Our Privacy Notice
Privacy Notice – John Bell & Croyden
-
About Us.
johnbellcroyden.co.uk (the “Website”) is operated by John Bell & Croyden Limited (“we”, “us”, “our”), a company a company incorporated in England and Wales under company number 00228331 with registered address Merchants Warehouse, Castle Street, Manchester, England, M3 4LZ.We are a member of the Bestway Healthcare Group of companies (“Group”). When we say ‘Group’ in this notice, we mean other members of our group of companies, including trading and subsidiary companies of Bestway Panacea Holdings Ltd (an English and Welsh registered company with company number 09225479, registered address: Merchants Warehouse Castle Street, Castlefield, Manchester, M3 4LZ).
This Privacy Notice explains what information we collect about you, how we and our Group may use it, and the steps we take to ensure that it is kept secure. We also explain your rights and how to contact us.
Please note, our Website may contain links to other websites which are provided for your convenience. We are only responsible for the privacy practices and security of this Website. We recommend that you check the privacy and security policies and procedures of each and every other website that you visit.
You are permitted to establish a link to our Website from other sites provided that, if we believe it would damage us or any of our Group companies or a John Bell & Croyden Partner, you must remove the link immediately if we ask you to do so.
If you have any questions about this Privacy Notice, please contact our Data Protection Officer using dpo@well.co.uk
-
Changes to this Privacy Notice
We may amend this Privacy Notice at any time. Any changes we may make will be posted on this page, so please check back frequently for updates. Please be assured that, if there is a substantial change in the way we use your personal data, we will contact you directly. -
What is Personal and Special Category Data?
Personal data means any information relating to a person who can be identified either directly or indirectly by that information. It may include, but is not restricted to, name, address, email address, phone number, credit or debit card number, IP address, location data and purchase history.Special category data is personal data that may be more sensitive. In practice, this is likely to mean things like health, ethnicity, religious or political views and trade union membership details. John Bell & Croyden may process some health information about you, but this is only ever provided directly by you and for a specific purpose. Wherever this data is used, there are additional legal safeguards we must adhere to, which include:
- Establishing a legal basis to use this information, as well as an additional condition for our use.
- Depending on the condition selected to use this data, we may also be required to establish a further condition for use.
- Adhering to a specific ‘appropriate policy document’, which governs our compliance.
- Completing a data protection impact assessment to measure any risks to you, the data subject, as a result of the use of your data.
This is in addition to all other internal safeguards we take to protect your personal data.
-
The Personal Data We Collect.
We process personal data either directly or indirectly taken from you. The below provides some examples of situations where we directly and indirectly process your personal data, alongside the type of personal data this is likely to be.Information you directly provide to us
In order to provide the services you require you may provide us with:- health information related to a prescription or service we deliver in our pharmacy;
- written or verbal information by creating an account with us;
- answering questions;
- filling in forms on our Website;
- using applications;
- by corresponding with us by e-mail, telephone or otherwise;
- information you provide when you purchase products and/or services from us;
- reply to an email;
- enter a competition, promotion or survey; and
- when you report a problem with our Website.
This personal information may include:- your name;
- gender;
- date of birth;
- billing and delivery address
- orders, receipts
- e-mail address;
- telephone number; and
- financial and billing information (including your payment card information if you pay for any order by credit or debit card).
For your security, we will also keep an encrypted record of your login password.Information you indirectly provide to us
We may collect your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.We will also collect details of your interactions with us through our contact centres, in-store, online and when you use any of our mobile applications.
Should you visit us in store, your image may be recorded on CCTV. Clear and visible signs will be on the premises to advise you where CCTV monitoring is taking place. We may review CCTV footage for a number of reasons, for example, if there is reasonable suspicion of a criminal offence having been committed, or if we are required to do so by law.
All personal information, including where carts are abandoned and where personal information is obtained about you and/or any other person whose details you provide will be recorded, used, and protected by us in accordance with current data protection legislation, our Terms and Conditions and this Privacy Notice.
To deliver the best possible web experience, we collect technical information about your computer or device, internet connection and browser, as well as the country where your computer or device is located; your IP address, the pages viewed during your visit, the advertisements you clicked on, any search terms you may enter on our Website and other information about your visit and how you used our Website. Learn more about how we use cookies and similar technologies in our Cookie Policy. This information may be combined with other information you provide to us, as described above.
Information we receive from other sources
We also work closely with third parties (including, for example, business partners, service providers, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may be combined with other information you provide to us, in order to carry out a requested service, or to analyse how we might better deliver services to our customers.Information about other people
If you provide information to us about any person other than yourself, you confirm that you have made that person aware of how we may collect, use and disclose their information, the reason you have provided it, how they can contact us, the terms of this notice and that they have consented to such collection, use and disclosure. -
How We Will Use Your Information.
