Privacy Notice

Version date: 29 August 2019

Who this privacy notice applies to

This privacy notice applies to our suppliers, customers and users of our website who are not homecare patients.

A separate patient privacy notice located here applies to Alcura homecare patients.

Our employees can view a copy of our colleague privacy notice on our intranet.

Who we are

We are Alcura UK Limited , a division of Walgreens Boots Alliance. You can find out more about us at www.alcura-health.co.uk. Alcura UK Limited is the ‘data controller’ and is responsible for personal data collected in the course of dealing with you or your business.

If you have any questions about this privacy notice or our data protection practices please contact alcuraserviceincidents@alcura-health.co.uk. If your question is not satisfactorily answered, you may also contact Privacy@alliance-healthcare.co.uk and ask that the matter be referred to our Data Protection Officer.  

How the law protects you

Your privacy is protected by law. This section explains how that works.

Data Protection Law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside Alcura UK Limited. The law says we must have one or more of these reasons:

  • To fulfil a contract we have with you
  • When it is our legal duty
  • When it is in our legitimate interest
  • When you consent to it
  • When it is necessary in order to protect your vital interests

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you.

Here is a list of the ways that we may use your personal information and the reasons for doing so:

What we use your personal information for:

Our purposes:

• To manage our relationship with you or your business.

• To develop new ways to meet our customers’ needs and to grow our business.

• To develop and carry out marketing activities.

• To study how our customers use products and services from us and other organisations.

• To provide advice or guidance about our products and services.

• Managing your records, working out which of our products and services may interest you and telling you about them. 

• Designing products and services, and deciding what we charge for them.

• Seeking your consent when appropriate to do so.

• Being efficient about how we fulfil our legal duties.

• To develop and manage our brands, products and services.

• To manage how we work with other companies that provide services to us and our customers.

 

• To develop and improve our internal processes and service

• Developing products and services, and what we charge for them.

• Defining types of customers for new products or services.

• Being efficient about how we fulfil our legal and contractual duties.

• Identifying and reviewing opportunities to improve our service to customers and suppliers

• To deliver and receive products and services.

• To make and manage payments.

• To collect and recover money that is owed to us.

• Being efficient about how we fulfil our legal and contractual duties.

• Complying with regulations that apply to us.

• To detect, investigate, report, and seek to prevent crime.

• To manage risk for us and our customers.

• To obey laws and regulations that apply to us.

• To respond to complaints and seek to resolve them.

• Developing and improving how we deal with crime, as well as performing our legal duties in this respect

• Complying with regulations that apply to us. 

• Being efficient about how we fulfil our legal and contractual duties.

• To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit.

• Complying with regulations that apply to us. 

• Being efficient about how we fulfil our legal and contractual duties.

• To exercise our rights set out in agreements or contracts.

 

 

Groups of Personal Information

We use many different kinds of personal information, and group them together like this:

Type of personal information

Description

Personal

Business customers: Basic information, such as your name (including title), the company you work for, your title or position and your relationship to a person or company.

Financial

Your financial position, status and history.

Contact

Your address details and how to contact you such as your postal address, email address and phone number(s).

Transactional

Details about payments to and from your accounts with us.

Contractual

Details about the products or services we provide to you or which you provide to us.

Behavioural

Details about how you use our products and services.

Technical

Details on the devices and technology you use, your visits to our website or applications or materials and communications we send to you electronically.

Communications

Details we may gather about you from letters, emails and conversations between us, for example call recordings.

Visitor information

CCTV images from cameras set up in and around our premises.

Visitor details from when you have visited our premises.

Vehicle registration details when parking on our premises.

Open Data and Public Records

Details about you that are in public records, such as the Electoral Register, and information about you that is openly available on the internet.

Usage Data

Other data about how you use our products and services.

Documentary Data

Details about you that are stored in documents in different formats, or copies of them. This could include things like PPA statements, or Controlled Drugs Licenses, taken for account opening purposes, utility statements or your passport if required for identity verification.

Special types of data

The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so:

• Racial or ethnic origin

• Religious or philosophical beliefs

• Trade union membership

• Genetic and bio-metric data

• Health data including gender

• Criminal convictions and offences

Consents

Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you, whether you get paper statements, or prefer large-print formats.

   


Where we collect personal information from

We may collect personal information about you (or your business) from other companies within the Alliance Healthcare UK from you, or from third parties who we use to help us provide our products and services.

