Data Privacy Policy

This Data Privacy Policy (“Policy”) outlines how Pharmaspace (Aylesbury) Ltd, doing business as Zoto and zoto.co.uk (“Company,” “we,” “us,” or “our”) collects, uses, protects, and shares personal information collected from users (“Users” or “you”) through our website and services. We are committed to safeguarding the privacy of our Users and ensuring transparency about how we manage personal information.

This Policy applies to all information collected on our website, through our applications, and in connection with our services. By using our website or services, you agree to the collection, use, and disclosure of your information in accordance with this Policy.

1. INFORMATION WE COLLECT

Personal Information: Personal Information refers to information that can directly or indirectly identify an individual. The types of personal information we may collect include, but are not limited to:

• Contact Information: Name, email address, phone number, and physical address
• Account Information: Username, password, and profile details
• Biographical Information: Date of birth, nationality, gender
• Your NHS Number
• Information About Your Next of Kin and Carers: Names, contact details
• Financial Information: Payment details, billing information, and transaction history
• Communications With or About You: Correspondence between the Company and you, letters we send to your GP about your treatment, letters you ask us to write to your employer
• Usage Information: Data on how you interact with our website and services, such as IP address, browser type, operating system, referring URLs, and browsing behaviour
• Location Data: Information on your location if you access our services from a mobile device or choose to share location data with us
• Special Personal Information: Special Personal Information refers to data considered more sensitive than general personal information.
• Treatment Information: Details of your treatment and care, including the professional opinions of the staff caring for you.
• Health Information: Notes and reports related to your health, including information you have shared with us about your health and relevant information from social care professionals, relatives, or carers
• Test Results: Results of investigations and medical tests
• Other Information: Information about your ethnicity, sexual orientation, sex life, religious or philosophical beliefs or opinions, any disability, or genetic data when this is relevant to your care or has been provided to us as part of your care
• Non-Personal Information: Non-Personal Information refers to data that does not directly or indirectly identify an individual. We may collect anonymous data, aggregated information, or other non-identifiable data, which can include usage data, demographic information, and statistical information.

2. HOW WE COLLECT INFORMATION

Information Provided by Users: We collect information you provide directly to us when you register an account, interact with clinical and pharmacist staff, make a purchase, or otherwise interact with our services. This includes contact information, payment information, and any other information you choose to share.

Automated Information Collection: We collect certain information automatically when you visit our website or use our services. This includes usage information, IP addresses, browser details, operating system information, device identifiers, and cookies. These technologies enable us to analyse website traffic, understand User behaviour, and provide a more customised experience.

Cookies and Tracking Technologies: Cookies are small text files placed on your device that help us track and identify your preferences. We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities, enabling us to offer a more tailored experience. You can control your cookie preferences through your browser settings; however, disabling cookies may affect the functionality of our website.

Third-Party Sources: We may receive information about you from third parties, such as analytics providers, social media platforms, and advertising partners, who assist us in understanding User engagement, providing relevant content, and improving our services.

3. PURPOSES OF INFORMATION COLLECTION

Providing and Enhancing Services: We use collected information to provide, personalise, and improve our services and to provide you with treatments for your conditions or symptoms. This includes delivering medical appointments, processing transactions, managing accounts, delivering customer support, and personalising your experience on our platform.

Communication:

• We may use your contact information to send you important information regarding your treatments, appointments, account, service updates, and customer support communications.
• We may, at your request, provide a letter to your employer about your treatment.
• We may invite you to participate in research projects, wholly at your discretion.
• We may send marketing communications based on your preferences, which you can opt out of at any time.

Analytics and Research: We analyse usage information and other data to monitor and improve our website’s performance, understand User trends, and enhance the overall User experience. This includes gathering insights into how our services are accessed and used.

Legal Compliance and Security: We collect information as necessary to comply with legal obligations, enforce our terms of service, protect the rights and safety of our Users, and detect, prevent, or investigate potential fraud, security breaches, and other prohibited activities.

Marketing and Advertising: With your consent or where permitted by law, we may use your information to promote our products and services, display targeted advertisements, and analyse the effectiveness of our marketing campaigns. We may work with third-party advertising partners to show personalised ads based on your browsing activity.

4. SHARING OF INFORMATION

Third-Party Service Providers: We may share personal information with third-party service providers who perform functions on our behalf, such as healthcare professionals and organisations, payment processing, data analytics, website hosting, customer support, and marketing assistance. These providers are bound by contractual obligations to use information solely for the purpose of providing services to us and are prohibited from using it for other purposes.

Business Transfers: In the event of a merger, acquisition, asset sale, or similar business transaction, we may transfer personal information to the new owner. In such cases, the successor entity will be bound by the terms of this Policy or provide notice of any significant changes to the processing of personal information.

Compliance with Legal Obligations: We may disclose personal information if required to do so by law or in response to valid requests by public authorities, such as court orders or government agencies. We will only disclose the information necessary to fulfil our legal obligations and protect our rights.

Protection of Rights and Safety: We may share personal information when necessary to protect the rights, property, and safety of our Users, employees, or others. This includes the exchange of information with other companies and organisations for fraud protection and credit risk reduction.

