Introduction
Compounding Lab Ltd (company number 14572347), trading as Compounding Chemist, is a provider of pharmacy services to private prescribers who are registered to prescribe in the UK. It is registered with the ICO, number 00012898552. Compounding Chemist operates from HUB-30 Londoneast-UK Business and Technical Park, Yew Tree Avenue, Dagenham, London, RM10 7FN. We can be contacted on 020 3773 2729 or info@cchemist.com.
You are confirming that you agree to the terms of our privacy policy when you use our services or our website. Please contact us at info@cchemist.com if you have any questions.
Patient Data
Personal information, including sensitive personal data relating to a patient, is shared with us by a prescriber for the purpose of fulfilling a prescription or a retail order. The data provided may include the patient’s name, address, contact details, date of birth, any relevant medical history and the items ordered by the prescriber. This personal information is subject to the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). We are committed to protecting the privacy and confidentiality of this personal data and will only use it for the purposes for which it was provided. We will also ensure that appropriate security measures are in place to protect this data from unauthorised access or disclosure. Any further processing of this personal data will be carried out in accordance with the GDPR and the DPA.
Processing patient data
The lawful basis for processing a patient’s personal data, including sensitive personal data relating to their health, is that it is necessary for the legitimate interests pursued by the data controller, in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR). In this case, the legitimate interest is the provision of healthcare treatment to the patient. It is important to note that medical data is classified as ‘sensitive personal data’, and is subject to additional safeguards under the GDPR and the Data Protection Act 2018 (DPA). Our pharmacists, or a technician working under their supervision, are responsible for the processing of this sensitive personal data in order to provide the requested treatment. We are committed to ensuring that appropriate security measures are in place to protect this sensitive personal data from unauthorised access or disclosure, and that any further processing of this sensitive personal data will be carried out in accordance with the GDPR and the DPA.
Use of patient data
We use a patient’s personal data, including sensitive personal data relating to their health, to provide the goods and services requested by a prescriber or by the patient directly. This includes fulfilling the prescription and order, taking payments, arranging delivery, and providing information updates in relation to the order. The processing of this personal data is necessary for the performance of a contract with the patient, or for the legitimate interests pursued by the data controller, in accordance with Article 6(1)(b) and (f) of the General Data Protection Regulation (GDPR).
Where a prescriber deems it necessary to pass us relevant medical history, it is to inform our pharmacists about relevant conditions or medicines that a patient may already be taking, which could have an impact on, or interaction with, any prescribed medication. Equally, we may pass information to a prescriber about any adverse reaction or sensitivity to certain ingredients that a patient may have told us about. These exchanges are made with the purpose of safeguarding health and improving the personalisation of the medication.
Storing patient data
We retain records of patient personal data, including sensitive personal data relating to their health, on our systems, which are protected by password access and securely hosted on cloud-based servers within the European Union (EU). This personal data is subject to the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), and is processed in accordance with the lawful bases for processing set out in the GDPR.
Under the Human Medicines Regulations 2012, we have a legal duty to retain records of patient data for a minimum period of five years, and in some cases, for longer. This retention period is necessary to comply with our legal obligations, and is supported by appropriate technical and organisational measures to ensure the security and confidentiality of this personal data. We are committed to ensuring that personal data is retained only for as long as necessary, and that appropriate measures are in place to securely dispose of this personal data when it is no longer required.
Sharing patient data
We take the protection of patient personal data very seriously and will only share this data with other organisations where it is necessary for the provision of our services or related services, such as delivering the order, or where there is a legal requirement to do so. In such situations, we will provide only the essential information required to deliver the service or comply with the law, in accordance with the GDPR and the DPA.
Compounding Chemist will not sell the patient data that it holds to any third-party organisation for any reason. Any third-party organisation that has access to patient data is strictly prohibited from using this data for their own commercial purposes. Therefore, patients and prescribers should not be contacted by any of our third-party suppliers for marketing purposes or any other purpose unrelated to the service they are providing for Compounding Chemist.
If a patient or prescriber receives any contact from a third-party supplier that is not related to the service they are providing for Compounding Chemist, they should inform us as soon as practicable, and we will take appropriate action. We are committed to ensuring that patient data is treated with the utmost care and respect, and we have appropriate technical and organisational measures in place to ensure that this data is kept secure and confidential.
Security
At Compounding Chemist, we understand the importance of protecting patient data, and we take this responsibility very seriously. Our offices are located within a secure building, and our operating procedures are designed to protect the data that we hold. We have implemented appropriate security measures to ensure that our physical and electronic systems are protected from unauthorised access or use.
Occasionally, it may be necessary to transfer patient data to a third party for specific services, such as delivery. While we have data agreements in place with our suppliers to ensure the security of such data transfers, we cannot be held liable for any breaches of data security that occur through the use of communication channels such as telephone, email, or the internet.
As part of our commitment to protecting patient data, we are participating in a pilot program that aims to improve the security of electronically archived data. Through this program, we are exploring new ways to reduce the risk of security breaches and protect patient data.
Right to request access
Compounding Chemist respects the rights of patients with respect to their personal data. Patients have the right to request a copy of their personal information from us. We will provide this information within one month of the request being made, and in most cases, there will be no charge for this service.
In order to process such requests, we will need to identify the requestor to prevent fraudulent requests. We will require basic personal information from the requestor, as well as a current and valid passport or driving license as proof of identification.
Right to request changes
Compounding Chemist recognises the importance of accurate personal data and respects the rights of patients to request changes to their personal data when it is incorrect. Patients have the right to make such requests by emailing info@cchemist.com and clearly stating the requested change and the reason for it.
Compounding Chemist reserves the right to request additional information or evidence to validate the request or decline the request should there be insufficient evidence to endorse the change.
Changes to the Privacy Policy
Compounding Chemist takes data protection seriously and regularly reviews and updates its privacy information as necessary. In the event that we plan to use patient data for a new purpose, we will communicate these changes to all affected individuals before starting any new processing. We recommend that patients regularly check this privacy policy to stay informed of any changes that have been made.
Marketing communications
At Compounding Chemist, we respect the privacy of our patients and prescribers. We will only send marketing information and updates to individuals who have given us their express permission to do so. We never sell personal or medical data to third parties.