- About us
- What is personal data?
- The information we collect
- Information about other people
- How we will use your information
- Lawful grounds for processing
- Disclosing your personal information
- Offers and opportunities
- Use of your information within the European Economic Area
- Changes to the privacy laws and policies
- Updating and correcting information
- Retention of Personal Data
- Your rights
- Right to make subject access request (SAR)
- Right to rectification
- Right to erasure
- Your right to log a complaint with the supervisory authority
- How to contact us
We are Expert Health Limited, trading as LloydsPharmacy Online Doctor, a member of the Admenta Group of companies.
At LloydsPharmacy Online Doctor, we believe in giving our patients the best possible care, which includes taking care of your privacy so that you feel you can trust us and have confidence in the way we handle your information.
Our privacy notice tells you what personal data we collect and why; explains your rights; the types of data we might share about you and how we keep your information secure.
To help you understand how we treat your personal data, please read the following notice carefully.
If you have any questions about our service, you can contact our patient advisory team on: 02079899888.
We encourage you to only use this service if you are completely happy with the service we offer, and the practices outlined in this notice.
Please note, this website may contain links to other websites which are provided for your convenience. We are only responsible for the privacy practices and security of this site. We recommend that you check the privacy and security notices/procedures of every website that you visit.
What is personal data?
Personal data is any information that is related to a person that can be either directly or indirectly identified.
The information we collect
At the point of registration and communication we will collect personal information about you (both written and verbal) to provide you with the services you require.
This may include:
- Your name
- Phone number
And other details relevant to the service(s) that are of interest to you.
We may also collect sensitive personal data concerning health matters from, or about you if you register for the service.
We may supplement the information that you provide gathered from our communications with you or which we receive from other organisations, such as other companies in our group.
Information about other people
If you provide information to us about any person other than yourself, you must ensure that they understand how their information will be used and that you are authorised to disclose it to us, and consent to its use on their behalf, before doing so.
Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and are used to record how you navigate this website on each visit. In common with many other website operators, we may use standard technology called 'cookies' on this site.
How we will use your information
All personal information that we obtain about you and/or any other person whose details you provide will be recorded, used, and protected by us in accordance with current data protection legislation, our Terms and Conditions and this Privacy Notice.
We will primarily use the personal information:
- to create and maintain your patient record once you have registered.
- to verify your identity including against public databases via our Identification Verification partners.
- to provide and follow up the services you request from us and to request feedback.
- to respond to any queries, refund requests or complaints. We keep a record of these queries to demonstrate how we communicated with you throughout. We do this based on our contractual obligations, legal obligations, and our legitimate interests as business in providing you with the best service.
- to communicate with you if any services requested are unavailable or if there is a query or problem with your order for record keeping purposes.
- to carry out market research so that we can improve the services we offer (where you consent).
- we may (where you consent) use your personal data, preferences and details of your transactions to keep you informed by email, web/social media, text and telephone. We also include relevant products and services including special offers, discounts, promotions, events, surveys and competitions tailored to you.
You can opt out of hearing from us about these at any time.
- to continuously improve our service to our customers by monitoring telephone calls which we receive at our branches and call centres for the purposes of staff training, quality control and service improvement.
- to track and analyse activity on our website.
- to notify you about any changes to our services and to send you service emails.
- as part of our efforts to keep our website safe and secure.
- to comply with applicable law. For example, in response to a request from a court or regulatory body, where such request is made in accordance with law.
Lawful grounds for processing
To process your data lawfully we need to rely on one or more valid legal grounds which are as followed:
- your consent to processing activities. For example, where you have consented to us using your information for marketing purposes.
- your request for content, products or services including processing of your personal data to be taken prior to entering a contract with you and any processing that is necessary for the performance of such contract.
- legitimate interests we pursue as a business, except any overridden by your interests and fundamental rights.
- compliance with any legal obligation to which we are subject. For example, the processing for the purposes of complying with applicable law.
Disclosing your personal information
In order to provide our products and services, we may, occasionally, appoint other organisations to carry out some of the processing activities on our behalf.
These may include our partner pharmacists at LloydsPharmacy, our partners at:
- technology hosts.
