Day Lewis PLC (“We”) are committed to protecting and respecting your privacy.
For the purpose of the General Data Protection Regulations GDPR Act, the data controller is Day Lewis PLC of 2 Peterwood Way, Croydon CR0 4UQ.
Our Data Protection Officer is Michael Cann and can be contacted at firstname.lastname@example.org.
Information we may collect from you
We may collect and process the following data about you:
Information you give us.
You may give us information about you by filling in forms on our site www.daylewis.co.uk (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, [participate in discussion boards or other social media functions on our site], and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.
Information we collect about you.
With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources.
We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we shall have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Uses made of the information
We use information held about you in the following ways:
Information you give to us
We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the registration form);
- to notify you about changes to our service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you
We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources
We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Day Lewis PLC or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Where we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password, which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
ACCEPTABLE USE POLICY
This acceptable use policy sets out the terms between you and us under which you may access our website www.daylewis.co.uk (our site). This acceptable use policy applies to all users of, and visitors to, our site.
Your use of our site means that you accept, and agree to abide by, all the policies in this acceptable use policy, which supplement our terms of website use https://www.daylewis.co.uk/termsconditions.
www.daylewis.co.uk is a site operated by Day Lewis PLC (“We”). We are registered in England and Wales under company number 01202866 and have our registered office at 2 Peterwood Way, Croydon, Surrey CR0 4UQ. Our main trading address is Day Lewis House, 2 Peterwood Way, Croydon, Surrey CR0 4UQ. Our VAT number is 100117200.
We are regulated by:
- GPhC – General Pharmaceutical Council
- MHRA – Medicines and Healthcare Regulatory Agency
- HSE – Health and Safety Executive
- Care Quality Commission
- Information Commissioners Office
You may use our site only for lawful purposes. You may not use our site:
- In any way that breaches any applicable local, national or international law or regulation.
- In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect.
- For the purpose of harming or attempting to harm individuals in any way.
- To send, knowingly receive, upload, download, use or re-use any material, which does not comply with our content standards.
- To transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam).
- To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.
You also agree:
- Not to reproduce, duplicate, copy or re-sell any part of our site in contravention of the provisions of our terms of website use https://www.daylewis.co.uk/termsconditions.
- Not to access without authority, interfere with, damage or disrupt: o any part of our site; o any equipment or network on which our site is stored; o any software used in the provision of our site; or o any equipment or network or software owned or used by any third party.
We may from time to time provide interactive services on our site, including, without limitation:
- Chat rooms.
- Bulletin boards.
Where we do provide any interactive service, we will provide clear information to you about the kind of service offered, if it is moderated and what form of moderation is used (including whether it is human or technical).
We will do our best to assess any possible risks for users (and in particular, for children) from third parties when they use any interactive service provided on our site, and we will decide in each case whether it is appropriate to use moderation of the relevant service (including what kind of moderation to use) in the light of those risks. However, we are under no obligation to oversee, monitor or moderate any interactive service we provide on our site, and we expressly exclude our liability for any loss or damage arising from the use of any interactive service by a user in contravention of our content standards, whether the service is moderated or not.
The use of any of our interactive services by a minor is subject to the consent of their parent or guardian. We advise parents who permit their children to use an interactive service that it is important that they communicate with their children about their safety online, as moderation is not fool proof. Minors who are using any interactive service should be made aware of the potential risks to them.
Where we do moderate an interactive service, we will normally provide you with a means of contacting the moderator, should a concern or difficulty arise.
These content standards apply to any and all material, which you contribute to our site (contributions), and to any interactive services associated with it.
You must comply with the spirit and the letter of the following standards. The standards apply to each part of any contribution as well as to its whole.
- Be compliant with The Children’s Code (Age Appropriateness Design Code)
Be accurate (where they state facts).
- Be genuinely held (where they state opinions).
- Comply with applicable law in the UK and in any country from which they are posted.
Contributions must not:
- Contain any material which is defamatory of any person.
- Contain any material which is obscene, offensive, hateful or inflammatory.
- Promote sexually explicit material.
- Promote violence.
- Promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.
- Infringe any copyright, database right or trade mark of any other person.
- Be likely to deceive any person.
- Be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
- Promote any illegal activity.
- Be threatening, abuse or invade another’s privacy, or cause annoyance, inconvenience or needless anxiety.
- Be likely to harass, upset, embarrass, alarm or annoy any other person.
- Be used to impersonate any person, or to misrepresent your identity or affiliation with any person.
- Give the impression that they emanate from us, if this is not the case.
- Advocate, promote or assist any unlawful act such as (by way of example only) copyright infringement or computer misuse.
SUSPENSION AND TERMINATION
We will determine, in our discretion, whether there has been a breach of this acceptable use policy through your use of our site. When a breach of this policy has occurred, we may take such action as we deem appropriate.
- Immediate, temporary or permanent withdrawal of your right to use our site.
- Immediate, temporary or permanent removal of any posting or material uploaded by you to our site.
- Issue of a warning to you.
- Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
- Further legal action against you.
- Disclosure of such information to law enforcement authorities as we reasonably feel is necessary.
