Privacy Policy for Lo’s Pharmacy
Effective Date: 30/07/2025
Review Date: Yearly
At Lo’s Pharmacy, we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, share, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant privacy legislation.
This policy applies to all personal data processed by Lo’s Pharmacy in the course of delivering NHS and private pharmacy services, both in-store and online (if applicable).
Lo’s Pharmacy
Unit 5, Farfield Park, Manvers, Rotherham S63 5DB
Phone: 01709 877678
Email: reception@lospharmacy.co.uk
Website: https://lospharmacy.co.uk
We are a registered pharmacy in the United Kingdom regulated by the General Pharmaceutical Council (GPhC). Lo’s Pharmacy is the data controller for your personal data.
If you have any concerns about how your data is handled, you can contact our Data Protection Officer (DPO) at:
Data Protection Officer
Paul Mason
Email: paul.mason@lospharmacy.co.uk
Phone: 01709 877678
a. Personal Identification Information Full name
Date of birth
Address
Telephone number
Email address
NHS number
Photo ID (if required for certain services)
b. Health and Medical Information (Special Category Data under Article 9 UK GDPR) Medical history and conditions
Prescription details and medication records
Treatment records and clinical notes
Vaccination status
Allergy and intolerance information
Consultation summaries and service records
c. Financial and Insurance Information Payment card details (for private services)
Medical exemption status or insurance details
d. Technical and Website Data (if applicable) IP address
Device identifiers
Location data
Cookies and browsing activity (see Section 11)
Purpose Lawful Basis (UK GDPR) Providing NHS and private pharmacy services Article 6(1)(e) – Task carried out in the public interest or official authority Article 9(2)(h) – Provision of health or social care Managing prescriptions and clinical services Same as above Communication (e.g., appointment reminders) Article 6(1)(a) – Consent (when applicable) Marketing communications Article 6(1)(a) – Consent Legal obligations (e.g., recordkeeping) Article 6(1)(c) – Legal obligation Emergency care Article 6(1)(d) – Vital interests
We will only collect and process health data where it is necessary for providing healthcare or treatment.
Provide and manage your prescriptions and medication
Deliver NHS and private healthcare services
Contact you regarding your care, appointments, or test results
Ensure your medical records are accurate and up to date
Provide vaccinations, health checks, or wellness services
Process payments for private services
Monitor service usage and improve the quality of care
Comply with legal and regulatory requirements
NHS bodies and other healthcare professionals (e.g. GPs, hospitals)
NHS Business Services Authority (NHSBSA) for reimbursement and data analysis
Regulatory authorities (e.g. GPhC, CQC, MHRA)
IT service providers that host and support our systems (under GDPR-compliant contracts)
Law enforcement agencies if required by law
Third-party private health providers (only with your explicit consent)
We ensure all third parties respect the security of your data and process it in accordance with the UK GDPR.
Examples:
Prescriptions and pharmacy records: typically retained for 8 years
Vaccination records: retained in accordance with NHS or public health guidance
CCTV footage (if used): typically retained for 30 days, unless required for investigation
Right to be informed – you have the right to know how we use your data
Right of access – you can request a copy of the data we hold about you
Right to rectification – you can request corrections to your data
Right to erasure – you can request deletion of your data (in certain cases)
Right to restrict processing – you can request limited use of your data
Right to data portability – you can ask for your data to be transferred (where feasible)
Right to object – you can object to processing under certain conditions
Rights relating to automated decision making – we do not use automated decisions or profiling
To exercise any of these rights, please contact our DPO using the contact details in Section 2.
Role-based access control and staff training
Encrypted storage and transmission
NHS-compliant systems
Secure shredding of paper records
Regular audits and access logs
Compliance with the NHS Data Security and Protection Toolkit
International Transfers We do not routinely transfer your data outside the UK. If we ever need to do so (e.g. cloud services), we will ensure it is protected with appropriate safeguards in accordance with UK GDPR Chapter V (e.g., adequacy decisions, Standard Contractual Clauses).
Cookies and Website Use If you use our website, we may collect information through cookies to:
Improve site performance and usability
Analyse visitor behaviour
Support website functionality (e.g., prescription requests)
You can change your cookie preferences through your browser settings. Please see our separate Cookie Policy for more information.
Updates to This Policy We may update this Privacy Policy to reflect changes in law or our services. The latest version will always be posted on our website and available in-store. We encourage you to review it periodically.
Complaints If you are unhappy with how we handle your data, please contact our DPO first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office Website: https://www.ico.org.uk Phone: 0303 123 1113 Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Lo’s Pharmacy
Unit 5, Farfield Park, Manvers, Rotherham S63 5DB
Phone: 01709 877678
Email: reception@lospharmacy.co.uk
Website: https://lospharmacy.co.uk