Aggregated and Anonymised Information: We may share anonymised or aggregated data that cannot reasonably be used to identify individuals. This information may be shared with partners for research, marketing, analytics, and other legitimate business purposes.

5. DATA SECURITY

Security Measures: We implement technical, administrative, and physical security measures to protect personal information from unauthorised access, loss, alteration, or disclosure. Our security measures include encryption, access controls, firewalls, regular security audits, and employee training on data protection.

Encryption: Sensitive information, such as payment details and personal data, is encrypted in transit and at rest using industry-standard encryption protocols to ensure its confidentiality.

Access Control: Access to personal information is limited to authorised personnel who have a legitimate need to access it. Our employees, contractors, and service providers are trained and required to follow strict security protocols.

Data Breach Response: In the event of a data breach, we will notify affected Users as required by applicable law and will take prompt action to investigate and mitigate the breach, including working with security experts and informing regulatory authorities where necessary.

Data Retention: We retain personal information for as long as necessary to fulfil the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. When personal information is no longer needed, we securely dispose of it using appropriate data destruction methods.

6. USER RIGHTS AND CHOICES

The UK General Data Protection Regulation (GDPR) gives you rights regarding your
personal data, including the right to:

Access and Update: You have the right to access, correct, or update your personal information at any time. You may do so by logging into your account settings or contacting our customer support team for assistance.

Deletion: You have the right to request the deletion of your personal information. We will delete your information upon request, except when we are required to retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

Data Portability: In certain circumstances, you have the right to request a copy of your personal information in a structured, machine-readable format. We will provide this data to you or, upon request and where feasible, transfer it to another organisation.

Objection to Processing: You may object to the processing of your personal information for certain purposes, such as marketing. If you object, we will stop processing your information for those purposes unless we have a legitimate business reason or legal obligation to continue.

Restriction of Processing: You may request that we restrict the processing of your personal information under certain circumstances, such as when you dispute the accuracy of the data
or object to its processing. While we evaluate your request, we will temporarily suspend processing activities as required.

Withdrawal of Consent: If we process your information based on consent, you may withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing before the withdrawal but may limit your access to certain services or features.

Complaints: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that our organisation has not handled your personal data in accordance with data protection law. Before making a complaint to the ICO, we recommend that you first contact us directly to raise your concern, so that we have the opportunity to address and resolve the issue. If you remain dissatisfied with our response, you may contact the ICO using their contact details available at https://ico.org.uk/make-a-complaint/.

7. COOKIES AND TRACKING TECHNOLOGIES

Cookies: We use cookies to store information about your preferences and interactions with our website. Cookies enable us to recognise returning Users, enhance User experience, and serve personalised content.

Types of Cookies: We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted). We categorise cookies as follows:

• Essential Cookies: Necessary for the operation of our website and to enable core functionalities
• Analytics Cookies: Collect anonymous data on how visitors use our website to help us improve performance
• Functional Cookies: Remember your preferences to enhance your experience
• Advertising Cookies: Used to deliver relevant advertisements based on your interests

Third-Party Cookies: Our website may allow third-party service providers to place cookies or tracking technologies on your device to deliver personalised content and advertisements.

You may manage third-party cookie preferences through your browser settings or by visiting the third party’s privacy policy page.

Opting Out of Cookies: You may disable cookies through your browser settings. However, please note that certain website features may not function as intended if cookies are disabled.

8. INTERNATIONAL DATA TRANSFERS

Cross-Border Data Transfers: Personal information collected from Users may be transferred to, stored, and processed in countries outside the User’s country of residence. We take appropriate steps to ensure that international data transfers comply with applicable privacy laws.

Data Transfer Mechanisms: We rely on lawful data transfer mechanisms, such as the Standard Contractual Clauses approved by the European Commission, to safeguard personal information when transferring data across borders.

User Consent: By using our services and providing personal information, you consent to the transfer, storage, and processing of your data in countries where privacy laws may differ from those in your country of residence.

9. CHILDREN'S PRIVACY

No Collection of Children’s Data: Our services are not directed to anyone under the age of 18, and we do not knowingly collect or solicit personal information from children. If we become aware that we have collected information from anyone under the age of 18, we will promptly delete it.

Parental Controls: Parents and guardians should monitor their children’s online activities and contact us if they believe their child has provided us with personal information.

10. CHANGES TO THIS PRIVACY POLICY

Policy Updates: We may update this Policy periodically to reflect changes in our practices or applicable laws. Any modifications will be posted on this page, and the “Last Updated” date will be revised.
Notification of Changes: We will notify you of significant changes to this Policy via email or by placing a prominent notice on our website before the changes take effect. By continuing to use our services after any changes, you agree to the revised Policy.

11. CONTACT INFORMATION

Contact Us: If you have any questions, concerns, or requests regarding this Policy or the handling of your personal information, please contact us at: help@zoto.co.uk
Zoto, 4 Bessemer Crescent, Aylesbury, HP19 8TF, United Kingdom