PRIVACY NOTICE

PharmaCare (Europe) Limited respects your privacy and are committed to protecting the security and privacy of your personal data.

This Privacy Notice tells you who we are, how we collect, store, use and disclose (“process) your personal information lawfully and transparently, your data rights and how to exercise them and how to contact our DPO and the ICO. In this privacy notice, “personal data” means Information relating to an individual who can be identified, directly, or indirectly.

We encourage you to read this notice carefully so that you understand how we deal with that information.

Who We Are

PharmaCare (Europe) Limited and its related brands including Bioglan, Bioglan Superfoods, Fat Blaster, Haliborange, Menoflavon, Naturopathica, Real Health, Sambucol, Skin Doctors & Promensil (together we, us, our and other similar expressions) are responsible (i.e. they are the ‘Data Controllers’) for the Personal information we collect about you (including through the www.pharmacareeurope.com website).

We are the European subsidiary of PharmaCare Laboratories a leading company specialised in health & wellness brands distributed worldwide. We provide a diverse range of products within the UK and Europe to various retailers, pharmacies, and online channels.

When providing our products, we take our responsibilities regarding data protection very seriously and are bound by all applicable data protection laws in respect of the handling, processing, and collection of data. All employees who handle personal and business data are fully trained to ensure the data is processed in line with the General Data Protection Regulations 2018 (GDPR) as well as The Data Protection Act 2018 (DPA 2018).

By using the service, you agree to the collection and use of information in accordance with this Policy.

Our Privacy Principles

We are bound by the GDPR (General Data Protection Regulation). We have adopted internal policies and procedures to ensure that personal information that we collect, store, use and disclose is dealt with in accordance with the GDPR. You can see the full text of the GDPR online at https://www.gov.uk/government/publications/data-protection-law-eu-exit or alternatively visit the ICO’s webpage for more information at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/.

Information we collect

The categories of Personal Information we collect will vary, depending on our specific relationship with you, and the context.

In order to provide our customers and consumers with our products and services, we may collect and use personal information about them. If we are not provided with all the personal information we request, we may not be able to supply our products and services to you, and you or your organisation may not be able to participate in future offers of goods or services which we supply.

The typical type of personal information we collect includes;

  • name and surname
  • home/work addresses
  • email addresses
  • Phone number

As an employer we need to collect and hold data about you to enable us to employ you. Appropriate verification checks are undertaken by ourselves, once you accept an offer and complete our hiring forms. If you do not provide the required personal information (or consent to personal information held to us, we will not be able to hire you.

The types of information which we typically collect as part of our checks include:

  • Personal contact details
  • Identification details
  • Right to work
  • References from referees you provide

We may also collect additional details (“sensitive information”) where necessary and where legally permitted. Types of Sensitive information which we will typically collect include:

  • your age
  • gender
  • health data
  • and lifestyle habits

if you partake in marketing surveys and provide consent for us to collect and store this ‘sensitive information.’  Where appropriate or we are required and able to do so, we will ask for your consent before collecting your sensitive information and will take care to let you know the purpose and appropriate lawful basis being relied upon for the processing at the same time. We will put in place enhanced safeguards to protect such sensitive information. You must be over 18 years old to take part in such surveys.

For any events booked through Eventbrite, you can access their Privacy Policy here.

However, credit card numbers are NOT stored in any form by us on any internal or external database – all transactions are completed through a secure payment gateway. We will retain your order information for 5 years.

Our Payment Service Provider is Sage Pay (formerly Protx) – the largest independent payment service provider (PSP) in the UK and Ireland. Sage Pay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way. Sage Pay uses a range secure method such as fraud screening, I.P address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards. Sage Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable. Sage Pay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation. In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL. So, when buying through our sites, you can be sure that you are completely protected.

How we collect personal information

Generally, we collect your personal information directly from you. For example, we may collect information from you when you register an account on our website or sign up to our email marketing database, or when you provide us with information, whether in person, by telephone, online, in writing or information from third parties such as previous and current employers.

If you submit an order (including by telephone or online), we will collect information necessary to fulfil that order.

How we store and dispose of your personal information

We understand the importance of keeping your Personal Information secure.

We take all reasonable steps to keep secure any personal information which we hold about you and to protect your personal information from loss, misuse, or unauthorised alteration. Any personal information you provide to us is stored on secure servers. We also maintain physical security procedures to manage and protect the use and storage of records containing personal information.

Our employees are obliged and trained to respect the confidentiality of any personal information held by us.

To help us protect your privacy, you should maintain the secrecy of the usernames and passwords you use to access and use our websites.

We do not record general/telephone order calls to our main number or others.

