Privacy Policy

Who We Are

Signature Healthcare Services Limited (‘we’, ‘us, or ‘our’) gather and process your personal data in accordance with this privacy policy, and in compliance with relevant data protection regulation, notably the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This policy provides you with information surrounding our obligations and your rights, and explains how, when and why we process your personal data through the course of providing our services to you.

We act as data controller and are registered with the Information Commissioner’s Office under registration number ZA295138. Our registered office is at 6 The Marlins, Northwood, HA6 3NP and we are a company registered in England and Wales under company number 10279084. signatureRx is a private electronic prescription generation software located at www.signaturerx.co.uk.

Information That We Collect

We process your personal information in order to meet our legal, statutory and contractual obligations, and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this policy. The types of personal data we may collect via our website, form input, email or use of our services, include: 

  • Prescriber Information:
    • Name
    • Professional Registration Details
    • Identification Details
    • Address
    • Date of birth
    • Home Address
    • Email Address
    • Telephone Number
    • Work address
    • Technical information and usage data including IP address
  • Patient Information:
    • Name
    • Date of birth
    • Address
    • Telephone Number
    • Email Address
  • Pharmacy Information:
    • Pharmacy Name
    • Pharmacy Address 
    • Pharmacy Postcode 
    • Email Address
    • Telephone Number
    • Technical information and usage data including IP address

As a result of providing prescription services, we may also collect health or medical information from you or your medical practitioner. This is a type of special category data that we will only process in restricted circumstances as outlined in the section below.

How We Use Your Personal Data

This section sets out the purposes for which we collect this information, and the legal bases upon which we rely:

 

Purpose

Lawful Basis

To register you as a prescriber/customer

(i) Performance of a contract

To supply our services to you, such as enabling you to create and generate prescriptions

(i) Performance of a contract
(ii) Providing health treatment or the management of health

To provide you with updates on your order

(i) Legitimate interests
(ii) Performance of a contract

To ensure that items on your prescription or your order are suitable for you, such as ensuring that the medication is age appropriate and that there are no interactions with any of your other medication or conditions

(i) Providing health treatment or the management of health

To solicit feedback on our services

(i) Legitimate interests

To administer and improve our products and services

(i) Legitimate interests

To retain your personal data in line with legal obligations

(i) Legal obligation

To communicate with you and provide information by email and post that you have opted-in-to

(i) Legitimate interests

The security of your information is important to us and we take measures, both electronically and physically, to ensure that you information is not passed to person(s) or companies who are not authorised to receive it.

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. In certain scenarios we share your information with third parties to help us provide you with our services, and they too are bound by the same data protection regulations as we are. Below are the categories of third party with whom we share your personal data:

  • Pharmacies who your patients ask you dispense and process your prescription
  • Payment Processor (Stripe) for the purpose of processing payments
  • IT infrastructure providers including Digital Ocean, One.com and Amazon Web Servers, Voximplant 
  • Vouched – ID checking

In the case of Vouched, your personal data will be transferred to the United States. As the United State is a third country, we use standard data protection clauses that have been adopted by the European Commission in order to safeguard the data transfer. These clauses have the effect of ensuring your personal data retains the same level of protection as the data would in the UK. Additionally, we have undertaken a risk assessment to obtain additional assurance that the necessary controls are in place to protect your data as part of this ID checking service. Finally, we will never share your data for marketing purposes. 

Your Rights

You have a number of rights with regards to the personal data that we process about you. These include:

  • The right to access your personal data (known as a “subject access request”) and have a copy of this information provided to you
  • The right to have your personal data erased, however please note that there will be instances where we are required by law to retain your data for a minimum number of years
  • The right to have your information corrected if it is inaccurate
  • The right to restrict our processing of your data in narrow circumstances
  • The right to object to our processing of your data where we are doing this based on our legitimate interests
  • The right to have your data transferred to yourself or a third party in a structured, commonly used, machine-readable format
  • The right to withdraw your consent in the event we rely on your consent to process your data. Please note that this may affect the products and services we provide to you

Should you wish to exercise any of these rights free-of-charge, please contact [email protected]. We may ask you to verify your identity before acting on the request so as to ensure that your data is protected and kept secure.

How Long We Keep Your Data

We retain your personal information for as long as is necessary to satisfy the purposes for which we collect it, as well as to satisfy our legal obligations. This means that different sets of data may be retained for different periods of time. For example, patient medical records are retained for 10 years after the death of the patient in line with NHS guidelines. Further information on these retention periods can be provided upon request.

Lodging A Complaint

We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, please contact [email protected].

You also have the right to lodge a complaint with the Information Commissioner’s Office via their phone number 0303 123 1113 or via their online complaints form https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.