I consent to receive recurring automated marketing by text messages through an automatic SMS sending system. Consent is not a condition to purchase. STOP to cancel, HELP for Help. View Privacy Policy and Terms of Service

City Pharmacy Limited - Data Protection Policy 2020

In the course of your usage of www.citypharmacy.ie we will collect certain information about you as well as in the course of operating our business. This policy sets out details of the information that we collect, how we process it and who we share it with. It also explains your rights under data protection law in relation to our processing of your data.

Who controls the use of your personal data?

City Pharmacy Limited, whose registered address is 14 Dame Street, Dublin 2, is the company that controls and is responsible for personal data that is collected in relation to our products and through the use of our App. If you have any queries in relation to the processing of your personal data, we have appointed a data protection officer that you can contact as follows:

by post at Data Protection Officer, City Pharmacy Limited, 14 Dame Street, Dublin 2 or by email at info@citypharmacy.ie

What personal data is collected?

In order to provide our services to you we need to process certain personal data in relation to you, which includes:

- Biographical data – We collect the following biographical data: name, assumed names, address, phone number, email address, gender, family relationships (e.g. spouse, children), date of birth, PPS number, and if you are a student or in college, for student discounts.

- Payment data – If you pay by direct debit or receive payments through electronic funds transfers, we will collect the IBAN, BIC and the name of your bank/building society or your credit card details where relevant.

- Medical data – We may process details of your medical history, details of prescriptions relevant to you, treatment dates, payments made, details of other insurance that may cover aspects of your prescriptions, and the original or copy prescriptions. If necessary we will access further medical information/medical records relating to the service we shall provide to you.

- Interactions with us – If you interact with us we will record details of those interactions (e.g. phone calls and logs of phone calls, email correspondence and hard copy correspondence). If you make a complaint we will process details in relation to that complaint.

- Online services - When you interact with us online (by computer, tablet or smartphone), you will often provide personal data to us, which you will be aware of when using the services or for which you give consent. We also automatically collect data about your use of our services, such as the type of device you are using and its IP address, and how you interact with the services. Further details are available in the cookies policy and/or the Data Protection Statement that accompanies the relevant service.

Where does City Pharmacy Limited collect personal data from?

Most of your personal data that we collect will be provided by you through your interactions with us. However, certain information may be provided by third parties on your behalf, including the following:

- Hospital and primary care providers – If you are using one of our services, you have probably had some interactions with a hospital or primary care provider. We have arrangements with these entities under which they provide us with details of the services and medications that you have received, so that we can properly assess and process your prescriptions. Details may be provided electronically.

- Online services – When you access our online services we will collect the information that you provide to us online. We will also automatically collect certain data in relation to your use of our services, such as the type of device you are using and its IP address and how you interact with the services.

- Insurers – We may receive your personal data from insurers to verify your insurance details as well as for other regulatory reasons.

Why do you process my personal data?

We process your personal data in order to provide you with our services and to assist us in the operation of our business. Under data protection law we are required to ensure that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is.

There are various options under data protection law, but the primary bases that we use are

(a) processing necessary for the performance of our service to you, (b) processing necessary in order for us to pursue our legitimate interests, (c) processing where we have your and/or your dependants’ consent, and (d) processing that is required under applicable law.

Here are further details of our processing of your personal data below, together with the basis for that processing:

- Dispensing your prescriptions – We will process your personal data in order to dispense your prescriptions. This includes processing your personal data in order to make and receive payments, and to maintain our records of the products that you have received. Where we process your personal data in order to dispense your prescriptions this will be on the basis that it is necessary in order for the performance of our contract with you.

- Providing you with services – City Pharmacy Limited provides different channels to engage with you in order to perform our contractual obligations, including where you have opted to avail of electronic channels such as www.citypharmacy.ie and our mobile app City Pharmacy.

- Processing prescription and orders – In order to process a prescription or an order that you make we will need to process personal data in relation to the prescription or order. This includes the underlying medical condition that is treated, your medical history, the medical services that you receive and details of previous or current insurance policies you may have had. We will also need to process your personal data in order to deal with queries about your prescriptions, orders, for precertification/approval of treatment, or to deal with complaints from you or a medical services provider.

- Running our business – Like all pharmaceutical companies it is essential to ensure that we manage our business in the best way possible. The information we collect may be used to help us develop new product benefits and services. We also carry out auditing and quality control to check that our processes are robust and are being followed. In addition, we also need to process your data to meet certain regulatory and legislative obligations that apply to our business.

We do all of the above by using aggregated or anonymous data where possible, so you won’t be identifiable from the data, but some of this work involves processing your data without anonymising it. Where we process health related data, this will be on the basis that it is necessary and proportionate for the purposes of providing health services as part of our business.

