Privacy Policy

Introduction

nfpharmacy.co.uk (our website) is provided by Norton Fitzwarren Pharmacy ('we', 'our' or 'us'). We are the controller of personal data obtained via our website, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website. It also explains your rights in relation to your personal data and how to contact us in the event you have a complaint.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).

This version of our privacy policy is primarily written for adults, including parents and guardians of child users.

What This Privacy Policy Applies To

This privacy policy relates to your use of our website only.

Personal Data We Collect

When you interact with the website, certain information may be collected in order to operate the website and provide services effectively.

Personal Information

You may choose to provide personal information when completing forms, registering for services, contacting the pharmacy, or engaging with features on the website. This information may include your name, contact details, address, and other information that you voluntarily submit.

Providing this information is optional, however some services may not be available if the required details are not supplied.

Technical and Usage Information

Certain technical information may be collected automatically when you visit the website. This can include your IP address, browser type, device information, operating system, access times, and the pages you view before or after visiting the website.

This information helps us understand how the website is used and allows us to improve performance and user experience.

Payment Information

If you make purchases or pay for services through the website, payment details may be processed by external payment providers. We do not normally store full payment card information on our systems. Payment providers handle payment processing in accordance with their own privacy and security policies.

Mobile Device Information

If the website is accessed from a mobile device, limited device information such as device type, model, and system information may be collected in order to ensure the website functions correctly.

Information From Third Parties

In some circumstances, information may be received from third-party services where you have authorised such access. This may occur when connecting accounts or interacting with services provided through integrated platforms.

How And Why We Use Your Personal Data

Under data protection law, we can only use your personal data if we have a proper reason, eg:

• where you have given consent
• to comply with our legal and regulatory obligations
• for the performance of a contract with you or to take steps at your request before entering into a contract, or
• for our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

Information collected through the website may be used for a variety of legitimate purposes, including:

• Providing pharmacy services and responding to enquiries
• Operating, maintaining, and improving the website
• Communicating important updates or service information
• Processing payments or service requests
• Preventing fraud, abuse, or security incidents
• Enforcing legal rights or defend or undertake legal proceedings
• Monitoring usage patterns and website performance
• Responding to customer support requests
• Protecting the security of systems and data used to provide the services
• Statistical analysis to help us understand our customer base
• Complying with legal or regulatory obligations

Special Category Data

Certain personal data we collect is treated as a special category to which additional protections apply under data protection law; including data concerning your health.

Disclosure of Information

We may share information where it is necessary for operational, legal, or service-related purposes.

Legal Requirements

Information may be disclosed where required to comply with applicable laws, regulations, legal processes, or lawful requests by public authorities.

Service Providers

Certain third-party organisations may assist with services such as website hosting, payment processing, communications, analytics, or technical support. These providers may process information on our behalf under appropriate confidentiality and data protection obligations.

Business Partners

Where services are delivered in collaboration with trusted partners, limited information may be shared as necessary to provide those services.

Protection of Rights

Information may be shared where reasonably necessary to investigate fraud, enforce policies, protect users, or defend legal claims.

PharmAppy Platform Services

The website may operate using technology and infrastructure provided by PharmAppy Services Limited. In such cases, certain technical or operational data may be processed within systems operated by PharmAppy Services Limited in order to maintain platform functionality, security, and performance. PharmAppy Services Limited acts as a technology provider and processes information solely for the purpose of operating and supporting the platform.

Cookies and Tracking Technologies

The website may use cookies and similar technologies to improve functionality and user experience.

Cookies are small data files stored on your device that allow websites to recognise returning users and understand how visitors interact with pages.

These technologies may be used to:

• Maintain essential website functionality
• Remember user preferences
• Analyse site usage and performance
• Improve services and content

Most web browsers allow cookies to be managed or disabled through browser settings. However, disabling cookies may affect certain features of the website.

Third-Party Websites

The website may include links to websites operated by third parties. Once you leave the website, this Privacy Policy no longer applies.

We are not responsible for the privacy practices or content of external websites. You should review the privacy policies of any third-party websites before submitting personal information.

Transferring Your Personal Data out of the UK

Countries outside the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.

It is sometimes necessary for us to transfer your personal data to countries outside the UK. In those cases we will comply with applicable UK laws designed to ensure the privacy of your personal data.

Under data protection laws, we can only transfer your personal data to a country outside the UK where:

• the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an 'adequacy regulation') further to Article 45 of UK GDPR.
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or
• a specific exception applies under relevant data protection law

Where we transfer your personal data outside the UK we do so on the basis of an adequacy regulation or (where this is not available) legally-approved standard data protection clauses recognised or issued further to Article 46(2) of UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.

Security of Information

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.

However, no internet-based system can guarantee absolute security. While we take appropriate precautions to protect information, transmission of data online carries inherent risks.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your Data Rights

You generally have the following rights, which you can usually exercise free of charge:

• Request access to the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of personal data where appropriate
• Request restriction of processing your personal data
• Request the transfer of your personal data to you or to a third party
• To object to processing of your personal data
• Not to be subject to automated individual decision-making
• The right to withdraw consent

Requests relating to your personal information can be submitted using the contact details provided below.

Retention of Information

Personal information will be retained only for as long as necessary to fulfil the purposes outlined in this policy, including meeting legal, regulatory, or operational requirements.

Changes To This Privacy Policy

This privacy policy was last updated on 12 April 2026.

We may need to update this Privacy Policy from time to time. If the change is material, we will place a prominent notice on our website or update you by other appropriate means.

Keeping Your Personal Data Accurate And Up To Date

It is important that the personal data we hold about you is accurate and up to date. We may ask you to confirm updates to your personal data from time to time but please keep us informed if your personal data changes during your relationship with us.

Please inform us of any changes in your data.

Contact Information

If you have questions regarding this Privacy Policy or how your information is handled, please contact: