Privacy Notice

Nelsons

Privacy Notice

 

We want you to feel comfortable using our website (our site) without having to worry about your privacy. We understand that you may have concerns over what data we collect about you and the purposes for which we use it. At Nelsons, we are deeply committed to protecting your privacy, which is why we have set out this privacy policy describing the information we collect and what may happen to that information. By doing this we hope to address any concerns you may have about sending us your personal details.

 

Topic

KEY SUMMARY

ABOUT US AND THIS NOTICE

USEFUL WORDS AND PHRASES

WHAT INFORMATION DO WE COLLECT?

WHY DO WE PROCESS YOUR PERSONAL DATA?

HOW IS PROCESSING YOUR DATA LAWFUL? 

WHEN WILL WE DELETE YOUR DATA? 

WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?

YOUR RIGHTS

 

 

 

KEY SUMMARY

We take great care of your (or your family’s) health details, if you provide us with this information. In case you have any concerns, please be aware that if you send us sensitive information by any of our social media channels (like twitter, facebook or instagram), we cannot guarantee they will keep your personal data as secure as we do. Instead, we recommend you to contact us by email at dataprotectionofficer@nelsons.net.

We use cookies to collect statistical data which helps us to understand clients' needs and provide a better service. Please see our cookies policy for more information.

We process your personal information to:

  • Provide you with information, products or services that you request from us;
  • Carry out our obligations arising from any contracts entered into between you and us;
  • Send you information about our products or services that we believe it will be of your interest, if you consent to us doing so;
  • Allow you to participate in interactive features of our service, when you choose to do so;
  • Deal with a competition or prize draw you have entered into;
  • Carry out research if you have responded to one of our surveys;
  • Ensure that content from our site is presented in  the most effective manner for you and for your computer
  • To generate public relations, if you are a journalist or social media influencer;
  • To notify you about changes to our service; and
  • To comply with a legal or regulatory obligation.

 

This notice explains in detail what data we process, why, how it is legal and your rights.

 

 

ABOUT US and THIS NOTICE

This Privacy Notice is provided by Nelsons, which is a trading name of A Nelson & Co Limited (" or "we" or "us"). A company incorporated in England under number 248979 with registered office at Nelsons House, 83 Parkside, Wimbledon, London, SW19 5LP, who is a 'controller' for the purposes of the General Data Protection Regulation (EU) 2016/679.This Privacy Notice applies to website users, customers, Nelsons' patients, suppliers, participants who enter into competitions or respond to surveys, journalists and social influencers.

We are responsible for looking after the personal data you give to us, and take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

How to contact us

If you need to contact us about this Privacy Notice, please use the details below:

  • Our Data Protection Officer is currently Olivia Blackwood
  • Address:Nelsons House, 83 Parkside, Wimbledon, London, SW19 5LP
  • Telephone number:+44(0)20 8780 4200
  • Email:dataprotectionofficer@nelsons.net 

If you would like this Privacy Notice in another format (for example:audio, large print, braille), please contact us.

Changes to this Privacy Notice

The Privacy Notice will be provided to you when you provide personal data to us for any reason and the latest version can always be found in our website footer.

We may change this Privacy Notice from time to time. We will alert you by posting a notice on our website when changes are made.

Current version:02 July 2018

 

 

 

USEFUL WORDS AND PHRASES

Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Term

Definition

controller

This means any person who determines the purposes for which, and the manner in which, any personal data is processed.

criminal offence data

This means any information relating to criminal convictions and offences committed or allegedly committed.

Data Protection Laws

This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679 and any other national laws implementing that Regulation or related to data protection.

data subject      

The person to whom the personal data relates.

ICO

This means the UK Information Commissioner's Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws.

personal data

This means any information from which a living individual can be identified. 

This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings.  It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions).

It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.

processing

This covers virtually anything anyone can do with personal data, including:

  • obtaining, recording, retrieving, consulting or holding it;
  • organising, adapting or altering it;
  • disclosing, disseminating or otherwise making it available; and
  • aligning, blocking, erasing or destroying it.

processor

This means any person who processes the personal data on behalf of the controller.

special categories of data

This means any information relating to:

  • racial or ethnic origin;
  • political opinions;
  • religious beliefs or beliefs of a similar nature;
  • trade union membership;
  • physical or mental health or condition;
  • sexual life; or
  • genetic data or biometric data for the purpose of uniquely identifying you.

"You"

a living individual including users and people (and any other relevant person to whom this privacy policy applies) whom the personal data is processed.

