GDPR

1. Introduction

MexCare Pharmacy is committed to protecting the personal data of our patients, customers, and website users. This GDPR Policy explains how we meet our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We handle personal information with care, transparency, and respect, ensuring it is used lawfully and responsibly as part of our role as a UK community pharmacy.

2. Our Commitment to Data Protection

We understand that personal and health information is sensitive. MexCare Pharmacy takes appropriate steps to ensure that all personal data is:


  1. Used lawfully, fairly, and transparently
  2. Collected only for clear and legitimate purposes
  3. Accurate and kept up to date
  4. Kept secure and confidential
  5. Retained only for as long as necessary

3. What Personal Data Means

Personal data is any information that can identify an individual, either directly or indirectly. This may include names, contact details, NHS numbers, prescription information, and other health-related data required to provide pharmacy services.

Health information is treated as special category data and is handled with additional care and safeguards.

4. Lawful Basis for Processing Data

MexCare Pharmacy processes personal data only where there is a lawful reason to do so. These include:


  1. Providing healthcare and pharmacy services
  2. Meeting legal and NHS contractual obligations
  3. Protecting patient safety
  4. Consent, where required for specific communications
  5. Legitimate operational needs as a community pharmacy

5. Lawful Reasons for Processing

Under UK GDPR, we process personal data because:


  1. It is necessary to provide healthcare services
  2. We are legally required to do so under NHS and pharmacy regulations
  3. You have given consent, where required
  4. It supports our legitimate operation as a community pharmacy

6. How We Use Personal Data

Personal data is used to:


  1. Dispense prescriptions safely
  2. Provide NHS and private pharmacy services
  3. Support ongoing patient care
  4. Communicate with patients when necessary
  5. Comply with legal, regulatory, and professional requirements

We do not use personal data for unrelated or excessive purposes.

7. Data Sharing

Personal data is shared only when necessary and lawful. This may include sharing with:


  1. NHS bodies and GP practices
  2. Healthcare professionals involved in patient care
  3. Regulatory authorities
  4. Trusted service providers under strict confidentiality agreements

We do not sell or misuse personal data.

8.Data Security

We use appropriate technical and organisational measures to protect personal data from unauthorised access, loss, or misuse. Access is limited to authorised staff who require the information to perform their duties.

Staff handling personal data receive appropriate training in data protection and confidentiality.

9. Data Retention

Personal data is retained in line with NHS, legal, and professional record-keeping requirements. When data is no longer required, it is securely deleted or disposed of.

10. Individual Rights Under GDPR

Under UK GDPR, individuals have the right to:


  1. Access their personal data
  2. Request correction of inaccurate data
  3. Request erasure where legally permitted
  4. Restrict or object to processing
  5. Request data portability
  6. Withdraw consent where applicable

Requests can be made by contacting MexCare Pharmacy directly.

11. Data Breaches

In the event of a personal data breach, MexCare Pharmacy will take appropriate action in line with legal requirements, including notification to the Information Commissioner’s Office (ICO) where required.

12. Policy Updates

This GDPR Policy may be updated from time to time to reflect changes in legislation or pharmacy operations. The latest version will always be available on our website.

13. Contact Information

If you have any questions about this GDPR Policy or how your personal data is handled, please contact MexCare Pharmacy.