Platinum Online Pharmacy

Privacy Policy

Last updated: January 2026

1. Introduction

Platinum Online Pharmacy ("we", "our", "us") is committed to protecting your privacy and the privacy of patients whose data is processed through our Prescriber Portal. This policy explains how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Platinum Online Pharmacy Ltd is the data controller for data processed through this Service. For data protection enquiries, contact our Data Protection Officer at:
dpo@platinumonlinepharmacy.co.uk

3. Data We Collect

Prescriber Data:

  • Name, email address, and contact details
  • Professional registration number and regulatory body
  • Practice address and contact information
  • Digital signature
  • Account activity and audit logs

Patient Data (processed on behalf of prescribers):

  • Name, date of birth, and contact details
  • Address information
  • Prescription details and medication history
  • Special category data relating to health conditions

4. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: To provide the prescribing service to registered prescribers
  • Legal obligation: To comply with pharmacy and healthcare regulations
  • Legitimate interests: To improve our services and ensure security
  • Health data: Necessary for healthcare provision and management

5. Data Security

We implement robust security measures including:

  • AES-256 encryption for sensitive data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Tamper-evident audit logging
  • Role-based access controls
  • Secure data centres within the UK/EEA

6. Data Retention

We retain data for the following periods:

  • Prescription records: Minimum 8 years (as per NHS guidelines)
  • Controlled drug records: Minimum 11 years
  • Prescriber account data: Duration of account plus 7 years
  • Audit logs: Minimum 10 years

7. Data Sharing

We may share data with:

  • Dispensing pharmacies to fulfil prescriptions
  • Regulatory bodies when required by law
  • Technology service providers (under strict data processing agreements)
  • Law enforcement when legally required

We do not sell personal data to third parties.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (subject to legal retention requirements)
  • Restrict processing
  • Data portability
  • Object to processing
  • Lodge a complaint with the ICO

9. Cookies

We use essential cookies for authentication and security purposes only. These are strictly necessary for the Service to function and cannot be disabled. We do not use advertising or tracking cookies.

10. International Transfers

All data is stored and processed within the UK and European Economic Area. We do not transfer personal data outside these jurisdictions.

11. Changes to This Policy

We may update this policy periodically. We will notify registered users of significant changes via email. The latest version will always be available on this page.

12. Contact Us

For privacy-related enquiries or to exercise your rights:
Email: dpo@platinumonlinepharmacy.co.uk

You may also contact the Information Commissioner's Office:
https://ico.org.uk