Where we have your personal data acting in our capacity as a controller, we will delete your personal data that is no longer needed securely in accordance with our Data Retention Policy. Our Data Retention Policy and Schedule are available upon request, or as otherwise required by data protection legislation: including where you choose to exercise your rights as a data subject (see ‘Your Data Protection Rights’ section for more information).

Where we have your personal data acting in our capacity as a processor, we will delete your personal data in accordance with the controller’s instructions, or as otherwise required by data protection legislation. If we are required by law to retain your personal data, we will inform the controller of this legal obligation.

Security

We operate a range of technical and procedural controls to safeguard your personal information (including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage. In particular;

  • The use of (a) firewall, encryption, filtering, vulnerability scanning tools; (b) physical and technical controls on, and monitoring of, access to our premises and systems.
  • We only engage reputable suppliers. We undertake appropriate security measures and regulatory compliance and due diligence to enter into appropriate contracts.
  • Where personal information is transferred to our offices in other countries, we will put appropriate safeguards in place to ensure the lawfulness and security of the transfer. Where required under applicable laws, we will seek your consent to transfer.

The transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our websites – and any such transmission is at your own risk.

If a data breach (leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, your personal information) occurs which is likely to result in a high risk of adversely affecting your rights and freedoms, we will inform you of this without undue delay.

Where legally permitted, any such notifications will me made either via email, post, or telephone.

Purpose of collection

Before processing any personal data, we ensure that at least one lawful basis under GDPR is met. We will not disclose personal data for any purpose other than what the data was originally collected for; unless there is an overriding legal basis that enables this processing.

We may collect, hold, and use personal information collected so we can:

  • meet our legal obligations;
  • identify our customers, potential customers, and their representatives as well as the consumers of our products;
  • provide our products and services;
  • communicate with you;
  • inform you about our products and services, the benefits of using our products and about offers or other benefits that may become available;
  • seek your opinion or comments about our products and services;
  • carry out billing and debt recovery activities;
  • carry out our management, administrative, quality assurance and complaint handling activities in a professional and efficient manner;
  • develop and implement initiatives to improve our products and services; and
  • contact you to enable us to manage your account (if any) and fulfil our obligations to you or your organisation.
  • management of staff and payroll administration
  • to determine the suitability of employment

PharmaCare (Europe) Limited is the controller of your personal information that you provide via this website, unless otherwise stated.

Lawful basis

The UK and EU GDPR require us to communicate the lawful justifications for which we process your personal information. Where PharmaCare (Europe) Limited act as data controllers, the lawful basis for processing is either:

Consent:  When the consent is obtained by the company for processing Personal Data, the consent is expressed as a valid legal basis while given freely; understandably and clearly; clearly distinctly from other information; and actively, meaning that pre-ticked boxes are not valid for a particular and revocable purpose.

Contract: the processing is necessary for a contract PharmaCare (Europe) Ltd have with the individual, client, or organisation in the provision of a contract, or because they have asked PharmaCare (Europe) Ltd to take specific steps before entering into a contract.

Legal obligation: the processing is necessary for PharmaCare (Europe) Ltd to comply with the law (this applies to additional regulation, such as HMRC guidance). Where PharmaCare (Europe) Ltd are data processors acting on written instructions of a data controller that is relying on a ‘legal obligation’ basis, PharmaCare (Europe) Ltd will verify the data controller has confirmed this lawful basis for processing before completing any activity on the controller’s behalf.

Legitimate Interests: the processing is necessary for PharmaCare (Europe) Limited’s legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Disclosure

We usually disclose the personal information we collect to our related entities, service providers and contractors that help us supply our products and services. For example, we may disclose the personal information we collect to our information technology providers (including database and cloud services providers), providers of marketing and promotional services, professional advisers such as legal practitioners and accountants, debt collectors and insurers.

Except as indicated above, we will not disclose your personal information to a third party unless:

  • you have consented to the disclosure;
  • the third party is our service provider or contractor, in which case we will contract with them to use and disclose the personal information only for the purpose for which it was provided to them and/or under our instructions;
  • the third party is a person involved in a dealing or proposed dealing (including a sale) of all or part of our assets and business;
  • the disclosure is permitted, required, or authorised by or under law.

As an international Group, we may share certain personal information across the PharmaCare Group subject to appropriate safeguards.

Marketing

In some circumstances we may use personal information to advise you of new products and marketing initiatives that we think may be of interest to you. This could include product or service offerings, newsletters, and general information about us.

We generally rely on our legitimate interests to process your Personal Information for marketing purposes.

When we plan or propose to market to you, we will do so within the applicable laws, either seeking your informed consent, or, where you create a customer account or order goods or services from us, under permitted ‘soft opt-in’ rules. If you prefer not to receive information about our products and services, you will either be able to decline our marketing up front, or you have the right to ask us at any later point to be removed from the relevant circulation list or not to process your personal information by exercising the right at any time by contacting us using the contact details listed below or follow the ‘unsubscribe’ link at the bottom of all our PharmaCare (Europe) Ltd group marketing emails.

We will never disclose personal information to a third party for the purpose of allowing them to direct market their products or services to you unless you have first expressly consented to that disclosure.

We may contact you from time to time for market research purposes, as this is an important part of our continuing product and service development. We may contact you by email, phone, or mail, and could also use the information we collect from you to customise our websites according to your interests.

Access, quality, and correction 

If at any time you want to know what personal information we hold about you, you are welcome to request access to that information by contacting us via the contact details listed below.

We always try to make sure that the information we hold about you is accurate, complete and up-to-date. If at any time you believe the personal information that we hold about you is incomplete or inaccurate, please let us know by contacting us at the contact details listed below. We will then use all reasonable efforts to correct the information as quickly as possible.

Websites and cookies

To ensure we are meeting the needs and wants of our website users, and to develop our online services, we collect aggregated information by using cookies or similar electronic tools.

Cookies are unique identification numbers like tags that are placed on the browser of our website users. These cookies are used to retain login and location information in order to make your experiences more convenient and personal. No other business or organisation has access to our cookies.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

We do not use this technology to access your personal information in our records. You can find out more about the way cookies work on www.cookiecentral.com and www.allaboutcookies.org.

Our lawful basis for processing personal data via cookies is consent. The legitimate interest sought is administration, statistical analysis, and enhancement of our website.

Links To Third Party Sites

Our site may contain links to websites, applications, products, or services that are operated by third parties (Twitter, LinkedIn, YouTube).

Therefore, we hereby inform you that this document does not extend to these third parties. Once you have used these links to leave our site, you should note that we do not have any control over that website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and read the privacy policies, procedures, and practices of these third parties.

Complaints

We are committed to constantly improving our procedures so that your personal information is treated appropriately. If you feel that we have failed to deal with your personal information in accordance with this notice or the GDPR, please contact us at the contact details listed below so we have an opportunity to resolve the issue to your satisfaction.

Our privacy officer will:

  • listen to your concerns and grievances;
  • discuss with you the ways in which we can remedy the situation; and
  • put in place an action plan to resolve your complaint and improve our information handling procedures if appropriate.

Your Data Protection rights

Under data protection law, you have rights which are linked to the lawful bases we identify for data processing:

  • Your right to be informed – You have the right to be informed about how your personal data is collected and used.
  • Your right of access – You have the right to ask us for copies of any personal data that we hold about you.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate or misleading. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances; also known as ‘the right to be forgotten.’
  • Your right to restriction of processing – You have the right to ask us to restrict further processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information or certain processing activities in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

If you make a request, we will endeavour to respond to you within one month, though we reserve the right to seek to extend this or charge a ‘reasonable fee’ (such as for administrative costs of complying with a request if it is manifestly unfounded or excessive) within the remit of the law.

See below for contact details if you wish to make a request.

Contact us

If you require more detailed information about how we deal with personal information, or if you have any concerns about how we have dealt with your personal information, please let us know by contacting us at:

PharmaCare Europe Ltd.,
Unit 3, Dialog, Fleming Way
Crawley, West Sussex, RH10 9NQ

Email: dp@pharmacareeurope.com

Telephone: 01293850210

You can also complain or approach the UK regulator the ICO if you not satisfied with our response or believe we are not processing your personal in accordance with the law. For further guidance please go to: www.ico.or.uk/concerns.

The ICO’s address:

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

Helpline number: 0303 123 1113

https://www.ico.org.uk

Privacy Officer

Email: dp@pharmacareeurope.com

We will respond to your concerns as quickly as possible.

Additional Information

This version was last updated and reviewed in March 2024.

As our business evolves, our business processes and policies will be reviewed and may be amended for any industry changes which may impact our business operations or your rights and freedom. We may change this policy at any time, where we deem it appropriate. We will notify you of any changes by posting an updated version of the policy on our website. Please be aware that it is your responsibility to check our website and review this page periodically to make sure you keep up to date with any changes to this policy.

We are legally known as PharmaCare (Europe) Limited, and our registered office is at The Old Rectory, Church Street, Weybridge, Surrey, KT13 8DE. We are registered in England and Wales under company number 06408300. ICO Registration ZA342818