Cloud PharmacyUK ONLINE PHARMACYCloud Pharmacy

Privacy policy

Last updated: 1 January 2025

Cloud Pharmacy ("we", "us") is a UK online pharmacy. We take the privacy of your personal and health information seriously. This policy explains what we collect, why we collect it, how we use it and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who is the data controller?

Cloud Pharmacy is the data controller for the personal information collected through this website. You can contact our data protection lead at dpo@cloudpharmacy.co.uk.

What we collect

  • Account & contact details — name, email, phone, delivery address.
  • Health information — answers from your online consultation, information about medicines you take and conditions you have, used by clinicians to decide whether treatment is appropriate.
  • Order & payment information — products ordered, prices, delivery preferences. Payment is made by UK bank transfer or cash on delivery — we never collect or store card numbers.
  • Technical data — IP address, browser, device, pages visited, referrer. Used to operate the website and prevent fraud.

Why we use it

  • To provide a clinician review and dispense medicines safely.
  • To process and deliver your orders and handle refunds.
  • To answer your questions and provide customer care.
  • To keep records required by our regulators (the GPhC and MHRA).
  • To improve our service and, where you have consented, send you marketing emails.

Legal bases (UK GDPR)

We process personal data on the following bases:

  • Contract — to provide the service you have asked for.
  • Legal obligation — record-keeping required by pharmacy regulation.
  • Vital interests — for clinical safety where you cannot give consent.
  • Consent — for marketing communications and non-essential cookies.
  • Legitimate interests — to keep the website secure and to improve it.

How long we keep your information

We keep clinical records for the period required by UK pharmacy regulators, currently 10 years for adult records (longer for paediatric records). Account information is kept while your account is open and for 6 years afterwards. Marketing preferences are held until you unsubscribe.

Who we share it with

  • UK-registered clinicians who review your consultation.
  • The dispensing pharmacy and our delivery partner.
  • Service providers (Resend for email, hosting partners and our delivery courier) under written data-processing agreements.
  • Regulators, the police or the courts where the law requires it.

We never sell your information.

International transfers

Where our service providers process data outside the UK, we rely on UK adequacy decisions or the International Data Transfer Addendum to the EU Standard Contractual Clauses.

Your rights

You have the right to:

  • Access a copy of your personal data.
  • Ask us to correct inaccurate data.
  • Ask us to delete data we no longer need (this does not apply to clinical records we are required to keep).
  • Object to processing or ask us to restrict it.
  • Withdraw marketing consent at any time.
  • Complain to the Information Commissioner's Office.

To exercise any of these rights, email dpo@cloudpharmacy.co.uk.

Cookies

We use a small number of essential and analytics cookies. See our Cookies policy for details.

Changes to this policy

We may update this policy from time to time. When we make material changes we will email registered customers and update the "last updated" date above.