Policy

Consumer Privacy Policy

Last Updated: 12-07-2023

This Consumer Privacy Policy (“Policy”) outlines the practices of Meds for Less Limited (“we,” “us,” or “our”) regarding the collection, use, and disclosure of personal information when you use our website www.medsforless.co.uk (the “Website”) and any associated services (collectively, the “Services”). We are committed to protecting your privacy and handling your personal information responsibly.

By accessing or using our Website and Services, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please refrain from using our Website and Services.

1. Information We Collect

1.1 Personal Information: We may collect personal information that you provide to us voluntarily, such as your name, email address, postal address, telephone number, date of birth, and any other information you choose to provide when using our Website and Services.

1.2 Health Information: In the context of providing healthcare-related services, we may collect and process sensitive personal information, including medical history, health conditions, prescriptions, and any other health-related data necessary for the provision of our Services.

1.3 Usage Information: When you visit our Website or use our Services, we may automatically collect certain information about your device, browser, IP address, and your interactions with our Website and Services. This information is collected through cookies, web beacons, and similar technologies.

2. Use of Information

2.1 We may use the personal information we collect for the following purposes:

To provide and improve our Services, including customer support.
To process and fulfil your requests, orders, and appointments.
To communicate with you about our Services, including updates, promotions, and administrative messages.
To personalise your experience on our Website and tailor our Services to your needs.
To conduct research and analysis to improve our products and services.
To comply with legal obligations and enforce our rights.

2.2 We will only process sensitive health information as necessary to provide the requested Services, with your consent, or as permitted by applicable laws and regulations.

3. Disclosure of Information

3.1 We may share personal information in the following circumstances:

With our trusted service providers who assist us in operating our Website and providing our Services, subject to confidentiality obligations.
With healthcare professionals, providers, and organizations involved in your healthcare to facilitate the provision of healthcare services.
With your explicit consent, when required by law, or as necessary to protect our rights, safety, or the rights, safety, or well-being of others.

3.2 We will not sell, rent, or lease your personal information to third parties without your consent, except as disclosed in this Policy.

4. Security Measures

4.1 We implement appropriate technical and organizational measures to protect the security and confidentiality of your personal information. However, please note that no method of transmission over the internet or electronic storage is completely secure.

4.2 We cannot guarantee the absolute security of your personal information, and you provide information at your own risk. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately.

5. Your Choices

5.1 You have certain rights regarding the personal information we hold about you, including the right to access, update, and delete your personal information. To exercise these rights, please contact us using the information provided at the end of this Policy.

5.2 You may choose to opt out of receiving promotional communications from us by following the instructions in the communications or by contacting us directly.

6. Children’s Privacy

Our Website and Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from individuals under the age of 18. If you are a parent or guardian and believe that we may have collected information from your child, please contact us, and we will promptly delete the information.

7. Changes to this Policy

We reserve the right to modify this Policy at any time. Any changes to this Policy will be effective when we post the updated Policy on our Website. Your continued use of our Website and Services after any changes constitutes your acceptance of the revised Policy.

Confidentiality Policy

This Confidentiality Policy (“Policy”) outlines the practices of Meds for Less (“we,” “us,” or “our”) regarding the handling and protection of confidential information, including patient details, within our organization. We are committed to maintaining the highest level of confidentiality and safeguarding the privacy of our patients.

By being employed by or affiliated with our organization, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please refrain from accessing or using confidential information and notify us immediately.

1. Definition of Confidential Information

Confidential information includes any and all information related to our patients, employees, business operations, and any other information that is not publicly available. This includes, but is not limited to:

Patient health records, medical history, diagnoses, treatments, and any other health-related information.
Employee information, such as employment contracts, salaries, performance evaluations, and personal details.
Financial information, including billing records, payment details, and insurance information.
Business strategies, trade secrets, intellectual property, and proprietary information.

2. Confidentiality Obligations

2.1 All individuals employed by or affiliated with our organization are required to adhere to the following confidentiality obligations:

Keep all confidential information strictly confidential and not disclose it to any unauthorized parties.
Use confidential information solely for legitimate purposes related to the provision of healthcare services or the performance of job duties.
Take all reasonable measures to protect the confidentiality, integrity, and security of confidential information, including the use of appropriate physical, technical, and administrative safeguards.
Obtain written authorization from patients or individuals concerned before disclosing their confidential information, unless required by law or for the provision of healthcare services.
Refrain from accessing or using confidential information beyond what is necessary to perform assigned job duties.