 

 

 

 

WHAT PERSONAL DATA DO WE COLLECT?

 

  • Information provided by you

We collect the following information from you:

Personal data

Special categories of data

When purchasing our products,  submitting a product review or subscribing to our mailing list we will collect the following:Name, address, the products you order, credit card details, payment and sales history, e-mail address, telephone number, and if relevant fax number.

If you are a journalists/social influencer, in addition we process your place of work, interests, online presence, social media managers.

We also collect details of your visits to our site, including traffic data, location data, weblogs and other communication data when necessary to provide you with a service.

We use cookies to collect statistical data, for example IP addresses of those who visit our website. Please see our cookies policy for more information.

When contacting us regarding any of our products, if necessary to provide you with the service you are requesting, we will collect:data related to your health conditions, including medical records and prescriptions.

 

 

We will process the information you provide to us when you contact us for any reason, register to use our site, place an order, subscribe to any of our services, post material, request further services and if you enter a competition or promotion sponsored by us, decide to respond to a surveyor report a problem with our site.

  • Personal information provided by third parties

All the information we process about you has been provided by you, or a member of your family acting on your behalf. We do not receive personal information about you from third parties.

If you are a journalist, or a social influencer, we do collect data from third parties such as Meltwater and Sprinklr who will provide us public available information about you.

  • Personal information about other individuals

If you provide us with information about other individuals (e.g. your next of kin), you confirm that you have informed the relevant individuals accordingly.

 

 

WHY DO WE PROCESS YOUR PERSONAL DATA?

We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail).

  • Provide you with information, products or services that you request from us;
  • Carry out our obligations arising from any contracts entered into between you and us;
  • Send you information about our products or services that we believe it will be of your interest, if you consent us to do so;
  • Allow you to participate in interactive features of our service, when you choose to do so;
  • Deal with a competition or prize draw you have entered into;
  • Carry out research if you have responded to one of our surveys;
  • Ensure that content from our site is presented in the most effective manner for you and for your computer;
  • To generate public relations, if you are a journalist or social media influencer;
  • To notify you about changes to our service; and
  • To comply with a legal or regulatory obligation.

We also use cookies to understand the performance of our website, or for research or statistical purposes. Please see our cookies policy for more information.

We will also provide members of our group and any associated companies and marketing partners with aggregate information about our users (for example, we will inform them that 500 men aged under 30 have clicked on a particular link on any given day). We will also use such aggregate information to help members of our group, associated companies and marketing partners reach the kind of audience they want to target (for example, women in SW1).

 

 

HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?

Personal data

We are allowed to process your personal data for the following reasons and on the following legal bases:

 

  • Legitimate Interests

We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of Nelsons. We have a legitimate interest in carrying our marketing activities and we will only do so if you consent or in certain circumstances permitted by law according to your expectations. 

Personal data

Legitimate Interests

Analytic data

We have an interest in understanding the performance of our website, to improve the way it is presented and improve customers' services managed through the website.

Analytic data

We have an interest in gaining a better knowledge on our customers' interests so we can display targeted advertising.  

 

You can object to processing that we carry out on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.

  • Contract

It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.

 

  • Legal obligation

We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of Nelsons. We have a legitimate interest in carrying out marketing activities and we will only do so if you consent or in certain circumstances permitted by law accordingto your expectations.

 

  • Consent

Sometimes we want to use your personal data in a way that is entirely optional for you, such as to send you our promotions and news. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.

Special categories of data

We are allowed to process your special categories of personal data for the following reasons and on the following legal basis:

  • Data manifestly made public

Although this sounds like your data is "in the public domain", it does not mean such thing. When you voluntarily provide Nelsons with data related to your (or those who are under your care) health, in order for us to deal with your concerns or enquiries, as you are providing this information to those professionals/ employees/ members of our organisation who needs to deal with your enquiry (as opposed to a singular person who is under a duty of secrecy, for example a doctor). If you do so, it is considered that you are making this data sufficiently public in a way that you allow us to deal with your enquiry. Of course we will keep such data secure and the data will only be processed by the departments who need to know, in order to deal with your request.

 

  • Health care services

If we need to process your data to provide you with health care services, pursuant to a contract with one of our health professionals, who, according to law, is subject to a duty of secrecy.

 

  • Consent

You have given your explicit consent for us to process your (or those who are under your care) health conditions' data to provide you with a service. You can withdraw this consent at any time.

 

  • Legal claims

We need to process your personal data if, we are required to process your personal data to defend or establish a legal claim.

 

 

 

WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?

