Privacy Policy

Pharmachub is a UK-based online clinical pharmacy service operated by Pharmachub Ltd. Our registered pharmacy is registered with the General Pharmaceutical Council (GPhC Reg. No. 9010245) and we are registered with the Information Commissioner's Office (ICO). Our registered office address is available on request by emailing privacy@pharmachub.co.uk. For the purposes of UK data protection law, Pharmachub Ltd is the data controller of your personal information.

We collect information you provide directly to us, including: • Identity data: name, date of birth, gender • Contact data: email address, telephone number, home address • Health data: medical history, current medications, clinical measurements (weight, height, BMI), conditions, allergies, lifestyle information — necessary to provide a clinical service • Consultation data: your responses to clinical questionnaires and correspondence with your care team • Payment data: payment confirmations (we do not store full card numbers; bank transfer references are retained for billing purposes) • Technical data: IP address, browser type, device identifiers, and usage data collected via cookies and analytics tools • Communications: records of messages sent through your patient dashboard Health data is "special category" data under UK GDPR and is handled with additional safeguards.

We use your data to: • Deliver our clinical service: assess eligibility, issue prescriptions, dispense medication, and provide ongoing clinical oversight • Communicate with you: send appointment reminders, treatment updates, prescription status notifications, and clinical messages • Comply with our legal obligations: maintain clinical records as required by healthcare regulations, respond to regulatory enquiries • Improve our service: analyse aggregated, anonymised usage data to improve our platform (we do not use identifiable health data for this purpose) • Prevent fraud and ensure security: protect the integrity of our platform and verify your identity Legal bases we rely on: • Contract performance — to deliver the service you have signed up for • Legal obligation — to comply with healthcare, pharmaceutical, and data protection law • Vital interests — in emergency clinical situations • Legitimate interests — for fraud prevention and service improvement • Explicit consent — for any optional communications or research participation

We only share your data where necessary. Recipients may include: • UK-registered prescribers and pharmacists involved in your care • Regulated NHS or private laboratories (if diagnostic tests are required) • MHRA-licensed wholesale distributors and courier services (for medication dispatch) • IT service providers who host and support our platform under strict data processing agreements • Regulatory bodies (GPhC, MHRA, ICO) if required by law We do not sell your personal data. We do not share your identifiable health data with third-party marketers. If we are required to disclose information by law, court order, or regulatory authority, we will do so.

Clinical records are retained for a minimum of 8 years from the date of last contact, in line with NHS and regulatory guidance. For patients under 18 at the time of treatment (which we do not provide), records would be kept until age 25. Account and payment records are retained for 6 years from the date of transaction in line with HMRC requirements. Technical and analytics data is typically retained for 26 months. After the applicable retention period, your data is securely deleted or anonymised.

Under UK GDPR, you have the right to: • Access — request a copy of the personal data we hold about you • Rectification — ask us to correct inaccurate or incomplete data • Erasure — ask us to delete your data (subject to legal retention obligations) • Restriction — ask us to limit processing of your data in certain circumstances • Portability — receive your data in a structured, machine-readable format • Object — object to processing based on legitimate interests • Withdraw consent — where processing is based on consent, you may withdraw it at any time To exercise any of these rights, email privacy@pharmachub.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

We use essential cookies required to operate our platform (such as session cookies), and analytics cookies that help us understand how visitors use our site. Analytics cookies are only set with your consent. You can manage or withdraw cookie consent at any time via your browser settings or by contacting us. Blocking essential cookies may affect platform functionality.

We use industry-standard technical and organisational measures to protect your data, including encrypted data storage and transmission (TLS), access controls limiting data to authorised clinical staff, and regular security review. Despite these measures, no internet transmission is entirely secure. You should use a strong, unique password for your account and keep your login credentials confidential.

We may update this policy from time to time. When we make material changes, we will notify you by email or via your dashboard. The date of the most recent revision is shown at the top of this page. Continued use of our service following notice of changes constitutes acceptance of the updated policy.

For any questions about this privacy policy or how we handle your data, contact our Data Protection team at: Email: privacy@pharmachub.co.uk Pharmachub Ltd Data Protection Team United Kingdom