Policy on Privacy and Security


Completely regulated

At My London Pharmacy, we take our customers’ privacy very seriously. We are a leading online pharmacy in the United Kingdom, and we are registered with the General Pharmaceutical Council (GPhC), the Medicines Health Regulatory Authority (MHRA), and the Care Quality Commission (CQC) (CQC – who regulate doctors and other healthcare services). The Information Commissioner’s Office has us on file (ICO – who uphold data privacy laws).


See our complete set of rules for more information.


We take your privacy very seriously.


We value your privacy and are dedicated to protecting and respecting it while also utilising technology to improve your online security. We ask that you carefully read this Privacy Policy (‘the Policy’) because it contains important information about how we will use your personal information.


You confirm that you agree to the terms of this Policy by using our website and services. Do not use our website or services if you do not agree to this Policy. When you create an account on this website, you will be asked to express your explicit consent to this Policy.


Who is in charge of the information you provide?

PharmaExpo LTD (‘we’, ‘us’, ‘our’) trading as My London Pharmacy owns and operates this Website. Red Label Medical Ltd, which also goes by the name My London Pharmacy, provides GP services and prescriptions.


My London Pharmacy, Units 19 – 20 Bonville Business Centre, Dixon Road Road, Bristol, BS4 5QR is our postal address.


You can reach us at info@mylondonpharmacy.co.uk or by calling 020 3154 4734.


PharmaExpo LTD is the ‘controller’ of your personal data for the purposes of the Data Protection Act 2018, that is, the company that is responsible for and controls the processing of your personal data.


We reserve the right to change or update this Policy at any time. You should review this Policy on a regular basis to ensure that you are aware of the most current version, which will apply each time you visit this Website.


We may collect information from you.

The following types of information about you are collected by us:


Your email address, phone number, geographical address, delivery address, and billing address are all examples of contact data.

Data such as first and last names, usernames or other identifiers, dates of birth, passport numbers, and driver’s licence numbers are examples of identity data.

Health Data includes your primary care physician’s address, patient notes, consultation notes, and any other information about your health and medical condition.

Financial Data refers to the information you give us so that we can process your payments using a third-party payment processor.

Transaction Data includes information about the products you’ve bought and the payments you’ve made.

Technical Data on the devices you use to access our website and any communications we may send to you includes data such as your IP address, login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology.

Usage Data refers to information about your visit to our website, such as the full Uniform Resource Locators (URL) clickstream to and through, pages you viewed or searches you conducted, page response times, download errors, length of visit, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to navigate away from the page.

Your marketing preferences are included in your marketing data.

We do not collect personal information about children knowingly. If you are under the age of 18, please do not provide us with any personal information.


Please do not provide us with information about other people because we are unable to verify an individual’s identity or obtain patient consent for treatment or data processing.


For the purposes of training, quality assurance, fraud prevention, and compliance, we may monitor and record communications with you, such as phone conversations and emails.


You provide information voluntarily.

You can provide us with information in a variety of ways, including:


You use our website or call us to interact with us, including filling out forms and medical questionnaires; you create an account on our website; you make purchases on our website;

You apply to work as an employee or a consultant with us; you provide us with feedback or reviews;

Although you are not required to respond to a survey or questionnaire, you do so.

You subscribe to our newsletter; otherwise, you contact us with questions, comments, or complaints.

All such personal data will be processed in accordance with this Policy. Certain information must be provided to us in order for us to fulfil your request, such as to purchase products from us, and we will make this clear to you at the time personal data is collected.


You must provide us with true, complete, and accurate information. If you give us inaccurate or false information and we suspect or identify fraud, we will keep track of it and may report it to the appropriate authorities.


We may keep a record of any correspondence you send us via email or postal mail, and we may also record any phone calls we have with you.


We collect information from the device you use to access our website.

We (and our advertisers and/or other service providers) may use a variety of technologies to collect information about how our site is accessed and used when you visit our website or interact with our services.


Cookies and other tracking technologies are used to collect some of this data. Please see our Cookies Policy for more information on the types of cookies we use, why we use them, and how you can manage them.


We get information from a variety of sources.

We may receive information about you from third parties (such as business partners, subcontractors in technical, payment, and delivery services, advertising networks, analytics providers, search information providers, ID verification organisations, and credit reference agencies). Your information may also come from other companies that sell products on our behalf.


