. Where you wish to exercise your right to have your personal data erased, we will do so without undue delay, subject to the exemptions provided for in Article 17(3) of the GDPR.

iii. Restriction of processing You have the right to obtain restriction of processing of your personal data where you contest the accuracy of the data for a period allowing us to verify the accuracy of the data; where the processing is unlawful and you oppose the erasure of your data and request the restriction of its use instead; where we no longer need the data for the purposes for which it was collected but it is required by you for legal purposes; where you have objected to the processing pursuant to Article 21(1).

iv. Right to Data Portability You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

v. Right to Object You have the right to object to the processing of your personal data where your data is processed on the basis of our legitimate interests.

vi. Right to Complain You also have the right to complain to the Data Protection Commission where you believe that your personal data has not been processed in compliance with this legislation. Should you wish to exercise any of your rights as a Data Subject, or make any enquiries regarding your data please contact: Stephen Butler, Finance Director Hickey’s Pharmacy Support Office, Unit 3 Northwood Court, Santry Demesne, Dublin 9 OR email stephen.butler@hickeyspharmacies.ie

Categories of Data collected

The types of Personal Data that this Application collects include: Name (including the name of the person you are collecting the prescription for), Address, Date of Birth, Contact phone number, Email address which we require for the purposes of verifying your identity when you download the app and to accurately register you on our database to keep a record of the prescriptions you purchase for the purposes of patient safety and where you select the option of having your prescription delivered to you. We store your email address and password for authentication purposes only.

We use your location data with your permission to show nearby pharmacies, however, we do not store your current location on our servers, and only store the address you provide for the regulatory purposes and for the purposes of fulfilling the order.

We access the camera and the photo gallery on your phone to send a photo of your prescription to the pharmacy. In respect of information collected on your medication, we store the drug name, strength and directions from you registered pharmacy in order for you to view this information from within the app.

We use your debit/credit card details to process your payment but do not store these details on our servers.

Cookie and Usage Data

Other Personal Data collected may be described by dedicated explanation text with the Data collection. The Personal Data may be freely provided by the User, or collected automatically with your permission when using this Application. Failure to provide certain Personal Data may make it impossible for this Application to provide its services.

We only use the information provided for the purposes of fulfilling the order and/or service requested by the User.

Legal Basis for Collecting Personal Data

We do not require information on your health status to use the app, however, from the prescriptions that you order from us, it may be possible to infer information relating to your health from this data, and therefore we may collect information classified as special categories of data as defined under Article 9 of the General Data Protection Regulation (GDPR) and by using this app and uploading prescriptions to it you provide us with your explicit consent to process this category of data on you. We rely on your consent i.e. Article 6(1)(a) to contact you through the app where the pharmacist may have a query in relation to the prescription you have submitted through the app and we also rely on Article 6(1)(b) to fulfil the payment transaction with you and for the purpose of running analytics on our sales and website to determine how we can optimise and improve the app for the benefit of its users.

Mode and place of processing the Data

Methods of processing

The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the Application (administration, marketing), or external parties (such as third party technical service providers, hosting provider, online payment provider) appointed, if necessary, as Data Processors. The updated list of these parties may be requested from the Data Controller at any time.

Place

The Data is processed at the Data Controller’s support office and in the pharmacy selected by the User as their preferred store.

Retention of Personal Data

Where you upload prescriptions to the app, whether on an ad hoc or repeated basis, we retain this information on the system for the purposes of ensuring we accurately dispense the repeat dosages and for the purposes of ensuring your safety and wellbeing as a patient.

We have a statutory basis for retaining this information in the interests of patient safety for a period of three years (five years in the case of unlicensed medicines) as we are obliged under Regulation 10 of the Medicinal Products (prescription and Control of Supply) Regulations 2003 (as amended) to retain prescriptions or duplicate copies of prescriptions on the pharmacy premises from the date of dispensing or in the case of repeat prescriptions from the last date of dispensing. We will therefore take a copy of the prescription when you arrive to collect the medicine and will retain this on our premises for the purposes specified.

The User can always request that the Data Controller suspend or remove the data from the Application. Disclosure of Personal Data

Your data will not be shared with any unauthorised third parties and will only be accessed in limited circumstances by the developers of the app with prior approval from Hickey’s Pharmacies and your explicit consent where their assistance is required with troubleshooting issues with the app. Where you avail of home delivery of your prescription, your name and address details will be shared with the courier company to fulfil the delivery. A data processing agreement has been put in place with this third party in their capacity as data processor of this data to ensure that they adequately protect your data and keep it confidential, safe and secure.

Where required by law to disclose this data to law enforcement authorities we are under a legal basis to do so.

Security

We have implemented appropriate security measures to protect your personal data against unauthorised access, alteration, destruction or disclosure including encryption using industry standard techniques and tokenisation to mask patient details stored on our servers. We use Sagepay to process payment details. Access to and management of data is limited to those staff members who have appropriate authorisation. Where data is stored in hard copy format, we have procedures in place and staff training to ensure that paper records are stored securely.

Unfortunately, no data transmission over the Internet or electronic storage system can be guaranteed as secure, however, we will ensure that the technical and organisational measures in place are regularly reviewed to ensure that they are up-to-date and functioning effectively.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller erase the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.

Last updated 28th September 2018