GDPR Privacy Policy

1. Introduction

MedsHut UK Pharmacy ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website, services, or purchasing from MedsHut UK Pharmacy, you agree to the practices described in this policy.

2. Who We Are

MedsHut UK Pharmacy is owned and operated by Nojen Clinical Ltd, a company registered in the United Kingdom.

Data Controller:

Nojen Clinical Ltd

Prospect House, Factory Road

Flintshire, CH5 2QJ

United Kingdom

Contact Information:

📧 Email: info@medshut.com

📞 Phone: xxxxxxxxxxx (Mon–Fri, 9:00–17:00)

We aim to respond to all inquiries within 24 hours.

3. What Data We Collect

We collect and process the following types of personal data when you use our services:

Identity Data: Name, date of birth, gender.
Contact Data: Email address, phone number, billing and delivery address.
Health Data: Medical history, prescriptions, consultation notes (where required).
Transaction Data: Payment details (processed securely through our payment provider), order history.
Technical Data: IP address, browser type, device information, and website usage data via cookies.

Note: Health-related information is classified as "special category data." We process this only when necessary for providing pharmacy services and with appropriate safeguards.

4. How We Use Your Data

We process your data for the following purposes, under lawful bases defined by UK GDPR:

Purpose	Lawful Basis
To process and deliver your order	Performance of a contract
To provide pharmacy consultation and dispense medication	Legal obligation & vital interests
To communicate with you about your order or query	Legitimate interests
To maintain records for regulatory compliance	Legal obligation
To improve our website and services	Legitimate interests (analytics & performance)
To send service-related updates	Legitimate interests (you can opt out anytime)

5. Sharing Your Data

We only share your data where necessary:

Payment Processors: To process transactions securely.
Regulatory Bodies: Such as the GPhC or MHRA, where legally required.
Couriers: To deliver your medication or products.
IT & Hosting Providers: For secure website hosting, email, and data storage.

We never sell your data to third parties for marketing purposes.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy and to comply with legal, regulatory, and professional obligations. Typically:

Pharmacy records: Minimum 2 years as required by law.
Account data: Until you request deletion or after a period of inactivity (subject to legal requirements).

7. Your Rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your data (where legally possible).
Restrict or object to processing in certain circumstances.
Request transfer of your data to another service provider.
Withdraw consent at any time (where consent is the basis of processing).

To exercise any of these rights, contact us at info@medshut.com.

8. Cookies

Our website uses cookies to improve your browsing experience, analyze traffic, and personalize content. You can manage or disable cookies through your browser settings.

9. Data Security

We take data protection seriously and implement appropriate technical and organizational measures to keep your information secure, including encryption, access controls, and secure storage.

10. Complaints

If you are unhappy with how we handle your data, please contact us first. If we cannot resolve your concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): https://ico.org.uk.

MedsHut UK Pharmacy – GDPR Privacy Policy