1. About us
www.mckesson.uk (the “Website”) is operated by McKesson UK (“we”, “us”, “our”). We are a member of the McKesson UK Group of companies (“Group”) whose principal operating companies are:
AAH PHARMACEUTICALS LIMITED
BARCLAY PHARMACEUTICALS LIMITED
EXPERT HEALTH LIMITED
JOHN BELL & CROYDEN LIMITED
LLOYDS PHARMACY LIMITED
LLOYDS PHARMACY CLINICAL HOMECARE LIMITED
METABOLIC HEALTHCARE HOLDINGS LTD
SANGERS (NORTHERN IRELAND) LIMITED
STEPHEN SMITH LIMITED
This Privacy Notice explains what information we collect about you, how we and our Group may use it, and the steps we take to ensure that it is kept secure. We also explain your rights and how to contact us.
Please note, our website may contain links to other websites which are provided for your convenience. We are only responsible for the privacy practices and security of this Website. We recommend that you check the privacy and security policies and procedures of each and every other website that you visit.
You are permitted to establish a link to our website from other sites provided that, if we believed it would damage us or any of our Group companies or an AAH Partner, you must remove the link immediately if we ask you to do so.
If you have any questions about this Privacy Notice, please email firstname.lastname@example.org
2. Changes to this Privacy Notice
We may amend this Privacy Notice at any time. Any changes we may make will be posted on this page, so please check back frequently. Your continued use of our website and our services after posting will constitute your acceptance of, and agreement to, any changes.
3. What is Personally Identifiable Information (PII) / Personal Data?
Personal data or PII means any information relating to a person who can be identified either directly or indirectly by that information; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase history.
4. The personal data we collect
We may collect and process the following information about you:
- In order to provide the services, you require you may provide us with:
- written or verbal information by creating an account with us;
- answering questions;
- filling in forms on our website.
- by corresponding with us by e-mail, telephone or otherwise.
- information you provide when you purchase products and/or services from us;
- reply to an email;
- enter a competition, promotion or survey; and
- when you report a problem with our website.
The personal information you provide may include:
- your name;
- date of birth;
- billing and delivery address;
- orders, receipts;
- e-mail address;
- telephone number; and
- financial and billing information (including your payment card information if you pay for any order by credit or debit card).
For your security, we will also keep an encrypted record of your login password.
Information we collect about you
- We may collect your social media username, if you interact with us through those channels, to help us respond to your comments, questions, or feedback.
- We may collect details of your interactions with us through our contact centres, in-store, online and when you use any of our mobile applications.
- Should you visit us we may collect, your image may be recorded on CCTV. Clear and visible signs will be on the premises to advise you where CCTV monitoring is taking place. We may review CCTV footage for several reasons, for example, if there is reasonable suspicion of a criminal offence having been committed or if we are required to do so by law.
- All personal information, including where carts are abandoned and where personal information is obtained about you and/or any other person whose details you provide may be recorded, used, and protected by us in accordance with current data protection legislation, our Terms and Conditions (if applicable) and this Privacy Notice.
Information we receive from other sources
We are also working closely with third parties (including, for example, business partners, service providers, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may be combined with other information you provide to us, as described above.
Information about other people
If you provide information to us about any person other than yourself, you confirm that you have made that person aware of how we may collect, use and disclose their information, the reason you have provided it, how they can contact us, the terms of this notice and that they have consented to such collection, use and disclosure.
5. How we will use your information
We will primarily use your personal data:
- to create and maintain your customer account once you become a registered customer.
- to process and fulfil any orders that you may place with us (through our Website, our mobile. applications or in-store). If we don’t collect your personal data during checkout, we won’t be able to process your order .
- to continuously improve our service to our customers by monitoring telephone calls which we receive at our and call centres for the purposes of staff training, quality control and service improvement.
- to respond to your queries, refund requests and complaints. Handling the information, you submit to us enables us to respond effectively. We may also keep a record of these to inform any future communications between us and to demonstrate how we communicated with you throughout. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service .
- we may (where you consent) use your personal data, preferences, and details of your transactions to keep you informed by email, web, text, telephone and through our contact centres about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. Of course, you are free to opt out of hearing from us by any of these channels at any time.
- to resolve any disputes, if you lawfully exercise your rights or if you wish to dispute any part of our service offering.
- to process your booking and/or appointment requests (for example, when using our in-store services booking form) .
- to communicate with you in the event that any services requested are unavailable or if there is a query or problem with your order.
- to capture your product reviews, for example when you buy goods and services from us, we may follow it up with an enquiry about your experience of the product to help us gauge customer satisfaction. You are not obligated to leave reviews and ratings, but this facility would enable you to get your views of the product across should you wish to do so.
- to notify you about changes to our services and to send you service emails relating to the activities you have asked us to undertake on your behalf.
- as part of our efforts to keep our website safe and secure; and
- to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
6. Lawful grounds for processing
To process your data lawfully we need to rely on one or more valid legal grounds. The grounds we may rely upon for the processing of your Personal Data include:
- your consent to processing activities. For example, where you have consented to us using your information for marketing purposes.
- your request for content, products or services necessitating steps including processing of your personal data to be taken prior to entering into contract with you and any processing that is necessary for the performance of such contract.
- legitimate interests we pursue as a business, except where such interests are overridden by your interests and fundamental rights; and
- compliance with any legal obligation to which we are subject, such as, for example, the processing for the purposes of complying with applicable law.
