This privacy notice sets out how we use and protect any personal information that you share with us when you make a transaction with us, and sets out the basis, under applicable data protection law (including the General Data Protection Regulation (EU 2016/679), on which we will process any personal data we collect from you.
We are the “controller” of any personal information that you share with us as we make decisions on what information we hold and what we do with it. We are committed to ensuring that your privacy is protected, in line with current applicable data privacy laws. Should we ask you to provide certain information by which you can be identified when using this website and our services, then you can be assured that it will only be used in accordance with this privacy notice. We may change this Notice in the future, if we do we will notify you”.
Should you have a concern regarding our management of your personal data or need further information, please do not hesitate to contact us, you will find our contact details on your electronic transaction receipt.
The Personal Data We Collect
When you make a payment in our store, we collect information about the transaction, which may include personal data and preferences. Information about transactions includes the payment card used, name associated with the payment card, the fact that the purchase was made at our store and the address of our store, date and time of the transaction, transaction amount, and information about the goods or services purchased in the transaction.
For the purposes set out in this Notice, information including personal information detailed below relating to you (“Personal Data”) may be collected and processed by us.
- Transaction based information as mentioned above.
- The goods or services purchased, which may include data relating to health products or health services though this data is not used to profile or identify you and only is used for statistical purposes to provide insight to us as to what products or services were purchased where and when but not by whom.
- Your email address, mobile phone number (if you want an electronic receipt).
- Your marketing preferences, such as whether you wish to receive marketing communications or newsletters.
- Information about your participation in our loyalty program, if you choose to participate
- Other information you provide, such as your birthdate, interests or preferences, reviews, and feedback
- Sensitive personal data
We process your Personal Data you in accordance with this Privacy Notice, a copy of which can be provided on request.
How and Why We Process Your Personal Data
The following tables detail how (“Legal Basis”) and why (“Purposes”) we process your Personal Data. These tables also detail the third-party service providers with whom we share your Personal Data (“Recipients”) and the period that your Personal Data will be stored (“Retention”). We encourage you to read this section.
Legal basis for processing
We obtain, collect and process your Personal Data to:
- To process your transaction for the goods and services you are buying from us including returns/refund.
- Provide you with an electronic receipt.
- Checking for fraud and/or managing our risk.
- Administering our business.
- To help us improve the service we provide to you
– managing our relationship with you
– personalising the way we provide our products and services
– Maintaining records of customers’ purchase history and activity.
– Providing support and maintenance for our products and services.
2. Legal basis
It is necessary to process your Personal Data in order to provide these services to you as follows:
- Contract – to process your transaction for the goods and services you are buying from us.
- Consent – to provide you with an electronic receipt.
- Legitimate Interest – checking for fraud and/or managing our risk
- Legitimate Interest – administering our business.
- Consent – to help us improve the service we provide to you.
Personal Data will be disclosed for these purposes to our third-party service providers. These Recipients may include:
- Clover Network Inc, a member of the First Data group of companies.
- The Royal Bank of Scotland Group and its service providers.
We retain your personal information for as long as necessary to (a) provide our products and services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of any agreement we may have with you. You may contact us for additional information about our data retention practices in connection with the Service.
You may choose not to provide your personal data to us. If you decide not to provide information that we request, in some circumstances we may
Cross-Border Transfers of Your Personal Data
Your data is not transferred outside of Europe.
Your Acknowledgment of this Notice and Your Rights
You have rights which allow you to address any concerns or queries with us regarding our processing of your Personal Data:
Right to Withdraw Consent
You have a right to withdraw your consent, at any time, to our processing of your Personal Data which is based on your consent. Where you exercise this right, our processing of your Personal Data prior to your withdrawal of consent will remain valid.
If you withdraw your consent, we may not be able to provide certain products or services to you.
Right to Object to Processing
In certain circumstances, you have a right to object to our processing of your Personal Data where we process it on the legal bases of: a) our legitimate business interest, including profiling based on our legitimate business interests; or b) your consent to marketing. We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms or where the processing of your Personal Data is required for compliance with a legal obligation or in connection with legal proceedings.
Right of Access
You have the right to access and obtain a copy of the Personal Data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right to Rectification
You have the right to request that we correct any inaccuracies in the Personal Data stored about you.
Right to Erasure
In certain circumstances, you have the right to request that we erase your Personal Data. For example, you may exercise this right in the following circumstances:
- your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
- where you withdraw consent and no other legal ground permits the processing;
- where you object to the processing and there are no overriding legitimate grounds for the processing;
- your Personal Data have been unlawfully processed; or
- your Personal Data must be erased for compliance with a legal obligation.
Where we store your Personal Data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your Personal Data for compliance with a legal obligation or in connection with legal proceedings.
Right to Restriction
You have the right to restrict our processing of your Personal Data where any of the following circumstances apply:
- where you feel that the Personal Data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your Personal Data;
- where the processing is unlawful and you do not want your Personal Data be erased and request the restriction of its use instead;
- where we no longer need to process your Personal Data (e.g. any of the Purposes outlined above have been completed or expire), but we require it in connection with legal proceedings;
- where you have objected to our processing of your Personal Data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.
Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.
Right to Data Portability
You have a right to receive and transfer the Personal Data that you provide to us in a structured, commonly used and machine-readable format where we process your Personal Data on the legal bases of: a) your consent; or b) where it is necessary to perform our contract with you. Where you make such a request, we will directly transfer your Personal Data on your behalf to another controller of your choice (where it is feasible for us to do so).
Right to Object to Automated Decision-Making, including profiling
You have a right not to be subjected to decisions based solely on automated decision-making, including profiling, which produce legal effects concerning you or similarly significantly affects you. We may not be able to comply with such a request where we rely on the legal bases of: a) your explicit consent; or b) where it is necessary to enter and perform our contract with you (as detailed in section 2 above). You will however be entitled to have a person from our team review the decision so that you can query it and set out your point of view and circumstances to us.
If you would like to exercise any of your rights detailed above, please contact using the contact details found on your electronic receipt.
New Purpose / New Use of your Data
We may use your personal data for reasons not described in this Privacy Notice where permitted by law and the reason is compatible with the purpose for which we collected it. If this is the case we will provide you prior to that further processing with information on that other purpose and with any relevant further information.
We may also contact you with marketing communications using the personal data that you provide to us when you make a purchase if you agree to receive them. You can ask us to stop sending you marketing messages at any time by clicking on the opt-out link included in each marketing message or by contacting us.
Compliance, fraud prevention and safety
We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our products and services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Changes to this Notice
We may amend this notice on occasion, in whole or part, at our sole discretion. Any changes to notice will be effective immediately upon sending the revised notice to you by e-mail or SMS.
If at any time we decide to use your Personal Data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail or SMS, and you will have a choice as to whether or not we use your information in the new manner.
Complaints and Concerns
If you have a complaint about our handling of your personal data, you may contact us via the information provided on your electronic receipt.
You may raise any concerns about our processing of your Personal Data with the Information Commissioner Office on https://ico.org.uk/.
Our Contact Details
For questions on how we use your data or to exercise your rights under the legislation you can contact us using the information provided on your electronic receipt.