2.2 Confidentiality obligations apply during employment or affiliation with our organization and continue even after the termination of employment or affiliation.

3. Disclosure of Confidential Information

3.1 We will only disclose confidential information in the following circumstances:

To authorized individuals involved in providing healthcare services, on a need-to-know basis, and subject to applicable laws and regulations.
When required by law, including but not limited to subpoenas, court orders, or government requests.
With written authorization from patients or individuals concerned, following a clear explanation of the nature and purpose of the disclosure.

4. Reporting and Breach of Confidentiality

4.1 Any suspected or actual breaches of confidentiality must be reported immediately to the designated authority within our organization.

4.2 In the event of a breach of confidentiality, we will conduct a prompt investigation and take appropriate disciplinary and legal actions, as necessary, to address the breach and mitigate any harm caused.

5. Training and Awareness

5.1 We will provide appropriate training and awareness programs to all employees and individuals affiliated with our organization to ensure their understanding of this Policy and their obligations regarding the protection of confidential information.

6. Compliance with Laws and Regulations

6.1 We will comply with all applicable laws, regulations, and industry standards regarding the protection of confidential information, including but not limited to privacy laws and healthcare regulations.

Cybersecurity Policy

This Cybersecurity Policy (“Policy”) outlines the practices of Meds for Less Limited (“we,” “us,” or “our”) regarding the protection and security of information assets, including data, systems, and networks. We are committed to implementing and maintaining robust cybersecurity measures in accordance with ISO 27001 standards.

1. Information Security Management System (ISMS)

1.1 We have implemented an Information Security Management System (ISMS) based on the ISO 27001 standard to effectively manage and mitigate information security risks.

1.2 The ISMS encompasses the following key components:

Identification and assessment of information security risks.
Implementation of controls to mitigate identified risks.
Regular monitoring, measurement, and review of the effectiveness of information security controls.
Continual improvement of the ISMS based on lessons learned and emerging threats.

2. Responsibilities and Accountability

2.1 All employees and individuals affiliated with our organization have a responsibility to adhere to the following cybersecurity principles:

Protecting information assets from unauthorized access, disclosure, alteration, destruction, or interruption.
Complying with information security policies, procedures, and guidelines.
Reporting any suspected or actual security incidents promptly to the designated authority.
Participating in cybersecurity awareness and training programs.

2.2 Management is responsible for:

Establishing and maintaining the ISMS.
Allocating appropriate resources to implement and maintain cybersecurity controls.
Regularly reviewing and updating cybersecurity policies and procedures.
Ensuring compliance with legal and regulatory requirements.

3. Information Security Controls

3.1 We implement a range of technical, physical, and administrative controls to protect our information assets. These controls include, but are not limited to:

User access management and authentication mechanisms.
Encryption of sensitive data during transmission and storage.
Regular system patching and updates.
Secure configuration management of hardware and software.
Network security measures, including firewalls, intrusion detection systems, and network monitoring.
Incident response and business continuity plans to address and recover from security incidents.
Regular backups of critical data and systems.

4. Security Incident Management

4.1 We have established an incident response process to effectively respond to and manage security incidents. This includes:

Promptly identifying and containing security incidents.
Investigating and mitigating the impact of security incidents.
Notifying affected parties, as required by applicable laws and regulations.
Conducting post-incident analysis and implementing measures to prevent future incidents.

5. Third-Party Management

5.1 We ensure that third-party vendors and service providers who have access to our information assets adhere to similar cybersecurity practices. This includes conducting due diligence on their security controls, establishing contractual obligations, and monitoring their compliance.

6. Compliance and Audit

6.1 We regularly review and assess our cybersecurity controls to ensure their effectiveness and compliance with ISO 27001 standards.

6.2 Internal and external audits may be conducted periodically to evaluate the adequacy of our cybersecurity controls and identify areas for improvement.

7. Training and Awareness

7.1 We provide regular training and awareness programs to all employees and individuals affiliated with our organization to ensure their understanding of cybersecurity risks, policies, and procedures.

8. Contact Us

If you have any questions, concerns, or reports related to the confidentiality of information within our organization, please contact:

Meds For Less Limited, 9 Walkern Road, Stevenage, 9QD 1SD, admin@medsforless.co.uk, 020 3409 0678

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.