At Heath Pharmacy, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Heath Pharmacy is a registered UK pharmacy offering NHS and private services, including clinical consultations and treatments.

Data Controller:
Heath Pharmacy
334 - 336 Goswell Road, London, England, EC1V 7RP

2. What Information We Collect

We may collect and process the following types of personal data:

  • Identity & Contact Data: Full name, address, phone number, email.

  • Health & Medical Data: Medical history, vaccination records, allergies, medications.

  • Booking Information: Appointment details, payment history, service requests.

  • Technical Data: IP address, browser type, operating system (via website cookies).

  • Marketing Preferences: Your communication and consent preferences.

3. How We Collect Your Data

We collect personal data when you:

  • Register or book a service through our website or in-store.

  • Contact us by phone, email, or form submission.

  • Visit our website (via cookies and analytics tools).

  • Sign up to marketing or consent to receive reminders.

4. How We Use Your Information

Your information is used to:

  • Provide healthcare services and consultations.

  • Process and manage appointments and prescriptions.

  • Communicate with you about bookings or relevant updates.

  • Meet our regulatory and legal obligations.

  • Send relevant health information or promotions (if you’ve opted in).

We only process special category (health) data when necessary for the delivery of care, under Article 9 of UK GDPR.

5. Lawful Bases for Processing

We rely on the following lawful grounds:

  • Consent: For optional marketing or newsletter communications.

  • Contract: To provide services you’ve requested or booked.

  • Legal obligation: For compliance with healthcare regulations.

  • Vital interests: Where health data is necessary to protect life.

  • Public interest in healthcare: For processing health-related information.

6. Sharing Your Information

We may share your data with:

  • NHS systems and healthcare professionals (as required for care).

  • Third-party service providers (e.g. booking systems, IT, email systems) under strict data protection agreements.

  • Legal or regulatory authorities when required by law.

We never sell your data to third parties.

7. Data Security

We store your data securely using encrypted systems and access controls. Only authorised personnel have access to sensitive information.

8. Data Retention

We retain your personal data only for as long as necessary:

  • Clinical records: As required by law or regulatory standards (typically 8–10 years).

  • Marketing consent data: Until you unsubscribe or withdraw consent.

  • Booking or transactional data: Typically 6 years for financial and audit purposes.

9. Your Rights

You have the right to:

  • Access your personal data.

  • Correct inaccurate information.

  • Request erasure (“right to be forgotten”) in certain situations.

  • Object to processing for direct marketing.

  • Withdraw consent at any time (where consent is used).

  • Lodge a complaint with the Information Commissioner’s Office (ICO).


10. Cookies

Our website uses cookies to enhance user experience and gather analytics. You can manage cookie preferences in your browser settings. For more detail, see our Cookie Policy.

11. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with the updated date.

12. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, contact:

Data Protection Lead
Heath Pharmacy
334 - 336 Goswell Road, London, England, EC1V 7RP