- To fulfil a prescription - we capture your name, address, date of birth, NHS number and the medication required (this includes the name of the medication and the dosage instructions) as detailed on the prescription. Capturing this information is necessary to provide the service to you. Additionally we would also capture the prescriber’s details.
- If you are a patient using our digital service for services such as repeat prescriptions, we will share your personal data with couriers to ensure the safe delivery of any medication. We also share your mobile number with couriers so they can keep you updated via SMS (or ‘text message’) on the status of your delivery. This service is optional and you can let us know at anytime if you would prefer not to receive these updates. You can do this using the contact information found in this policy section ‘How you can contact us’.
- To fulfil our contractual requirements with the NHS, we may need to share your personal data with your GP and others in the wider NHS, such as the NHS Business Services Authority, and sometimes Local Authorities to provide you with NHS or Local Authority funded services, to negotiate and check the accuracy of our payments with the NHS or Local Authorities and to ensure that we maintain appropriate professional and service standards and that your declarations and ours are accurate. This may be necessary to perform the service and a legal requirement.
- To deliver our health services - we may need to understand wider information about your health & wellbeing, including any family history of medical conditions.
- To create and maintain your customer account once you become a registered customer;
- To process and fulfil any orders that you place with us (through our Website, our mobile applications or in-store). If we don’t collect your personal data during checkout, we won’t be able to process your order; To continuously improve our service to our customers by monitoring telephone calls which we receive at our branches and call centres for the purposes of staff training, quality control, service improvement and regulatory requirements;
- To respond to your queries, refund requests and complaints. Handling the information you submit to us enables us to respond effectively. We may also keep a record of these queries to inform any future communications between us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations, and our legitimate interests in providing you with the best service;
- We may (where you consent) use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone and through our contact centres about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. Of course, you are free to opt out of hearing from us by any of these channels at any time;
- To allow you to participate in interactive features of our services, when you choose to do so;
- To resolve any disputes, if you lawfully exercise your rights or if you wish to dispute any part of our service offering;
- To process your booking and/or appointment requests (for example, when using our in-store services booking form);
- To communicate with you in the event that any services requested are unavailable or if there is a query or problem with your order;
- To capture your product reviews, for example when you buy goods and services from us we may follow it up with an enquiry about your experience of the product to help us gauge customer satisfaction. You are not obligated to leave reviews and ratings but this facility would enable you to get your views of the product across should you wish to do so;
- To notify you about changes to our services and to send you service emails relating to the activities you have asked us to undertake on your behalf;
- As part of our efforts to keep our Website safe and secure; and
- To comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
-
Lawful Basis to Process Personal Data.
To process your data lawfully we need to rely on one or more valid legal grounds. The grounds we may rely upon for the processing of your Personal Data include:- your consent to processing activities. For example, where you have consented to us using your information for electronic marketing purposes;
- your request for content, products or services necessitating steps including processing of your personal data to be taken prior to entering into contract with you and any processing that is necessary for the performance of such contract;
- public interest grounds, with a legal basis underpinning such processing of your personal data;
- protecting your vital interests, for example, where the processing of your personal data is absolutely necessary to protect your life;
- legitimate interests we pursue as a business, except where such interests are overridden by your interests and fundamental rights; and
- compliance with any legal obligation to which we are subject, for example, the processing for the purposes of complying with applicable law.
-
Disclosure of Your Personal Data.
There are circumstances where we wish to disclose, or are compelled by law to disclose, your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios may include:- our subsidiaries, branches or associated offices;
- our Group companies who may contact you by email, phone or post about other products and services (including those from other organisations) in which you may be interested (where you have consented to such communication);
- manufacturers, including those identified on our Website, who have a relationship or contract with you for the purposes of providing rebates on the Goods you buy from our managed stocks;
- our outsourced service providers or suppliers to facilitate the provision of our products and/or services to you, for example:
- our panel of medical experts, printing companies and mailing houses;
- manufacturers of the Goods in the efforts to understand customer preferences, ensure satisfactory stock levels, to improve products and services and to calculate any volume discounts or rebates which may be applicable to your account;
- our data centre provider for the safe keeping of your personal data, webhosting provider through which your personal data may be collected; and
- identity verification partners in order to verify your identity against public databases, where there is a regulatory need to do so;
In these circumstances, we will ensure that your personal data is properly protected and that it is only used in accordance with this Privacy Notice and your wishes;
- our nominated third party credit agencies to derive a credit score which will be applied to managing your account. We may also carry out credit checks with licensed credit agencies on your guarantors (if applicable). A record of the search may be kept by us and the agencies;
- buying groups of which you are a member, in order to communicate with them on the orders you have placed;
- our advertising partners who enable us to deliver personalised ads to your devices or similar advertising;
- subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, you may unsubscribe by clicking “unsubscribe” in the message concerned, or by letting us know through any other channel;
- analytics and search engine providers that assist us in the improvement and optimisation of our Website. Your personal data is generally shared in a form that does not directly identify you;
- third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;
- public authorities where we are required by law to do so;
- if required, in order to receive legal advice; and
- any other third party where you have provided your consent.
