Welcome to Medics Direct Aesthetics Pharmacy.

Medics Direct Pharmacy and Medics Direct Training are trading names or European Medical Aesthetics Ltd.

Before entering any personal details into this website, please read the Medics Direct Pharmacy privacy policy thoroughly. Using this website, indicates the acceptance of our privacy policy along with our terms and conditions. If you do not agree with the privacy policy posted, please do not use the website or any offerings of Medics Direct Pharmacy.

The processing of information and data is regulated by the General Data Protection Regulations (GDPR), 2018. Medics Direct Pharmacy ensures that your data will be protected in accordance with this act.

 

What is Personal Data?

Personal Data means information that can directly or indirectly identify you. This typically includes information such as your name, address, email address, and telephone number.

Information about health, such as prescriptions, is a special category of Personal Data that requires additional safeguarding measures.

 

How do we collect Personal Data?

Medics Direct collect information in accordance to this privacy policy. The information collected is from the information that the customer provides us with from:

  • Use of the Medics Direct Pharmacy website, through registering and sending orders
  • Contacting us via email, phone or in writing
  • Through cookies
  • Requesting marketing materials from out pharmacy

 

What Personal Data do we collect?

When you register with Medics Direct Pharmacy, we may collect the following Personal Data from you: name, title, professional registration number, postal address for deliveries, invoice address, email address, business telephone number, mobile number, signature, photographic identification, date of birth, gender.

When you use your account to place an order, we may collect the following further Personal Data from you: prescriptions for your patients (including their name, address, date of birth, health information), payment information (i.e. bank, debit/credit card, cheque details), and a further delivery address. We may also collect further information in the event of a dispute, return, refund or complaint.

You must ensure that the information you provide is accurate and complete. Failure to provide accurate information may lead to your account being closed.

 

Why do we collect this Personal Data?

  • To comply with our legal and regulatory requirements
  • To process your order correctly
  • To send up to date information, price lists and promotional materials
  • To keep our customers informed on upcoming events and training days which may be of interest to them
  • To allow customers to register to the website successfully
  • To link to your prescribing professional to complete orders
  • To verify customers’ identity

 

Medics Direct Pharmacy Receiving Personal Data via Patient’s Agent And/Or 3rd and 4th Parties

Any scenario where you are collecting personal data including your colleague’s personal details (ie: practitioner/prescriber) and patient/client personal details and then forwarding it onto Medics Direct Pharmacy – this would mean you would be jointly responsible for the data subject on handling, storing, transferring the personal data of your patient/client/practitioner/colleague.

For instance, you may be the Prescriber, carried out a face to face consultation, then have forwarded the patient’s prescriptions to Medics Direct. Or you may be a customer/agent who collects personal data from a prescriber and then forwards the data/prescriptions to Medics Direct (ie: a Nurse running a clinic and working with an outsourced prescriber).

Therefore, it is extremely important that you, your colleges who work with you including practitioners/prescribers) who are exposed to any personal details must adhere to Data Protection rules including the GDPR.

 

How do we store your data?

The data collected by Medics Direct training is stored within a Customer Relationship Management (CRM) system. We also use a Software as a Service (SaaS) solution to store your data. As the data controller these processors are only used to store data in accordance with our privacy policy.

Access to such information is limited to those members of staff that need to access them. All registration details/account details are kept as long as the account remains in use, and up to seven years after the last transaction.

Prescription data is entered into a secure PMR system for as long as advised by the GPhC. Paper copies of private prescriptions are securely archived for at least two years, as recommended by the GPhC before being securely destroyed. Destruction records are retained.

 

Cookies

Medics Direct Pharmacy uses cookies in order to keep your account and personal data secure.

These cookies do not store any data other than your account ID and your last activity time on the website.

Cookies are used solely to manage our customers account access. The cookies are only stored during your website session.

 

Security

Medics Direct Pharmacy is committed to keeping your personal data secure from unauthorised persons.

All personal data that is given to Medics Direct Pharmacy is held safely. Our servers have security systems, such as encryption and firewalls, in place to prevent any unauthorised persons from accessing confidential information. Any information that is physically stored is kept in a secure, locked and keycode protected area. Access to such information is limited to those members of staff that need to access them. All registration details/account details are kept as long as the account remains in use, and up to seven years after the last transaction.

Prescriptions received via email will be hosted on our secure email server and cloud based in the EU. Medics Direct Pharmacy advocates that account holders consider sending prescriptions on encrypted emails as a further security measure.

Prescription data is entered into a secure PMR system for as long as advised by the GPhC. Paper copies of private prescriptions are securely archived for at least two years, as recommended by the GPhC before being securely destroyed. Destruction records are retained.

All of our staff contracts of employment contain a requirement to keep patient information confidential. All staff that deal with Personal Data with regards to prescriptions are also trained in and must comply with the GPhC regulations in regards to Data Protection. In addition, pharmacists have a requirement under their professional standards to keep records about you confidential, secure and accurate.

Order details, credit notes and payment details are kept on our secure accounts EU-based server and cloud system for as long as is legally required, normally up to seven years as per HMRC guidelines. Debit or credit card details are not retained at any point, except for merchant receipts.

 

Updating personal information

All personal information collected and retained should be accurate and up-to-date information. If you need to update any information that you have given, please update in the ‘account’ section of your Medics Direct Pharmacy account.

If there are any issues, please contact the Medics Direct team by email or phone and the team can update the information for you.

 

Who May This Information Be Shared With?

Our service providers -This includes external third-party service providers, such as lawyers, credit reference agencies, and other outside professional advisors; IT systems, support and hosting service providers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities. All our on-line service providers are based in the EU and comply with GDPR standards.

Government or other public authorities - including, but not limited to, HMRC, law enforcement or other agencies to which we are required to disclose Personal Data by law, or by a warrant, subpoena or court order.

Professional regulators -This includes the MHRA, GPhC, Royal Pharmaceutical Society, GMC, GDC, and NMC, who ensure we maintain appropriate professional and service standards and that your declarations and ours are accurate for compliance and enforcement purposes.

Our suppliers - Occasionally, we may share Personal Data limited to your account number and partial post code with our suppliers to fulfil our and your legitimate interests. We will only do this with your approval and consent and you are welcome to opt-out of this at any time.

 

Access to your information

In accordance with GDPR, you have the right to access the information we hold on you. You can request this from us at any point. To request this information please contact us at orders@medicsdirect.com or call 0141 248 6123.

Under the General Data Protection Regulations you have the following rights:

  • Obtain from us confirmation as to whether or not we process Personal Data from you and, where that is the case, access to your Personal Data;
  • Rectification of inaccurate Personal Data;
  • Erasure of Personal Data;
  • Objection to the processing of Personal Data;
  • Restriction of processing of Personal Data; and
  • Portability of Personal Data – to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.

In some instances, for example in relation to processing medical records, our legal obligations or public duties may override your rights under data protection laws.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You can learn more about these rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

Changes to the privacy policy

Please read the privacy policy regularly as any changes will be shown on this page.