The table below lists some of our key service providers that act as our processors who, if necessary, will have access to your personal data. If you would like to know the names of our other service providers (e.g. IT service providers), please contact us using the details at the start of this Privacy Notice.

Who information is shared with:processors

Birchman provides enterprise resource planning system support on behalf of A Nelson & Co Limited.

Sage Pay provides secure payments for online purchases.

Gravit-e Centric Limited hosts the website:www.nelsonspharmacy.com.

Mailchimp as a data processor for the Nelsons' Pharmacy newsletter

EposNow provide till system services

Retail Merchant Service provide Payment System and Payment Clearance services

 

In addition, we share your personal data with the following entities who act as separate controllers of your personal data, for example, to any member of our group (our subsidiaries or ultimate holding company and its subsidiaries), and to associated companies and marketing partners.

 

We will need to disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we would disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

 

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • We will also share your personal data with the police, other law enforcements or regulators where we are required by law to do so.

 

Who information is shared with:controllers

Freelancers operating our social media accounts

Analytics agencies like Anders Analytics, Google analytics, Facebook analytics and 7stars.

Independent practitioners offer a range of therapies at Nelsons’ London Pharmacy and are responsible for the processing of a patient/ customer’s personal data from the moment the patient/ customer has been in contract with the independent practitioner.

 

 

Transfers of your personal data outside the EEA

The data that we collect from you will be transferred to, and stored at, a destination outside the European Economic Area ("EEA"):

  • when it is necessary to be processed by staff operating outside the EEA who work for us,
  • because we have suppliers who are multinational companies, or are located out of the EEA, or have staff working from different locations.

This is mainly because they are engaged in the fulfilment of your order, the processing of your payment details and the provision of support services.

 

In most of the cases we have agreements in place which are approved by the European Commission, to ensure your data is treated in the same way than we do. In any case, any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms. If you want to know more about how data is transferred, please contact us using the details in the section above.

 

How we keep your personal data secure

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.

For example:

  • all information you provide to us is stored on secure servers;
  • any payment transactions will be encrypted using SSL technology;
  • we use encryption to protect your data from unlawful access.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

 

WHEN WILL WE DELETE YOUR DATA?

 

Our main rule is not to keep your data for longer than we need to in order to meet all the purposes we included in the section "Why do we process your personal data?”.

For example, if you buy our products on line, we will keep your data for the time we need it to place the order and deliver them; then, we will keep that data if we need it to comply with a legal obligation, or for research or statistics purposes, but if we do not need all the data you provided then, we will delete the remaining data. For most of the purposes and legal obligations we have stated a retention period of 7 years.

 

In general, we have set out that the following categories of personal data and special categories of data will be kept for the following periods.

Personal data/Special categories of data

Retention period

Contact details of users

As long as it is required by law

Contact details of customers/patient

As long as it is required by law

Medical records

As long as it is required by law

Card, payment details of customers

6 years, plus current financial year

 

 

 

YOUR RIGHTS

As a data subject, you have the following rights under the Data Protection Laws:

  • the right to object to processing of your personal data;
  • the right of access to personal data relating to you (known as data subject access request);
  • the right to correct any mistakes in your information;
  • the right to ask us to stop contacting you with direct marketing;
  • the right to prevent your personal data being processed;
  • the right to have your personal data ported to another controller;
  • the right to withdraw your consent;
  • the right to erasure; and
  • rights in relation to automated decision making.

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see "How to contact us").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

  • Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed "How is processing your personal data lawful".

 

  • Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data;
  • details of the purpose for which the personal data is being or is to be processed;
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
  • the period for which the personal data is held (or the criteria we use to determine how long it is held);
  • any information available about the source of that data; and
  • whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

 

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

 

  • Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

  • Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
  • the processing is unlawful but you do not want us to erase your data;
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.

 

  • Right to data portability

You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

 

  • Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.

 

  • Right to erasure

You can ask us to erase your personal data where:

  • you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • your data has been processed unlawfully or have not been erased when it should have been.

 

  • Rights in relation to automated decision making

You have the right to have any decision that has been made by automated means and which has a significant effect on you reviewed by a member of staff and we will consider any objections you have to the decision that was reached.

What will happen if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on his website at www.ico.org.uk.

 

Cookie Preferences

More Options
Accept and Continue

Essential Cookies

these are cookies that are either:

  • used solely to carry out or facilitate the transmission of communications over a network; or
  • strictly necessary to provide an online service (e.g. our website or a service on our website) which you have requested.

Google Analytics tracking

Facebook Analytics tracking

Back
Save and Continue