The Hickey’s Pharmacy App ("Application") collects certain Personal Data from its Users.
You will not impersonate any person.
Hickey’s Pharmacy Limited, whose registered office is Unit 3, Northwood Court, Santry Demesne, Dublin 9, is the Data Controller of any personal data you provide in the context of engaging our services.
We are committed to protecting your personal data in compliance with data protection principles and this privacy policy sets out why we require your data, how we process it in compliance with data protection legislation and what your rights are under the legislation.
Your rights as a Data Subject
A Data Subject is anyone who has shared data with us through our Application or otherwise. As a Data Subject you are entitled to the following rights regarding the information we hold about you:
i. Access to Personal Data
Where you wish to access a copy of your personal data held by us, you may do so by contacting us in writing and we will respond to this request in 30 days.
ii. Rectification or Erasure of Personal Data
Where you wish the data that we hold on you to be rectified, you have the right to request this in writing. Where you wish to exercise your right to have your personal data erased, we will do so without undue delay, subject to the exemptions provided for in Article 17(3) of the GDPR.
iii. Restriction of processing
You have the right to obtain restriction of processing of your personal data where you contest the accuracy of the data for a period allowing us to verify the accuracy of the data; where the processing is unlawful and you oppose the erasure of your data and request the restriction of its use instead; where we no longer need the data for the purposes for which it was collected but it is required by you for legal purposes; where you have objected to the processing pursuant to Article 21(1).
iv. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
v. Right to Object
You have the right to object to the processing of your personal data where your data is processed on the basis of our legitimate interests.
vi. Right to Complain
You also have the right to complain to the Data Protection Commission where you believe that your personal data has not been processed in compliance with this legislation.
Should you wish to exercise any of your rights as a Data Subject, or make any enquiries regarding your data please contact:
Christine Byrne, Data Protection Officer, Hickey’s Pharmacy Support Office, Unit 3 Northwood Court, Santry Demesne, Dublin 9 OR email dpo@hickeyspharmacies.ie
Categories of Data collected
The types of Personal Data that this Application collects include: Name (including the name of the person you are collecting the prescription for), Address, Date of Birth, Contact phone number, Email address which we require for the purposes of verifying your identity when you download the app and to accurately register you on our database to keep a record of the prescriptions you purchase for the purposes of patient safety and where you select the option of having your prescription delivered to you. We store your email address and password for authentication purposes only.
We use your location data with your permission to show nearby pharmacies, however, we do not store your current location on our servers, and only store the address you provide for the regulatory purposes and for the purposes of fulfilling the order.
We access the camera and the photo gallery on your phone to send a photo of your prescription to the pharmacy.
In respect of information collected on your medication, we store the drug name, strength and directions from you registered pharmacy in order for you to view this information from within the app.
We use your debit/credit card details to process your payment but do not store these details on our servers.
Usage Data. Other Personal Data collected may be described by dedicated explanation text with the Data collection. The Personal Data may be freely provided by the User, or collected automatically with your permission when using this Application. Failure to provide certain Personal Data may make it impossible for this Application to provide its services.
We only use the information provided for the purposes of fulfilling the order and/or service requested by the User.
Legal Basis for Collecting Personal Data
We do not require information on your health status to use the app, however, from the prescriptions that you order from us, it may be possible to infer information relating to your health from this data, and therefore we may collect information classified as special categories of data as defined under Article 9 of the General Data Protection Regulation (GDPR) and by using this app and uploading prescriptions to it you provide us with your explicit consent to process this category of data on you. We rely on your consent i.e. Article 6(1)(a) to contact you through the app where the pharmacist may have a query in relation to the prescription you have submitted through the app and we also rely on Article 6(1)(b) to fulfil the payment transaction with you and for the purpose of running analytics on our sales and website to determine how we can optimise and improve the app for the benefit of its users.
Mode and place of processing the Data
Methods of processing
The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the Application (administration, marketing), or external parties (such as third party technical service providers, hosting provider, online payment provider) appointed, if necessary, as Data Processors. The updated list of these parties may be requested from the Data Controller at any time.
Place
The Data is processed at the Data Controller’s support office and in the pharmacy selected by the User as their preferred store.
Retention of Personal Data
Where you upload prescriptions to the app, whether on an ad hoc or repeated basis, we retain this information on the system for the purposes of ensuring we accurately dispense the repeat dosages and for the purposes of ensuring your safety and wellbeing as a patient.
We have a statutory basis for retaining this information in the interests of patient safety for a period of three years (five years in the case of unlicensed medicines) as we are obliged under Regulation 10 of the Medicinal Products (prescription and Control of Supply) Regulations 2003 (as amended) to retain prescriptions or duplicate copies of prescriptions on the pharmacy premises from the date of dispensing or in the case of repeat prescriptions from the last date of dispensing. We will therefore take a copy of the prescription when you arrive to collect the medicine and will retain this on our premises for the purposes specified.
The User can always request that the Data Controller suspend or remove the data from the Application.
Disclosure of Personal Data
Your data will not be shared with any unauthorised third parties and will only be accessed in limited circumstances by the developers of the app with prior approval from Hickey’s Pharmacy and your explicit consent where their assistance is required with troubleshooting issues with the app. A data processing agreement has been put in place with this third party in their capacity as data processor of this data to ensure that they adequately protect your data and keep it confidential, safe and secure.
Where required by law to disclose this data to law enforcement authorities we are under a legal basis to do so.
Security
We have implemented appropriate security measures to protect your personal data against unauthorised access, alteration, destruction or disclosure including encryption using industry standard techniques and tokenisation to mask patient details stored on our servers. We use SagePay to process payment details. Access to and management of data is limited to those staff members who have appropriate authorisation. Where data is stored in hard copy format, we have procedures in place and staff training to ensure that paper records are stored securely.
Unfortunately, no data transmission over the Internet or electronic storage system can be guaranteed as secure, however, we will ensure that the technical and organisational measures in place are regularly reviewed to ensure that they are up-to-date and functioning effectively.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller erase the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.