-
Offers and Opportunities – Direct Marketing.
We would like to contact you and/or any person whose information you provide to us, to tell you and/or them about offers and opportunities that are available and about a range of other initiatives in a number of ways, including by post, telephone, text/picture/video message or by email.Details of how to opt-in to receiving details of offers are on relevant pages of our Website. You can change your mind at any time (see the section "How to Contact Us" below).
-
Security.
We take the security of personal information very seriously. We employ security technology, including firewalls and Secure Socket Layers, to safeguard information and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.
-
Updating and Correcting Information.
We encourage you to promptly update your personal information if it changes. If you are providing updates or corrections about another person, we may require you to provide us with proof that you are authorised to provide that information to us.You may be able to update or correct your personal information online in the “My Account” area, or by contacting us in writing or by email (see the section "How to Contact Us" below). Please include your name, address and/or email address when you contact us, as this helps us to ensure that we accept amendments only from the correct person.
-
International Transfers of Personal Data.
We may transfer your personal data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out in this privacy notice. In particular, your personal data may be transferred throughout our Group and to our outsourced service providers located outside the European Economic Area. In these circumstances we will, as required by data protection laws, ensure that the receiving country provides adequate protection for individuals’ rights and freedoms related to their personal data. Where adequate protection cannot be guaranteed by the country, we will ensure essential safeguards are in place before any restricted transfer.
-
Retention of Personal Data.
We will retain your personal data for as long as we are legally or contractually required to do so, or for a period which is justifiable to meet our business needs. The exact retention period varies depending on the type of information and purpose for use.We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
-
Your Information Rights.
Under data protection laws, you have the following rights:
- Right of Access (typically called a “Subject Access Request” or “SAR"): you have the right to know how we process your personal data (as explained in this notice) and also a right to receive a free copy of your personal data.
- Right to Rectification: you can ask us to change or complete any inaccurate or incomplete personal data held about you.
- Right to Object: you have the right to object, in certain circumstances, to us processing your personal data. For example, you can object to us sending you marketing material, or using your personal data to create a profile about you that is related to direct marketing.
- Right to Erasure: in certain circumstances, you can ask us to delete your personal data. For example, where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis to keep it.
- Right to Portability: you have the right to ask us to send a copy of certain elements of your personal data (predominantly information you have shared directly with us) to another company.
- Right to Restrict Processing: you can ask us to restrict the personal data we use about you where you have asked for it to be erased (and the erasure has not taken place, or we were unable to erase the data when we should have) or where you have objected to our use of it.
It is free to exercise your privacy rights and we will respond to any request as quickly as we can. Under current data protection law, we have 30 days to respond to any request, unless an exemption applies. We will contact you as soon as we can where we are applying an exemption, which may extend the time we have to process your request.
To make a subject access request, or to exercise any other data subject rights, please navigate to ‘How to Contact Us’ for more information.
-
Changes to Data Protection Laws and Our Policies.
Privacy laws and practice are constantly developing, and we aim to continue to meet high compliance standards. Our policies and procedures are, therefore, under continual review. We may, from time to time, update our security and privacy policies and suggest that you check this page periodically to review our latest policies and notices.
-
Freedom of Information.
Anyone can make a request for information under the Freedom of information Act 2000 about public services. When we receive a request in writing we will:- tell you whether we hold any information that falls within the scope of your request; and
- provide that information, normally within 20 working days.
We may charge you for any costs incurred.
If you are unhappy with the response you receive then you can contact us again to request we review this.
Model Publication scheme for England, Wales and Northern Ireland (PDF, 203KB)
Guide to Information Available Through the Model Information Scheme
-
In common with many other website operators, we may use standard technology called 'cookies' on this site. Cookies are small pieces of information that are stored by your browser on your computer's hard drive and they are used to record how you navigate this website on each visit. You can review our cookie statement here.
-
Internet Protocol (IP) Addresses.
When you visit our Website, we log your IP address (the unique address which identifies your computer on the internet). We use IP addresses to collect broad geographic information on our Site visitors, and to optimise our Website. We do not link IP addresses to personally identifiable information.
-
How to Contact Us.
You can make a complaint about how we have used your personal data, or ask us a general question, by contacting our Data Protection Officer at dpo@well.co.uk. You can also write to us at:Data Protection Officer (Bestway Healthcare Legal Team)
Merchants Warehouse
21 Castle Street
Manchester
M3 4LZFinally, you are entitled to complain to the UK’s data protection supervisory authority – which is the Information Commissioner's Office (“ICO”). You can find out more information about how to contact the ICO using the following link: https://ico.org.uk/global/contact-us/contact-us-public/
Alternatively, the ICO can be reached here:
Tel: 0303 123 1113Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AFVersion 1.2
Updated 08 July 2024.