1. Prescriptions dispensed in the pharmacy
In order to provide the highest quality healthcare service, we need to keep records about your health and the care we have provided or plan to provide to you.
Information recorded
As part of providing a professional, safe and efficient service, there is certain information that we record. This includes details of drugs and appliances dispensed against NHS and private prescriptions as well as significant advice given, and referrals made to other health professionals and any other relevant information. Such information may include:
basic details about you, such as name, address, date of birth, next of kin;
records of medicines you have been prescribed by your doctor or another qualified prescriber, and which have been supplied by this pharmacy;
details of medicines purchased from the pharmacy without a prescription such as over the counter medicines ("OTC");
other details and notes about your health and medical treatment;
information relevant to your continued care from other people who care for you and know you well, such as other health professionals (prescribers' name, address and registration number) and relatives;
signatures for the collection of Controlled Drugs; and
any other services we provide to you, for example, a flu vaccination.
Processing Information
We process your personal data, which includes information from your prescriptions and any other pharmacy and health care services we provide to you (including flu vaccinations) for the purposes of:
Your care - providing pharmacy services and care to you and, as appropriate, sharing your information with your GP or prescriber, and others in the wider NHS or prescriber clinic;
Our payments - sharing your information with the NHS Business Services Authority, others in the wider NHS, and sometimes Local Authorities, and only limited information to those external to the NHS who negotiate and check the accuracy of our payments and any exemptions;
Management - sharing only limited information with our accounts team regarding prescriptions which are placed on Wigmore Medical accounts; with the NHS Business Services Authority and others in the wider NHS, and sometimes Local Authorities; as well as those external to the NHS who ensure we maintain appropriate professional and service standards and that your declarations and ours are accurate such as the GPhC for compliance and enforcement purposes; and
Our Suppliers - we may on occasion have to submit redacted prescriptions to our suppliers to access restricted supply medications. Information supplied will only include the prescriber details and the medication; no patient details.
We hold your Personal Data on a secure PMR system for as long as advised by the NHS. We hold repeat prescriptions securely on the premises until they are fulfilled. Paper copies of NHS prescriptions are sent to the NHS at the end of the month that they have been dispensed. Paper copies of private prescriptions are securely archived for two years, as recommended by the Royal Pharmaceutical Society, before being securely destroyed. Destruction records are retained.
Sometimes prescriptions will be sent directly from your GP to the pharmacy under the NHS Electronic Prescription Service (EPS). EPS is reliable, secure and confidential. Your electronic prescription will be seen by the same people in GP practices, pharmacies, and NHS prescription payment and fraud agencies that see your paper prescription now.
We process your personal data in the performance of a task in the public interest for the provision of healthcare and treatment, and to comply with our legal obligations. A pharmacist is responsible for the confidentiality of your information.
Your Rights
You have the right to confidentiality under the General Data Protection Regulation and the common law duty of confidence.
All of our staff contracts of employment contain a requirement to keep patient information confidential. All staff that deal with Personal Data with regards to prescriptions, OTC medicines or work in the pharmacy are also trained in and must comply with the NHS Code of Practice on Confidential Information. In addition, pharmacists have a requirement under their professional standards to keep records about you confidential, secure and accurate.
Our guiding principle is that we process your records in strict confidence.
You have the right to ask for a copy of all pharmacy records about you (generally in paper or electronic form).
Generally, there will be no charge for a printed copy of the information we hold about you. We are required to respond to your request within one month. You will need to give adequate information in order for pharmacy staff to identify you (for example, full name, address and date of birth). You will be required to provide ID, for example a passport, full driving licence or credit/debit card before any information is released to you.
If you think any information we hold on you is inaccurate or incorrect, please let us know.
You may object to us holding your information. If you have any further queries about this policy, or wish to find out more about your rights, please contact the Data Protection Officer at DPO@Wigmoremedical.com
You may lodge a complaint with the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
2. Retail orders placed in the pharmacy or over the telephone
What information is collected?
When you place an order for products in the pharmacy in person or over the telephone, or apply for a VAT refund for products purchased in the pharmacy we may collect the following Personal Data from you:
Name, title, postal address, email address, home telephone, mobile number, payment information (i.e. bank or credit card details), order history, age/date of birth, information on the handling of your request (including information relating to prescription or pharmacy medicines and other medicine beauty products that you order), and other Personal Data you voluntarily provide to us.
What is the purpose of the processing?
We process this Personal Data to provide you with our products or services and take payment for such products or services that you have requested from us.
Where and for how long is the data stored?
We store your Personal Data securely on site or securely archived off-site in the UK as long as we are required to keep the information by law, normally up to six years.
Who may the information be shared with?
We may share this information with our employees to provide a safe and secure services, as well as our merchant payment services provider, HMRC and delivery provider such as a courier or Royal Mail.
What is the legal basis for processing the Personal Data?