7. Disclosure of your personal data
There are circumstances where we wish to disclose or are compelled by law to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure to:
- our subsidiaries, branches or associated offices.
- our Group companies who may contact you by email, phone or post about other products and services (including those from other organisations) in which you may be interested (where you have consented to such communication).
- manufacturers, including those identified on our website, who have a relationship or contract with you for the purposes of providing rebates on the Goods you buy from our managed stocks.
- our outsourced service providers or suppliers to facilitate the provision of our products and/or services to you, for example
- our panel of medical experts, printing companies and mailing houses.
- manufacturers of the Goods in the efforts to understand customer preferences, ensure satisfactory stock levels, to improve products and services and to calculate any volume discounts or rebates which may be applicable to your account .
- our data centre provider for the safe keeping of your personal data, webhosting provider through which your personal data may be collected; and identity verification partners in order to verify your identity against public databases. In these circumstances, we will ensure that your personal data is properly protected and that it is only used in accordance with this Privacy Notice.
- our nominated third-party credit agencies to derive a credit score which will be applied to managing your account. We may also carry out credit checks with licensed credit agencies on your guarantors (if applicable). A record of the search may be kept by us and the agencies.
- our advertising partners who enable us to deliver personalised ads to your devices or similar advertising.
- subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means. If you do not wish to be contacted, you may unsubscribe by clicking “unsubscribe” in the message concerned.
- analytics and search engine providers that assist us in the improvement and optimisation of our website. Your personal data is generally shared in a form that does not directly identify you.
- third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons.
- another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution, or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company.
- public authorities where we are required by law to do so.
- if required, in order to receive legal advice; and
- any other third party where you have provided your consent.
8. Offers and opportunities
We would like to contact you and/or any person whose information you provide to us, to tell you and/or them about offers and opportunities that are available and about a range of other initiatives in a number of ways, including by post, telephone, text/picture/video message or by email.
Details of how-to opt-in to receiving details of offers are on relevant pages of our website. You can change your mind at any time (see the section “How to contact us ” below).
We take the security of personal information very seriously. We employ security technology, including firewalls, and Secure Socket Layers to safeguard information and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.
10. Updating and correcting information
We encourage you to promptly update your personal information if it changes. If you are providing updates or corrections about another person, we may require you to provide us with proof that you are authorised to provide that information to us.
You may be able to update or correct your personal information online by selecting the “Edit Profile or My Account (as applicable)” area or by contacting us in writing or by email (see the section “How to contact us” below). Please include your name, address and/or email address when you contact us as this helps us to ensure that we accept amendments only from the correct person.
11. International transfer of personal data
During the matrix structure of our Group, your data will also be processed within our Group companies that are based in third countries, meaning in countries outside the European Economic Area. These data transfers are covered by an adequacy decision of the European Commission (Article 45 GDPR). Where this is not the case, e.g., when it comes to transfers to the USA, the data transfers are especially based on standard data protection clauses/standard contractual clauses in line with the templates adopted by the European Commission (Article 46 Para. 2 lit. c, Para. 5 S. 2 GDPR) or by an exemption according to Article 49 GDPR.
The same applies to external service providers who work on behalf of us (for example IT service providers or data centres) or third parties, insofar as they come into contact with your personal data and are based in third countries. This means that we transfer your IP address, for example, as part of the use of the TrustArc and Google Analytics tools, or your shortened IP address to countries outside the European Union, among others in the USA.
Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations.
12. Retention of personal data
Your personal data will be retained in accordance with our Company Data Retention and Deletion Schedule. The retention of your personal data will be subject to periodic review.
We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
13. Your rights
Data protection law provides data subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their personal data. Data subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their personal data is not being processed in accordance with applicable data protection law.
Right to make subject access request (SAR). Data subjects may, where permitted by applicable law, request copies of their personal data. If you would like to make a SAR, i.e., a request for copies of the personal data we hold about you, you may do so by emailing email@example.com or writing to the Data Protection Officer, LloydsPharmacy Limited, Sapphire Court, Walsgrave Triangle, Coventry, CV2 2TX. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity.
Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete personal data.
Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.
Right to object to processing, including automated processing and profiling. You may, as permitted by applicable law, request that we stop processing your personal data. In relation to automated processing and profiling, you may object to the processing, and you will have the right to obtain human intervention.
Right to erasure. You may request that we erase your personal data, and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
Right to data portability. In certain circumstances, you may request that we provide your personal data to you in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We will comply with such transfer as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your personal data which may still be required for legitimate and lawful purposes.
Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
14. Changes to the privacy laws and policies
Privacy laws and practice are constantly developing, and we aim to meet high standards. Our policies and procedures are, therefore, under continual review. We may, from time to time, update our security and privacy policies and suggest that you check this page periodically to review our latest policies.
In common with many other website operators, we may use standard technology called ‘cookies’ on this site. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive, and they are used to record how you navigate this website on each visit.
Most browsers automatically accept cookies, but you can usually change your browser to prevent cookies being stored. Please note, if you do turn cookies off this will limit the service that we are able to provide to you and may affect your visitor experience.
For further information on cookies and how to switch them off see www.allaboutcookies.org
2. Internet Protocol (IP) addresses.
When you visit our website, we log your IP address (the unique address which identifies your computer on the internet). We use IP addresses to collect broad geographic information on our Site visitors, and to optimise our website. We do not link IP addresses to personally identifiable information.