We exclude liability for actions taken in response to breaches of this acceptable use policy. The responses described in this policy are not limited, and we may take any other action we reasonably deem appropriate.
CHANGES TO THE ACCEPTABLE USE POLICY
We may revise this acceptable use policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make, as they are legally binding on you. Some of the provisions contained in this acceptable use policy may also be superseded by provisions or notices published elsewhere on our site.
DAY LEWIS MOBILE PHONE APP PRIVACY NOTICE
The Day Lewis Pharmacy App needs to access certain information held on your phone in order to work as fully intended. By downloading the Day Lewis Pharmacy App, you are giving Day Lewis Pharmacy permission to collect information held in your phone and some of the device’s functions. We guarantee that we only use these permissions to provide the app and the services you signed up for.
What type of information do we collect?
We collect information that you give us to process your order and to better understand how services are used. The main types of information we collect are outlined below:
Personal information – such as name, address, date of birth and GP details
Contact information – including phone number and email address. Your email address is used to send you notifications about your order and communications to help you take your medications correctly.
Medication profile – this includes medications you are on/ have been on and are prescribed. Along with information about your heath that is considered sensitive.
Exemption details – if you don’t not pay for your prescriptions.
Payment details – for prescription charges if you pay for your medication.
Preferred delivery address – which we will pass onto our delivery drivers to facilitate delivery.
Please note we do not share this information with any other party.
Your GP’s address – we use this information to send your order directly to your registered GP, in order to fulfil your order request.
Technical information – such as glitches and crash data so we can understand issues and improve our service.
Behavioural data – such as when you access the Day Lewis Pharmacy App and what actions you take within the app. This information helps us to improve the services we offer to our users.
How do we collect your information?
The information listed above is collected with your interaction with the app, through registration, login and continuous use of the app.
Why do we process your information?
Day Lewis Pharmacy App only collects your information to provide you with our services, in order to help you order and keep track of your prescriptions and to dispense your medication. We take our data protection responsibility very seriously and will only process your information for clear and lawful purposes.
Device ID and identity for the users:
The Day Lewis Pharmacy App captures information about the device it’s installed on, such as model & make of your phone, the phones operating system and the version of the app installed. This allows Day Lewis Pharmacy to accurately notify you when relevant updates are available for the version you are operating. The app also captures a device ID preference which allows us to send notifications to your device, if you have agreed for us to do so.
If you have given the Day Lewis Pharmacy App access to location services, such as GPS or location from the network, the app will use this data to improve the functionality of specific features such as the ‘Pharmacy Finder’. The app can access two different location options: ‘approximate’, where location is determined by accessing the network from your device, and ‘precise’, where GPS data is used in addition to network data for more accurate positioning.
Phone and call information:
The Day Lewis Pharmacy App can access the phone dialer on your device to enable you to make calls directly from the app environment. For example, this may be to call Customer Services Team, your GP and your local Day Lewis Pharmacy.
Wi-Fi, network connections and internet data:
The Day Lewis Pharmacy App needs a connection to the internet in order to operate, therefore the app will access data services on your device. It will connect to available Wi-Fi networks, if Wi-Fi is active on the device. If the app cannot use an available Wi-Fi network, data will be retrieved from the network using the devices 3G, 4G or 5G connections.
Prevent device from sleeping & vibration control:
The Day Lewis Pharmacy app can, if required, prevent the device from sleeping to ensure the app can still receive notifications even when the device is not awake.
The Day Lewis Pharmacy App can also access the devices ability to vibrate. So, a vibration alert can be provided when a notification is received.
Monitoring the functioning of the Day Lewis Pharmacy App:
To monitor the Day Lewis app, MedAdvisor currently uses Fabric Crashlytics and later in November 2020 they will be moving to Firebase Crashlytics. Additionally, to monitor the overall health and performance of the MedAdvisor system, MedAdvisor uses AWS CloudWatch, Sumo Logic, DataDog and the SEIM. Cloudwatch & SEIM are both in AWS, so no patient data leaves the environment.
Use of NHS Login
Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity. To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.
Who your data is shared with:
Day Lewis Pharmacy App does not sell, trade or rent your information to third parties. We will share your information to service providers working on our behalf to deliver patient services, or to meet certain other requirements, such as to comply with the law. We will never share your information with any third parties for marketing, advertising, or any other purposes.
You have the option to opt out of being contacted by the Day Lewis Pharmacy App for marketing. If at any point you would like to opt out of certain communications, you can do so by clicking on a marketing messages opt-out link which will be provided at the bottom of the marketing emails sent from Day Lewis. This opt-out will be recorded against the patient’s profile in the database.
How to delete the app:
If the patient no longer wants to use the Day Lewis App, they can delete or uninstall the app. This will move their account status to inactive after 1 year. The patient account data will be retained for a period of one (1) year for operational purposes before all data will be anonymized. The data that Day Lewis can delete depends on the type of data and reason for processing.
How your data is kept secure:
Day Lewis Pharmacy recognise the importance of keeping information collected about you safe and secure. Data is stored on secure cloud servers within the UK. Data will be visible to appropriately authenticated patients via mobile Apps, and to Day Lewis Pharmacies.