- Marketing – If you consent to us sending you marketing messages about our products and services, we will process your personal data in order to make sure that any marketing messages that we send you are relevant to you. With your permission, this may include processing your health data to identify services that might be particularly relevant to you. We may also use it to ensure that we don’t send you details about a service that isn’t relevant to you.

We may also undertake market research and surveys which provide us with market insights and measure patient and customer experience. This helps us to advocate for an improved health system by measuring patient experience. If we process your personal data for marketing and/or market research, this will be subject to your consent.

- Fraud prevention and claims management – It is an unfortunate feature of any pharmaceutical system that fraud can occur from time to time. We have a number of systems and procedures in place to monitor for potentially fraudulent matters. If we identify a suspicious matter or pattern of matters, we will process your personal data in order to investigate the matter and to take appropriate measures to protect City Pharmacy Limited and its members. On occasion, this may require further access to medical information/medical records. Where we process health data in connection with fraud prevention and claims management, this will be on the basis that it is necessary and proportionate for the purposes of administering your service.

- Administering our computer systems – City Pharmacy Limited relies on computer systems to run our business and to process claims. We have an extensive team of developers and support engineers who maintain our systems, running trials of new software, and providing support to our users.

Where possible, we use test data or anonymised data, but on occasion we may have to access live data directly, or we will make a copy of some of the data that sits in our live systems and run our tests on that to make sure everything is working before we roll out a change. These copies may include your personal data, including details in relation to claims you have made. This processing of your personal data is justified by our legitimate interests in making sure our computer systems run properly and are safe and secure. If we process health data when running these tests or providing support services to our users, this will be on the basis that it is necessary and proportionate for the purposes of providing health services as part of our business.

Consent

In order to process certain personal data in relation to you, which may include health data, for certain purposes such as surveys, direct marketing, we require your consent. When we process your personal data on the basis of your consent, you are free to withdraw that consent at any time. You can withdraw your consent by contacting us using the contact details at the bottom of this notice. Please note that if you withdraw your consent, we may not be able to continue providing you with the service to which the consent related.

Information you are obliged to provide

We require certain information from you in order to be able to enter into a contract with you and to provide you with our services. Where this is the case we will indicate on relevant forms what personal data is required in order to enter into the contract with you. If you do not provide the information, we will not be able to provide you with our services.

Notification

 Post: City Pharmacy Limited, 14 Dame Street, Dublin 2 .

 Phone:(01) 6704523

Who do we share your personal data with?

We share your personal data with the following third parties:

- Hospitals and primary care providers – we will provide hospitals and primary care providers with information that allows them to verify the information that you provide to us.

- Service providers – We rely on trusted third parties to help us run the City Pharmacy Limited business and to provide us with specialised services. These can include companies that provide IT services (e.g. scanning and uploading letters from customers and hosting data when providing software services). These can also include legal advisors, accountants and consultants. Where our service providers have access to your personal data, we ensure they are subject to appropriate contracts and other safeguards.

- Group schemes – Many members avail of our services through a group scheme that is operated by their employer. In order to administer your policy, City Pharmacy Limited may exchange certain details such as your name, address, gender, date of birth, contact details, details of dependants that will be included on a policy, their relationship to the policy holder, previous insurance details, employee and group scheme number and PPS number. This information may be provided electronically.

- Regulators – In certain circumstances City Pharmacy Limited is obliged to provide information to a regulator, e.g. in the investigation of complaints.

- Group companies – City Pharmacy Limited consists of a number of separate companies. Some of these companies provide services to each other which may involve the sharing of your personal data between one or more group companies.

Transfers outside of the European Economic Area (EEA)

There are certain circumstances where we will transfer your personal data outside of the EEA to a country which is not recognised by the European Commission as providing an equivalent level of protection for personal data as is provided for in the EEA. If we transfer your personal data outside of the EEA, we will ensure that appropriate measures are in place to protect your personal data and to comply with our obligations under applicable data protection law. This may mean that we enter into contracts in the form approved by the European Commission, or we ensure that the company to which we transfer your personal data has agreed to abide by an approved transfer mechanism, such as the EU-US Privacy Shield framework. If you would like further details about the measures we have taken in relation to the transfer of your personal data, or copies of the agreements that we have put in place in relation to the transfers, please contact us using the details at the bottom of this notice.

Retention of personal data

City Pharmacy Limited will retain your personal data in accordance with our record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data. For further information about the criteria that we apply to determine retention periods please see below:

 Statutory and regulatory obligations – As we work in a highly regulated industry, we have certain statutory and regulatory obligations to retain personal data for set periods of time.

 Managing legal claims – When we assess how long we keep personal data we take into account whether that data may be required in order to defend any legal claims which may be made. If such data is required, we may keep it until the statute of limitations runs out in relation to the type of claim that can be made (which varies from 2 to 12 years).

 Business requirements – As we only collect personal data for defined purposes, we assess how long we need to keep personal data for in order to meet our reasonable business purposes.

Your rights

You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data:

- Right to access the data - You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.

- Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.

