We take appropriate technical and organisational measures to protect against unauthorised or unlawful processing of your personal information, including encrypting your information to applicable industry standards.
Personal data is defined as any data relating to an individual that would allow them to be identified either directly or indirectly, this includes information such as your name, address and date of birth.
During your visit to our site we may gather certain personal information that is necessary to set up your account, for the purposes of billing, delivery of your goods and queries. We only keep your information for as long as is necessary to process your order, process any applicable refunds, respond to any complaints/feedback or to provide you with promotional information you have subscribed to.
We collect data from you when you:
This data will only be used to:
Our analytics software is used to help us provide the best service to all users of the Dr Felix website. This software may also record information relating to:
Ordinarily we do not have access to your financial information which is securely transferred directly to our card processing agents and who process it on our instructions.
When you register your details with us, you have the option to subscribe to future promotions and special offers. You may unsubscribe from this at any time by emailing email@example.com.
When you supply your information to us you accept the risks associated with the internet and will not hold us responsible for any loss of your information unless we have breached our duty of care to you.
We supply some of your information electronically to selected third parties including:
We take your privacy seriously and we will never sell your data to any third party.
If you order an STI test kit via Dr Felix, your test kit is passed on to an outside laboratory. They will return you results to us, which we then pass on to you.
Our website contains links to other websites with their own privacy policies, we are not responsible for the privacy policies of these websites.
We use your data to:
In delivering our service to you we use your data:
In monitoring and improving our service, product range and website, we use your data:
Legal Requirements for Sharing Your Data
In conforming to legal, compliance and regulatory requirements, we use your data:
We will only share your data in response to a legal request if we believe that the law requires us to do so, that sharing of your data is required in that jurisdiction and is consistent with internationally recognised standards.
Examples of legal requirements for sharing your data include:
We are registered with the Information Commissioners Office (ICO) under the registration number ZA298635
Any data you provide us with will be stored securely on a private database
This database and our website are stored on Amazon AWS which is ISO 27001 certified
Only our doctors, pharmacy team and a small number of employees have access to this data base. All our staff are subject to our Confidentiality Protection Policy.
We do not transfer your information outside the European Economic Area (“EEA”) unless you are a user located outside the EEA in which case we may need to transfer your information to deliver your goods, process payment/refunds, or to send you promotional information you have subscribed to.
We only keep your information for as long as is necessary to process your order, process any applicable refunds, respond to any complaints/feedback or to provide you with promotional information you have subscribed to.
If you choose to delete your account, we will delete all your data after 30 days, unless we are legally required to share your data (see section 4.4).
www.drfelix.co.uk is Payment Card Industry Data Security Standards (PCI DSS) compliant and is scanned for server vulnerabilities on a regular basis to ensure our security systems are up to date and comply with industry standards.
Dr Felix abides by Data Protection Act and understands why safety is paramount for our customers making payments online. We endeavour to make sure we secure ours customer’s payment card data. Our customers depend on us to keep their information safe and Dr Felix repays their trust with compliance to the PCI Security Standards.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. The PCI DSS is administered and managed by the PCI Security Standards Council PCI SSC, an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB). A copy of the PCI DSS is available: download PCI Security Standards (pdf).
What you need to know about PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.
Dr Felix is PCI compliant and subject to quarterly checks to make sure our security systems are secure and compliant so you can make payments on our website without a single worry.
You have the right to correct your data, should you realise something is incorrect. You can change most of your data by logging-in to your account, if the data is not accessible via your account and you wish to change it, you should contact our customer service team.
You have the right to request that your data is deleted, unless it is required for a legal reason.
We are required to store your medical data and identity for an undefined period to protect your health interests should any problems arise.
You can request to access your data at any point by contacting our customer service team.
To protect your data from fraud, you must provide us with two forms of identity and your request in writing, before we are able to release your data records to you.
We advise you use a unique strong password (at least 8 characters including upper and lowercase letters, numbers and symbols) for our website. We recommend that you do not share this password with anyone.
If you suspect a breach of your security i.e. an unauthorised log-in to your account, please contact our Data Protection Compliance Officer immediately on +44 (0)1236 758420.
The GDPR (General Data Protection Regulation) gives you the right to access, change and erase your data.
You also have the right to restrict what your data is used for. This includes:
Any changes we may make to this privacy notice in the future will be posted on this page, and for any major changes, we’ll notify you by e-mail. If we are going to change the way we process your data, we will ask for your consent first by email, unless you have opted out, in which case please check this page for updates.
If you are not satisfied with our response or have a complaint, you can also contact the ICO (Information Commissioner’s Officer). Our ICO registration number is ZA298635.