- printing companies.
- providers of digital advertising services.
- providers of marketing and sales software solutions.
- mailing houses.
- and identity verification partners.
In these circumstances, we will ensure that personal information is properly protected and that it is only used in accordance with this Privacy Notice.
We also collect, use and share Aggregated/Anonymised Data such as statistical or demographic data for any purpose.
Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature or we may aggregate your data to build marketing personas or lookalikes to help up advertise to our patients better.
However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice. Please note, where we aggregate data for marketing purposes, it will not be combined with your personal data, and you will not be able to be directly or indirectly identified as a result.
Offers and opportunities
We, our group and carefully selected third parties would like to contact you and/or any person whose information you provide to us to tell you and/or them about offers and opportunities that are available and about a range of other initiatives in a number of ways such as, by post, telephone, text/picture/video message, social media or email.
Details of how-to opt-in or out to receiving details of offers are located in your patient record and in your welcome email. You can change your mind at any time.
We take the security of personal information seriously.
We employ security technology including firewalls, and Secure Socket Layers to safeguard information and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.
Use of your information within the European Economic Area
Some of the organisations to which we may disclose personal information may be situated within the European Economic Area (‘EEA’).
In order to provide the products and services you require, we may need to transfer your personal information to countries within the EEA, some of which do not have laws that protect privacy rights as extensively as in the United Kingdom.
Your data may also be processed within our Group companies that are based in third countries, meaning in countries outside the European Economic Area.
These data transfers are covered by an adequacy decision of the European Commission (Article 45 GDPR). Where this is not the case, e.g. when it comes to transfers to the USA, the data transfers are especially based on standard data protection clauses/standard contractual clauses in line with the templates adopted by the European Commission (Article 46 Para. 2 lit. c, Para. 5 S. 2 GDPR) or by an exemption according to Article 49 GDPR.
The same applies to external service providers who work on behalf of us (for example IT service providers or data centres) or third parties, insofar as they come into contact with your personal data and are based in third countries. This means that we transfer your IP address, for example, as part of the use of the TrustArc and Google Analytics tools, or your shortened IP address to countries outside the European Union, among others in the USA.
Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations.
Changes to the privacy laws and policies
Privacy laws and practices are constantly developing.
Our policies and procedures are therefore, under continual review.
We may, from time to time, update our security and privacy notices and suggest that you check this page periodically to review them. View our current GDPR statement here.
Updating and correcting information
You may update or correct your personal information online via your Patient Record. We encourage you to promptly update your personal information if it changes.
If you are providing updates or corrections about another person, we may require you to provide us with proof that you are authorised to provide that information to us.
Retention of Personal Data
We will retain your personal data if regulation specifies or where we have a continued legitimate and lawful purpose to do so.
However, we will not retain beyond this period, any of your personal data that is no longer required for the purposes set out in this Privacy Notice.
The retention of your personal data will be subject to periodic review.
We may keep an anonymised form of your personal data, which will no longer refer to you for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
Data protection law provides data subjects with numerous rights, including the right to:
- And object to the processing of personal data.
Data subjects also have the right to log a complaint with the relevant data protection authority if they believe that their personal data is not being processed in accordance with applicable data protection law.
Right to make subject access request (SAR)
Data subjects may, where permitted by applicable law, request copies of their personal data.
If you would like to make a SAR (i.e. a request for copies of the personal data, we hold about you) you may do so by emailing [email protected] or writing to:
Data Protection Officer
Expert Health Limited
50-54 Wigmore Street
The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity.
Right to rectification
You may request that we rectify any inaccurate and/or any incomplete personal data.
Right to erasure
You may request that we erase your personal data and we will comply unless there is a lawful reason for not doing so.
For example, there may be an overriding legitimate ground for keeping your personal data such as, a legal obligation that we must comply with or if retention is necessary for us to comply with our legal obligations.
Your right to log a complaint with the supervisory authority
We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal data.
However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office (ICO), the supervisory authority in the United Kingdom, please visit the ICO website for instructions.
How to contact us
Page updated: 7/8/2023
Previous update: 12/5/2022