Privacy Policy - MediPill Pharmacy

CONTENTS

01 What we collect 02 How we use it 03 Data security 04 Your rights 05 Newsletter & opt-out 06 Cookies 07 Data processors 08 Contact

01 · Data we hold

What information we collect.

We process your personal data when you book a service, fill in a form on this website, or receive pharmacy care from us. This may include:

Contact details — name, email address, mailing address, phone number.
For pharmacy services: medical history, medication history, gender, NHS number, date of birth, and your GP details.
Preferences such as wish lists, order history, marketing preferences and any reviews you leave.
Information you provide by filling in forms on this website, or when you report a problem or query.

02 · Lawful basis

How we use your data.

We process your personal data on three lawful bases — all of them required to deliver healthcare and meet our regulatory obligations:

Your care — providing pharmacy services and care to you and, as appropriate, sharing your information with your GP and others in the wider NHS.
Payments — sharing your information with the NHS Business Services Authority, others in the wider NHS, and sometimes Local Authorities. Only limited information is shared with external parties who negotiate and check the accuracy of our payments.
Management — sharing limited information with the NHS Business Services Authority and others in the wider NHS, and sometimes Local Authorities, as well as those external to the NHS who ensure we maintain professional and service standards.

A pharmacist is responsible for the confidentiality of your information. We hold your information for as long as advised by the NHS.

We process your data in the performance of a task in the public interest, for the provision of healthcare and treatment, and for the management of healthcare systems. We may also send you a newsletter where you have consented, respond to your questions, and review and enhance the quality of our services.

You may choose to opt out of the NHS using your data for planning and research purposes — please ask in branch for details, or email info@medipill.co.uk.

03 · Security

Where your data is stored, and how it’s kept safe.

We take the security of patient data extremely seriously. Under no circumstances do we sell your personal data to a third party.

Data is stored across several systems, all secured with antivirus software, encryption and firewalls:

Pabau — appointment booking, clinical notes and patient records.
Emails on workstations and our own email server.
Physical files for quotes and contracts (locked & restricted access).
MailChimp — for email-marketing where you have consented to receive newsletters.

We follow generally accepted standards to protect your personal information. Due to the nature of digital transmission, no method of transferring data over the internet or of electronic storage is 100% secure. Therefore we cannot guarantee its absolute security.

04 · YOUR RIGHTS

Your rights under UK GDPR.

You have the following rights over the data we hold about you:

Right to be informed — this policy explains how we use your personal data.
Right of access — you have a right to a copy of the information we hold about you, generally without charge.
Right to correction & completion — you have the right to ask us to correct any inaccurate data and complete any data that is incomplete.
Right to restrict processing — in some cases, you may request to restrict the processing of your personal data.
Right to data portability — you have the right to request your data to be provided to you for your own use.
Right to object — you may object to the processing of your personal data.
Right to erasure — you may request to have your personal data erased, where it does not stop us from complying with legal requirements.
Right to withdraw consent — you may withdraw your consent at any time by contacting us.

To exercise any of these rights, contact us using the details at the bottom of this page.

You may also lodge a complaint with the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

05 · Marketing

Newsletter & opt-out preferences.

If you wish to subscribe to our newsletter you can do so at the time of registration. We use your contact details to send the newsletter and other relevant materials we believe are of benefit to you. You may stop receiving our newsletter at any time by emailing us — or by clicking the unsubscribe link at the bottom of any newsletter.

06 · Cookies

Tracking technologies & cookies.

A cookie is a small text file stored on your device when you open our website. We use cookies to: enable certain functions of the service, provide analytics, and store your preferences. Both session cookies (cleared when you close your browser) and persistent cookies (kept for a defined period) are used.

Third-party cookies. In addition to our own cookies, we use a small number of third-party cookies — for example, Google Analytics — to report usage statistics for our website.

Managing cookies. If you’d like to delete cookies or instruct your web browser to refuse them, please visit your browser’s help pages. Note that if you delete or refuse cookies, you may not be able to use all of the features we offer. You can also manage your initial consent via the cookie banner shown on your first visit.

07 · Processors

Third-party data processors & breach response.

For UK GDPR purposes, MediPill Pharmacy acts as the data controller of your personal data. To operate certain services we use the following third-party data processors, each bound by a Data Processing Agreement that meets Article 28 UK GDPR requirements:

Pabau (Hambrand Technology Company) — appointment booking, clinical notes and patient records. Pabau is GDPR-certified, encrypts data in transit & at rest, applies strict access controls, and is regularly audited.
MailChimp (Intuit Inc.) — only where you have explicitly consented to receive marketing emails.
NHS Spine / EPS — for NHS prescription dispensing (NHS-funded statutory processing).
WordPress.com / hosting — for the operation of medipill.co.uk.

International transfers. Where a processor stores data outside the UK or EEA, we ensure appropriate safeguards are in place — UK adequacy regulations, Standard Contractual Clauses (SCCs), or the UK International Data Transfer Addendum — so your data continues to enjoy UK-GDPR-equivalent protection.

Breach response. In the unlikely event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours of becoming aware of it, and contact affected data subjects where the breach poses a high risk.

08 · CONTACT

Questions about how we handle your data?

Our Data Protection Officer is Raeesah Rajabali, Co-Founder. For any questions, comments or requests about how we handle your data, contact us using the details below:

info@medipill.co.uk

Or speak to your branch

Visit any of our 4 Oxford branches — Botley, Headington, Summertown or Deddington — and ask to speak with the duty pharmacist. See branch contact details & opening hours →

This page was last reviewed on 19 May 2026. We reserve the right to make changes to this privacy policy at any time to reflect the way we handle data at our organisation.