We use identity verification agents to search the files of credit reference and fraud prevention agencies to enable us to make medical decisions about you and to prevent fraud (who will record the search).


If you provide false or inaccurate information, or if we suspect fraud, we will keep track of it and will be unable to fulfil your order.


Where do we keep your personal information?

We make sure that all of the information we have about you is kept in the United Kingdom. However, the information we collect from you may be sent to and stored by a third party in a country other than the UK. This will always be the bare minimum of information needed to complete the task, and the data will be anonymized. Anonymous website browsing data aggregated within Google Analytics is an example of this.


Your personal data will only be transferred outside of the UK or the EEA to countries that have been identified as providing adequate protection for personal data, or to a third party with approved transfer mechanisms in place to protect your personal data.


Information protection

We will process your personal data in a way that ensures appropriate security, including protection from unauthorised or unlawful processing, as well as accidental loss, destruction, or damage.


You are responsible for keeping your password confidential if you have chosen one that allows you to access certain parts of our website. We request that you do not share your password with anyone.


Unfortunately, information transmission over the Internet is not entirely secure. Despite our best efforts to protect your personal information, we cannot guarantee the security of any information you transmit to our site; any transmission is at your own risk. We will use strict procedures and security features to try to prevent unauthorised access once we have received your information.


More information on protecting your personal information and staying safe online can be found here.


Your data has been put to use in a variety of ways.


We will only use your personal information if there is a legal basis for doing so. Under this Privacy Policy, we rely on the following lawful purposes:


consent (in the cases where you choose to give it);


completing a contract with you;


adherence to the law’s requirements; and


legitimate motives When we talk about legitimate interests, we’re talking about our legitimate business interests in the day-to-day operations of our company that don’t have a material impact on your rights, freedoms, or interests.








To create your account and/or register you as a customer


(a) Identity (b) Contact


the fulfilment of a contract with you


To manage your account and product orders, including taking into account prescriptions and handling payments, cancellations, returns, and refunds.


(a) Identity (b) Contact


(c) Transaction (d) Financial


  1. e) Well-being


the fulfilment of a contract with you

Legitimate objectives (fraud-checking)


To keep track of our relationship with you, such as notifying you of changes to our terms or this Privacy Policy.


(a) Identity (b) Contact


the fulfilment of a contract with you

Complying with a legal obligation necessitates this.

Needed to protect our legitimate interests


to run and protect our company and this website (including improving and fixing our service, analysis, testing, system maintenance, support, reporting)


  1. c) Technical aspects


Needed to protect our legitimate interests (for running our business and site securely, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

Complying with a legal obligation necessitates this.


To provide you with relevant website content and advertisements, as well as to track and analyse the effectiveness of the advertising we serve you.


Contact (a) Identity (b) Usage (c) Marketing (d)


  1. e) Technical aspects


Needed to protect our legitimate interests (to analyse how customers use our website and manage our business accordingly)


to improve our website, products/services, marketing, customer relationships, and experiences through data analytics


Technical (a) and Usage (b)


Needed to protect our legitimate interests (to define types of customers for our products and services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy)



If you have purchased goods from us or otherwise requested or consented to marketing communications from us, we may use your personal data to send you marketing communications about our goods and services that are relevant to you for our legitimate business interests. You can opt out of receiving marketing communications from us by clicking the unsubscribe link in an email or sending us an email at info@mylondonpharmacy.co.uk. As a result, until you unsubscribe from marketing communications, we will keep your personal data in our records for marketing purposes. Please be aware that even if you unsubscribe from marketing communications, we will continue to contact you for our legitimate business interests regarding your account and any products you order from us. We will also keep your personal information on file in order to avoid sending you marketing communications. If you unsubscribe, you understand that it may take a few days for us to update your preferences on our system.


Your information will be made public.

For our legitimate interests, we may share your personal data with our subcontractors and agents, such as our prescription partner, Red Label Medical Ltd, our laboratory partner, and our IT service providers, payment providers, accountants, auditors, and lawyers, who we may appoint to perform functions on our behalf and in accordance with our instructions. We may also ask third parties to contact you to request that you review and/or provide feedback on our services.


To ensure that any data is handled responsibly, we check that all of our third-party suppliers are GDPR compliant before we engage their services. We will take all reasonable steps to protect your data and ensure that it is handled securely and in accordance with this Policy. Furthermore, we will only provide our subcontractors and agents with the personal data they require to perform their services for us, and if we stop using their services, we will request that they delete or anonymize your personal data in their systems.