We need this information to process your order or any other service you request from us (performance of a contract). If we need information about you that is considered sensitive (e.g. information on your health for medication) we will inform you in a transparent manner about our legal obligations to process such personal data. Your data is not used for any further purpose including marketing.
3. CCTV
Please see our CCTV policy
1. Ownership
Wigmore Medical Ltd (hereafter 'Wigmore Medical') operates a CCTV surveillance system ("the system") in the public areas of its premises at 23 Wigmore Street, London W1U 1PL, in the basement of the premises, and in the common staircases of 21 Wigmore Street and 2D Wimpole Street, with images being monitored and recorded centrally. The system is owned and managed by Wigmore Medical. The responsible manager is the Contracts Manager.
2. Compliance
Images obtained from the system which include recognisable individuals constitute personal data and are covered by the Data Protection Act 2018. This Policy should therefore be read in conjunction with Wigmore Medical's Privacy Policy. Wigmore Medical is the registered data controller under the terms of the Act. This policy has been drawn up in accordance with the advisory guidance contained within the Information Commissioner's CCTV Code of Practice and the Home Office Surveillance Camera Code of Practice.
3. Purpose
Wigmore Medical's registered purpose for processing personal data through use of the system is crime prevention, health and safety, and/or staff monitoring, under our legitimate interests. This is further defined as: CCTV is used for maintaining public safety, the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, court or tribunal, security organisations and persons making an enquiry.
The operators of the system recognise the effect of such systems on the individual and the right to privacy. Full details of Wigmore Medical's data protection registration are available on the Information Commissioner's Office website.
4. Description
The system is intended to produce images as clear as possible and appropriate for the purposes stated. The system is operated to provide when required, information and images of evidential value.
Cameras are located at strategic points throughout the public area of Wigmore Medical and the common staircases, and signage is prominently placed at strategic points on the estate to inform staff, visitors and members of the public that a CCTV installation is in use.
5. Operation
Images captured by the system are recorded continuously and may be monitored by Wigmore Medical. Images displayed on monitors are not visible from public areas. All staff with view of the monitors are made aware of the sensitivity of watching the live feed. The Contracts Manager is the only member of staff that is able to review the recordings and give access to the recordings to any third party. The Contracts Manager is aware of the sensitivity of such images and recordings.
6. Information retention
The images captured by the CCTV system will be retained for a maximum of 30 days, except where the image identifies an issue and is retained specifically in the context of an investigation / prosecution of that issue. No more images and information shall be stored than is required for the stated purpose. Images will be deleted once their purpose has been discharged or in the event of a prosecution, as long as is lawfully required, which may be up to six years.
7. Access
Access to recorded images (as opposed to the live feed) is restricted to those who need to have access in accordance with this policy, the SOPs and any governing legislation.
Disclosure of recorded material will only be made to third parties in accordance with the purposes of the system and in compliance with the Data Protection Act. Anyone who believes that they have been filmed by the system can request a copy of the recording, subject to any restrictions covered by the Data Protection Act ("Subject access request"). Provided always that such an image/recording exists i.e. has not been deleted and provided also that an exemption/prohibition does not apply to the release. Where the image/recording identifies another individual, those images may only be released where they can be redacted/anonymised so that the other person is not identified or identifiable. Procedures are in place to ensure all such access requests are dealt with effectively and within the law. Access requests should be addressed to Contracts Manager Wigmore Medical, 23 Wigmore Street, London W1U 1PL. Wigmore Medical will respond within one month.
A person should provide all the necessary information to assist Wigmore Medical in locating the CCTV recorded data, such as the date, time and location of the recording. If the image is of such poor quality as not to clearly identify an individual, that image may not be considered to be personal data and may not be handed over by Wigmore Medical.
8. Feedback
Members of the public should address any concerns or complaints over use of the Wigmore Medical's CCTV system to DPO@wigmoremedical.com
9. Annual review
This policy was approved by the management board of Wigmore Medical on 25 May 2018. It will be reviewed annually to ensure that the purpose still applies.
This policy was approved and updated on 21 January 2020.
4. Visitors
What information is collected?
When visitors come to our premises for meetings, inspections, project work, building and electrical work etc, we may collect the following Personal Data: name and company.
What is the purpose of the processing?
We process this Personal Data to know who is on-site and to check timings and attendance in relation to project works.
Where and for how long is the data stored?
The Personal Data is kept as a hardcopy in the Visitors Book at three separate locations on the premises. The data is kept securely on-site and retained as long as lawfully required.
Who may the information be shared with?
We may share this information with our employees and, in the case of project works, the managing agents for the building.
What is the legal basis for processing the Personal Data?
We process this information under our legitimate interest in knowing who is on-site to ensure the privacy, safety and security of our premises, our staff, and you. Also, to confirm attendance for work projects to confirm the performance of a contract.