- Right to erasure – You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.

- Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.

- Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.

In order to exercise any of the above rights, please contact us using the contact details set out below.

Please also note: all transactions are stored for 2 years per PSI regulation.

Questions and Complaints

If you have any queries or complaints in connection with our processing of your personal data, you can get in touch with us using the following contact details:

- Post: Data Protection Officer, City Pharmacy Limited, 14 Dame Street, Dublin 2

- E-Mail: info@citypharmacy.ie

You also have the right to lodge a complaint with the Data Protection Commission if you are unhappy with our processing of your personal data. Details of how to lodge a complaint can be found on the dataprotection.ie website, or you can call the Data Protection Commission on 1890 252 231.

SMS/MMS Mobile Message Marketing Program Terms and Conditions

(hereinafter, “We,” “Us,” “Our”) is offering a mobile messaging program (the “Program”), which you agree to use and participate in, subject to these Mobile Messaging Terms and Conditions (the “Agreement”). We may modify or cancel the Program or any of its features without notice. This Agreement is limited to the Program and is not intended to modify other Terms and Conditions or Privacy Policy that may govern the relationship between you and Us in other contexts. We may also modify this Agreement at any time and your continued use of the Program following the effective date of any such changes shall constitute your acceptance of such changes.

The Program allows Users to receive SMS/MMS mobile messages by opting into the Program, such as through online or application-based subscription forms. Your consent to receive automated marketing text messages is not required as a condition of purchasing any goods or services. Regardless of the opt-in method you used to join the Program, you agree that this Agreement applies to your participation in the Program. If you have opted in, the Program provides updates, alerts, information, promotions, specials, and other marketing offers (e.g., product discounts) from via text messages through your wireless provider to the mobile number you provided. SMS/MMS mobile messages may be sent using an automated telephone dialing system or other technology. Message frequency varies. You are responsible for all charges and fees associated with text messaging imposed by your wireless provider. Message and data rates may apply.

If you do not wish to continue participating in the Program or no longer agree to this Agreement, you agree to reply STOP to any mobile message from Us in order to opt-out of the Program. You may receive an additional mobile message confirming your decision to opt-out. You understand and agree that the preceding options are the only reasonable methods of opting out. You also understand and agree that any other method of opting out, including, but not limited to, texting words other than those set forth above or verbally requesting one of our employees to remove you from our list, is not a reasonable means of opting out.

For any questions please text "HELP" to the number you received the messages from. You can also contact us for more information. If you wish to opt-out please follow the procedures above.

We may change any telephone number we use to operate the Program at any time and will notify you of these changes. You acknowledge that any messages, including any STOP or HELP requests, you send to a telephone number we have changed may not be received and we will not be responsible for honoring requests made in such messages.

The wireless carriers supported by the Program are not liable for delayed or undelivered messages. You agree to provide us with a valid mobile number. You agree to maintain accurate, complete, and up-to-date information with us related to your receipt of messages, including, without limitation, notifying us immediately if you change your mobile number.

You agree to indemnify, defend, and hold us harmless from any third-party claims, liability, damages, or costs arising from your use of the Program or from you providing us with a phone number that is not your own. If at any time you intend to stop using the mobile telephone number that has been used to subscribe to the Program, including canceling your service plan or selling or transferring the phone number to another party, you agree that you will complete the Opt-Out process set forth above prior to ending your use of the mobile telephone number. You understand and agree that your agreement to do so is a required part of these terms and conditions. You further agree that, if you change your telephone number without notifying Us of such change, you agree that you will be responsible for all costs (including attorneys’ fees) and liabilities incurred by Us, or any party that assists in the delivery of the SMS/MMS mobile messages, as a result of claims brought by individual(s) who are later assigned that mobile telephone number. This duty and agreement shall survive any cancellation or termination of your agreement to participate in any of our Programs.

You agree that we will not be liable for failed, delayed, or misdirected delivery of any information sent through the Program, any errors in such information, and/or any action you may or may not take in reliance on the information or Service.

You may not use or engage with the Platform if you are under thirteen (13) years of age. If you use or engage with the Platform and are between the ages of thirteen (13) and eighteen (18) years of age, you must have your parent’s or legal guardian’s permission to do so. By using or engaging with the Platform, you acknowledge and agree that you are not under the age of thirteen (13) years, are between the ages of thirteen (13) and eighteen (18), and have your parent’s or legal guardian’s permission to use or engage with the Platform, or are of adult age in your jurisdiction. By using or engaging with the Platform, you also acknowledge and agree that you are permitted by your jurisdiction’s Applicable Law to use and/or engage with the Platform.

Recover password

Create my account

I consent to receive recurring automated marketing by text messages through an automatic SMS sending system. Consent is not a condition to purchase. STOP to cancel, HELP for Help. View Privacy Policy and Terms of Service

SMS/MMS Mobile Message Marketing Program Terms and Conditions