If we merge, sell assets, consolidate or restructure, finance, or sell all or a portion of our business to another company for our legitimate interests, the new owners may use your personal data in the same way that we do as set forth in this Policy.


We may also disclose or share your personal data if we are under a legal obligation to do so, such as to comply with a legal obligation, to enforce or apply our Terms & Conditions and other agreements, or to protect ABSM Healthcare Limited, our customers, or others’ rights, property, or safety. This includes exchanging information with other businesses and organisations for the purposes of preventing fraud, addressing security concerns, addressing technical risks, and lowering credit risk.


We share your personal information with our ID verification partner for the purpose of ID verification. This is only done the first time you order or if your personal information changes. Although this check will appear on your credit report, it will have no impact on your credit score. If you are notified that a credit agency has conducted a check on you, please contact us and we will be happy to assist you.


Your legal rights

Under applicable data protection legislation, you have a number of rights. Some of these rights are complicated, and we haven’t included all of the details here. Here’s where you can learn more.


Right of access: You have the right to request a copy of the personal information we have on file for you.

Right to rectification: If the personal data we process for you is inaccurate, incomplete, or out of date, you have the right to request that we correct it.

Right to data portability: You have the right to request that we transfer your personal data to another service provider if you gave us your consent to use it or if we used it to fulfil a contract with you.

Right to restrict or object to processing: You have the right to request that we restrict the processing of your personal information in certain circumstances. If you believe our processing is infringing on your fundamental rights and freedoms, please let us know. Regardless of your rights and freedoms, we may be able to demonstrate that we have legitimate grounds to process your personal data.

Right to be forgotten: If you wish to stop being a patient of My London Pharmacy, please send us an email and we will cancel your account. With immediate effect, your account will become inactive, and you will be unable to access it. This action is irreversible. You acknowledge and agree that My London Pharmacy is required by law to keep electronic patient records for a minimum of ten years, including your personal information, communications, and treatments.

Right to opt out of receiving marketing information: You have the option of opting out of receiving marketing information from us, but please note that we will continue to contact you regarding any issues relating to your account, if you have one.

If your request in relation to your rights is manifestly unfounded or excessive, we reserve the right to charge an administrative fee, and we may ask for identification before we can fully respond to your request.


You have the right to exercise these rights at any time by writing to PharmaExpo LTD, Unit 3 Heston House, 7-9 Emery Road, Bristol, BS4 5PF, or by emailing info@mylondonpharmacy.co.uk.


Please let us know if you have any complaints about this Privacy Policy or our processing of your personal data in general. We will review and investigate your complaint and respond to you as soon as possible. You also have the right to contact the Information Commissioner (www.ico.org.uk), or your local regulatory authority if you are based outside of the United Kingdom.


Our website may contain links to and from the websites of our partner networks, advertisers, and affiliates from time to time. If you click on a link to one of these websites, please be aware that these sites have their own privacy policies, for which we take no responsibility or liability. Please read these policies carefully before providing any personal information to these websites.


Data preservation

Personal data will be stored in accordance with applicable laws.


We may also be required to keep personal data for a specific period of time to comply with legal, auditing, or statutory obligations, such as HMRC’s requirements for financial documents and to resolve any disputes you may raise. We consider the type of personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means when determining the appropriate retention period for personal data.


You acknowledge and agree that, as stated above, My London Pharmacy is required by law to keep electronic patient records, including your personal information, communications, and treatments, for a minimum of ten years.


If there is no legal basis for us to continue processing your personal data, we will either delete it or anonymize it; if this is not possible (for example, because your personal data is stored in backup archives), we will securely store it and isolate it from further processing until deletion is possible.


For the avoidance of doubt, we may use anonymous data, such as usage data, indefinitely without further notice to you for research or statistical purposes.


Policy Modifications

Any future changes to our Policy will be posted on this page and, where applicable, notified to you via email.




If you have any questions, comments, requests, or concerns about this Privacy Policy, please contact info@mylondonpharmacy.co.uk.


Tania Al-Hassani is My London Pharmacy’s data protection officer.


If you are unhappy with how a request or concern was handled, you can file a complaint with the Information Commissioner’s Office (https://ico.org.uk), the UK’s independent data controller and privacy regulator.



Shopping Cart