This policy explains how MediPill Pharmacy collects, stores and processes the personal data of patients and website visitors, under UK GDPR and the Data Protection Act 2018. We handle your data with the same clinical care we apply to your medication. Last reviewed on 19 May 2026.
We process your personal data when you book a service, fill in a form on this website, or receive pharmacy care from us. This may include:
We process your personal data on three lawful bases — all of them required to deliver healthcare and meet our regulatory obligations:
A pharmacist is responsible for the confidentiality of your information. We hold your information for as long as advised by the NHS.
We process your data in the performance of a task in the public interest, for the provision of healthcare and treatment, and for the management of healthcare systems. We may also send you a newsletter where you have consented, respond to your questions, and review and enhance the quality of our services.
You may choose to opt out of the NHS using your data for planning and research purposes — please ask in branch for details, or email info@medipill.co.uk.
We take the security of patient data extremely seriously. Under no circumstances do we sell your personal data to a third party.
Data is stored across several systems, all secured with antivirus software, encryption and firewalls:
We follow generally accepted standards to protect your personal information. Due to the nature of digital transmission, no method of transferring data over the internet or of electronic storage is 100% secure. Therefore we cannot guarantee its absolute security.
You have the following rights over the data we hold about you:
To exercise any of these rights, contact us using the details at the bottom of this page.
You may also lodge a complaint with the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
If you wish to subscribe to our newsletter you can do so at the time of registration. We use your contact details to send the newsletter and other relevant materials we believe are of benefit to you. You may stop receiving our newsletter at any time by emailing us — or by clicking the unsubscribe link at the bottom of any newsletter.
A cookie is a small text file stored on your device when you open our website. We use cookies to: enable certain functions of the service, provide analytics, and store your preferences. Both session cookies (cleared when you close your browser) and persistent cookies (kept for a defined period) are used.
Third-party cookies. In addition to our own cookies, we use a small number of third-party cookies — for example, Google Analytics — to report usage statistics for our website.
Managing cookies. If you’d like to delete cookies or instruct your web browser to refuse them, please visit your browser’s help pages. Note that if you delete or refuse cookies, you may not be able to use all of the features we offer. You can also manage your initial consent via the cookie banner shown on your first visit.
For UK GDPR purposes, MediPill Pharmacy acts as the data controller of your personal data. To operate certain services we use the following third-party data processors, each bound by a Data Processing Agreement that meets Article 28 UK GDPR requirements:
International transfers. Where a processor stores data outside the UK or EEA, we ensure appropriate safeguards are in place — UK adequacy regulations, Standard Contractual Clauses (SCCs), or the UK International Data Transfer Addendum — so your data continues to enjoy UK-GDPR-equivalent protection.
Breach response. In the unlikely event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours of becoming aware of it, and contact affected data subjects where the breach poses a high risk.
Our Data Protection Officer is Raeesah Rajabali, Co-Founder. For any questions, comments or requests about how we handle your data, contact us using the details below:
This page was last reviewed on 19 May 2026. We reserve the right to make changes to this privacy policy at any time to reflect the way we handle data at our organisation.