Coda Pharmacy Privacy Policy
This website (https://www.codapharmacy.co.uk) is wholly owned and operated by Coda Health Limited (company registration - 13866559)
We take your privacy and the security of your personal and medical information very seriously. Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.
This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from www.codapharmacy.co.uk (the “Site”).
We have appointed a Data Protection Officer to oversee our handling of personal data. You may contact the Data Protection Officer by email at info@codapharmacy.co.uk, by phone at 01323 924038, or in writing at our head office address above.
If you have any questions about our privacy policy or our approach to data protection and privacy, please contact our Data Protection Officer.
We may collect and use the following personal information about you:
your name and contact information, including postal address, email address and telephone number;
information to enable us to check and verify your identity, e.g. your date of birth, scanned images of your exemption certificates, driving licence or passport;
your gender information;
your NHS number;
information about your medicines, and the medicines you have been prescribed currently and in the past;
your billing information, transaction and payment card information;
your contact history, purchase history and saved items;
information about how you use our website, information technology (IT), communication and other systems; and
your responses to surveys, competitions and promotions.
Personal information is required to provide our services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing services to you.
We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website and apps. However, we may also collect information:
from a third party with your consent, e.g. your General Practitioner, NHS login or the NHS Spine system, which is the main database of your medical history with the NHS;
from cookies on our website - for more information on our use of cookies, please see our https://www.codapharmacy.co.uk/cookie-policy
via our IT systems, e.g. automated monitoring of our websites and other technical systems, such as our computer networks and connections.
In general, we only collect your information to provide you with our services – to help you order and keep track of your prescriptions and to dispense your prescriptions. We take our data protection responsibilities very seriously and will only process your information where we have a lawful basis for doing so. This will be the case if:
- You have given us your consent to process the data.
- We need to process the data to perform our contractual obligations or to take steps to enter a contract (for example, we need certain contact details and details of your prescription in order to provide the service to you).
- We have to process your information to meet our legal obligations as a data controller (such as VAT and tax accounting rules).
- We have a legitimate interest in processing your data (this includes things like improving our service by collecting behavioural information to see what actions are taken within the app, auditing and investigation of any issues).
We collect and process your information for a variety of purposes, but our main purpose is to provide the services you request. These include:
- Storing your data in databases so that we can create and maintain your account.
- Verifying your identity so that we can complete your registration
- Communicating with GP surgeries and internally so that your orders can be processed and your prescriptions dispensed.
- Auditing and analysis of your data, in particular to help us respond to issues and improve our services.
- Managing returns and confidential waste.
- Communicating to you via in-app messaging services and logging these communications to ensure we give you the best customer experience.
- Communicating to you via email, push alerts and in-app notifications so that you are fully updated with the progress of your order and any related communications.
- On the rare occasion, we may need to contact you; this would only be in relation to your order, a query you have raised.
- we process your data not only to provide you with our direct services but also to facilitate a cohesive and enhanced service experience across the pharmacy group. This involves working collaboratively within the group to improve prescription services, streamline our operations, and deliver a seamless patient experience in line with our unified brand strategy. This may include sharing your data within the group entities where necessary to fulfil our service commitments to you and to realise our goal of continuous service improvement. All such processing is grounded in our legitimate interest to optimise our service delivery and in some cases may be based on your consent or as part of our contractual obligation to you.
By using our service, you acknowledge and agree to the terms outlined in our Privacy Notice. This agreement is effective from registration
"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
We will collect information about your health, including any medical condition, medication or health and/or sickness records. This data is special category data.
Special protection is given to this special category of personal data. We use this special category personal data primarily to comply with our legal obligations (including verifying your identity and ensuring that the correct medicines are dispensed to you).
We handle your special category data with extra care. For example, we will not provide special category data to our delivery drivers.
NHS Login is an identity verification service provided by the NHS. As a patient, you are able to use it to login to Coda Pharmacy. If you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provide to NHS England to get an NHS account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS England’s Privacy Notice and Terms and Conditions, please click here.
This restriction does not apply to the personal information you provide to us separately. We also collect the following information:
- Your GP’s address - if you choose to turn on your location, location information from your phone will be used to make it easier for you to search for your GP and automatically populate address fields in the app. If you do not choose to turn on your location, you are able to enter your GP address manually.
- Behavioural data - such as when you accessed LloydsDirect and what actions you took within the app. This is to continually improve our service for our users.
- Technical information - such as glitches and crash data so we can understand when things break and improve the service.
Weblink to use for the above 'click here' text: https://access.login.nhs.uk/terms-and-conditions
For NHS England partners: confirm you have updated your Privacy Notice with the following text:
""You can access [name of service] [on the NHS App / NHS website / service webpage URL – amend or delete as required] using your NHS login details.
If you sign in using NHS login, we will ask your permission to share your NHS login information with our service. This allows us to fill in some personal details for you, such as [your name, date of birth and contact details – amend or delete as required].
We will not use your NHS login information for any other purposes. You can only share your NHS login information if you have proved your identity to NHS login.
We share your Personal Information with third parties to help us use your Personal Information, as described above. We use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
The UK’s data protection laws provide you with certain rights: the right to request access to, rectification or erasure and portability of information relating to you as well as the right to request the restriction of our processing/use of information concerning you and the right to object to our processing in certain circumstances. You have the right to withdraw consent at any time for processing that is based on your consent and to information about how we are using information relating to you. You may lodge a complaint about us with the Information Commissioner’s Office (www.ico.org.uk)
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@codapharmacy.co.uk or by mail using the details provided below:
Coda Pharmacy, Unit 15 Westham Business park, Pevensey, BN24 5NP
Coda Health Ltd
Pharmacy Address : Unit 15, Westham Business Park, Pevensey, East Sussex, BN24 5NP
GPhC Number: 9011985
Company registered in England: 13866559
Registered office: 37 Warren Street, London, W1T 6AD
Superintendent pharmacist: Christopher Trinh
GPhC number: 2212062