Data we collect from you comes from a variety of sources:

  • When you apply for our products and services or promote your products and services to us
  • When you talk to us on the phone or in conversations with our staff
  • When you use our web services
  • In emails and letters
  • In customer surveys
  • If you take part in our competitions or promotions
  • Data from third parties we work with
  • Companies that introduce you to us
  • Credit reference agencies
  • Public information sources such as General Pharmaceutical Council or Nursing and Midwifery Council
  • Organisations working on our behalf
  • Market researchers

Whom we share your personal information with

We may share your personal information with companies within Walgreens Boots Alliance and certain trusted organisations in accordance with contractual obligations in place with them, including:

  • Companies that we introduce you to 
  • Companies you ask us to share your data with. 
  • Market research companies (for business customers)
  • Agents and advisers who we use to help run your accounts and services, collect what you owe, and explore new ways of doing business, and provide us with advice 
  • Fraud prevention agencies 
  • Companies we have a joint venture or agreement to co-operate with 
  • Credit reference agencies 
  • IT service providers to our companies, and suppliers to whom we subcontract certain support services

We may also share your information with Regulators and other government authorities if required to do so by legal or regulatory requirement.

In some situations, we may need to share your personal information with other organisations to provide you with the products or services you have chosen.

Marketing

For business customers or suppliers we may use your personal information to provide you information that we think will be useful to you, your business, or the organisation for which you work.

The personal information we have for you is made up of what you tell us and data we collect when you use our services, or from third parties we work with.

We analyse this information in order to predict what you may want or need, or what may be of interest to you. This way we are able to work out which products, services and offers may be relevant for you or your business.

You can ask us to stop sending you marketing messages at any time, but we will continue sending you statements, and other important information such as changes to services that you currently use.

We may ask you to confirm your choices and accuracy of our records, if you purchase different products or new services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.

If you change your mind about marketing materials that send you you can update your choices at any time by contacting us using the contact details below.

How we protect your personal information

We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.

How long we retain your personal information

Alcura will only keep your personal data as long as this is necessary to fulfil the purposes we collected it for and in order to comply with any legal, tax, regulatory, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider: the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and any legal obligations to keep data for minimum periods of time.

We may retain your personal data longer than our default retention period if there is a good reason for doing so. For example, if you have made a complaint or we reasonably believe that there is a chance of legal action being taken against us in relation to the services we have provided to you, then we will retain the relevant data beyond the retention period until such complaint or legal action is conclusively resolved.

If you would like more information about our retention periods for a specific category of personal data which we process about you, please contact us.

International transfer

Some of the service providers that we use and which process your personal data on our behalf may access your personal data from outside of the European Economic Area.

Where we work with a third party processing data outside of the European Economic Area (EEA), we are conscious that the laws of other countries may not provide the same level of protection for your data as the laws of the UK and the EEA. Therefore, when working with these service providers, we ensure that your data is appropriately protected by ensuring that one of the following measures is in place:

  1. the country where the processing is occurring has been deemed to have a legal system which provides adequate levels of protection for personal data by the European Commission.
  2. specific contracts approved by the UK or European Commission which ensure that your data has the same protection as it has in Europe.
  3. (for service providers processing data in the US) the service provider is part of the Privacy Shield (which requires them to provide a certain standard of protection for personal data shared between Europe and the US).

Please contact us if you would like further information on the specific measures we use when transferring your personal data outside of the EEA.

Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

Request access to your personal data (commonly known as a subject access request). You can request a copy of the personal data we hold about you, to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. You can ask for any incomplete or inaccurate data we hold about you to be corrected. We may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note that we may not always be able to comply with your request if there is a lawful reason for us to continue to process it. If this is the case, we will notify you of this when responding to your request.

Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you believe that the impact on your fundamental rights and freedoms outweighs that legitimate interest. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data if: (a) you want us to establish the data’s accuracy; (b) our use of the data is unlawful but you do not want us to erase it; (c) you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Withdraw consent. You can withdraw your consent to processing at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Complain to the ICO. Although we hope it never comes to this, you do have the right to complain to the ICO about any of Alcura processing activities at casework@ico.org.uk

If you wish to exercise any of these rights, please contact us.

Changes to this Privacy Notice

This Privacy Policy was updated in August 2019. A copy of it is available on our website. We may update it from time to time so we recommend that you check our website occasionally.  If we make changes we think may affect you significantly, we will inform you in an appropriate manner so you know about the changes before they happen.