Privacy Policy

Our Privacy Policy explains what personal information we collect, why we collect it, and the rights you have regarding your data. We are committed to transparency and take every measure to protect and handle your information responsibly.

Please take a moment to read this Notice to learn how we manage your personal data. If you’re comfortable with our services and policies, feel free to continue using our platform.

Please note that our website may include links to third-party sites for your convenience. We are only responsible for the privacy and security of medzstore@proton.me   and we encourage you to review the privacy policies of any external websites you visit.

You may link to our website from other sites; however, we reserve the right to request the removal of any link if we believe it may harm us, our affiliates, or our partners.

If you have any questions about our Privacy Policy, feel free to reach out at: medzstore@proton.me

Changes to Our Privacy Policy:

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page, and we encourage you to review it regularly. Continued use of our website and services after any updates signifies your acceptance of the revised policy.

What is Personal Data?

Personal data includes any information associated with an individual that enables identification, either on its own or when combined with other data.

The Information We Collect

We collect personal information during registration and communication to fulfill your service requirements. Such information may include your name, address, email, telephone number, and other relevant details associated with the services you seek. Where applicable, sensitive personal data relating to health may also be collected for specific services.

We also collect:

Information We Receive from Other Sources:

We work closely with third parties, including business partners, service providers, and advertising networks. Information we receive from these sources may be combined with the personal data you provide to us, as described above.

Information About Other Individuals:

By providing personal information relating to another individual, you represent that such individual has been informed of, and has consented to, the collection, use, and disclosure of their personal information as described in this Notice.

Cookies

Cookies are small data files stored by your web browser on your device’s hard drive. They help track and record how you navigate and interact with our website during each visit.

How We Will Use Your Information

Any personal information we collect—whether relating to you or to another individual whose details you provide—will be collected, used, and protected in accordance with applicable data protection laws, our Terms and Conditions, and this Privacy Policy.

We primarily use your personal information for the following purposes:

Registration: When you register and create a secure online account, you confirm that all information provided is accurate, complete, and up to date. You agree to keep your login credentials confidential and not to share them with any third party.

By registering, you also confirm that you are 18 years of age or older.

Customer Account Management: Once you register, we will create and manage your customer account.

Order Processing: We process and fulfill orders placed through our website. If required personal information is not provided during checkout, we may be unable to process your order.

Customer Support: We respond to inquiries, refund requests, and complaints to provide effective support. 

Records of these interactions may be retained to meet contractual and legal obligations and to support our legitimate business interests in delivering high-quality service.

Medication Dispensing: We may use third-party suppliers or software providers to dispense prescribed medications.

Market Research: With your consent, we may carry out market research to improve and enhance our services.

Marketing Communications: With your consent, we may use your personal data, preferences, and transaction history to communicate with you via email, website, social media, text message, or telephone. These communications may include information about relevant products and services, special offers, promotions, events, surveys, and competitions tailored to your interests.

You may opt out of marketing communications at any time.

Interactive Features: We enable you to participate in interactive features of our services when you choose to do so.

Product Reviews and Surveys: We may invite you to submit product reviews or participate in customer surveys to help us measure satisfaction. Participation is voluntary.

Service Improvement: We may monitor and record telephone calls to our call centers for staff training, quality assurance, and service improvement purposes.

Website Activity Tracking: We track and analyze website activity to understand user behavior and improve site performance and functionality.

Communication: We may contact you via service-related emails regarding unavailable services, inquiries, order issues, or changes to our services.

Website Security: We take reasonable measures to maintain the safety and security of our website.

Legal Compliance: We process personal data as required to comply with applicable laws and to respond to lawful requests from courts, regulators, or other authorities.

Legal Basis for Processing

We process your personal data only where we have a lawful basis to do so. Depending on the circumstances, this may include one or more of the following:

Consent: We may process your personal data where you have given your consent, for example, when you agree to receive marketing communications.
Contractual Necessity: Processing may be required to enter into or perform a contract with you, including fulfilling orders or providing requested services.

Legitimate Interests: We may process your personal data where it is necessary for our legitimate business interests, provided those interests do not override your rights and freedoms. This includes activities essential to operating and improving our services.

Legal Compliance: We may process your personal data where necessary to comply with legal or regulatory obligations.

Disclosure of Your Personal Data

To deliver our products and services, we may engage trusted third-party organizations to process personal data on our behalf. We only share your information with parties that are directly involved in providing these services.

In all such cases, we ensure appropriate safeguards are in place to protect your personal data and that it is processed in accordance with this Privacy Policy.

Aggregated and Anonymized Data: We may also collect, use, and share aggregated or anonymized data, such as statistical or demographic information, for various purposes. This data is derived from personal data but does not identify you and is not considered personal data under applicable laws. If aggregated data is combined with personal data in a way that could indirectly identify you, it will be treated as personal data and processed in accordance with this Privacy Policy. Aggregated data used for marketing purposes remains separate from personal data, ensuring that you cannot be directly or indirectly identified.

Offers and Opportunities

We, together with our affiliated entities and carefully selected third parties, may contact you and/or individuals whose information you provide to inform you of relevant offers, opportunities, and initiatives. Communication may take place through various channels, including postal mail, telephone, text, picture or video messages, social media platforms, and email.

Details on how to opt in to receive information about offers are available on relevant pages of our website, within your customer account, and in your welcome email.

You may opt out of receiving such communications at any time.

Security:

We take the protection of personal information extremely seriously. We use advanced security technologies, including firewalls, Secure Socket Layer (SSL) encryption, and Web Application Firewalls (WAF), to safeguard information submitted through our website. In addition, we maintain robust procedures to protect paper records, computer systems, and databases against unauthorized access, disclosure, loss, misuse, or damage.

While we implement strong security measures, please note that electronic transmissions over the internet are never entirely secure. There is always a risk of interception or unauthorized access by third parties. To reduce this risk, you should ensure that any computer, device, or telephone used to access your online patient or customer account is properly protected.

Furthermore, Misuse of our Services is strictly prohibited. This includes knowingly introducing viruses, trojans, worms, logic bombs, or other malicious or technologically harmful material, as well as attempting to gain unauthorized access to our Services or launching denial-of-service attacks.

Any breach of these provisions may constitute a criminal offense under the Computer Misuse Act 1990. In such cases, we will report the matter to the appropriate law enforcement authorities and cooperate fully by disclosing relevant information. A breach will result in the immediate termination of your right to use the Services.

For additional security, we store your login password in encrypted form.

Transfer of Personal Data

As part of our Group’s operations, your personal data may be processed within our network of companies located in the United Kingdom. Where personal data is transferred within the European Economic Area (EEA), such transfers are protected by adequacy decisions issued by the European Commission in accordance with Article 45 of the GDPR.
Where an adequacy decision does not apply—such as transfers to countries outside the UK or EEA—data transfers are safeguarded through appropriate mechanisms. These may include Standard Contractual Clauses or other contractual protections approved by the European Commission (in line with Articles 46 and 49 GDPR), or applicable legal exemptions. This applies to external service providers acting on our behalf (such as IT providers or data centers) and other third parties located in third countries.For instance, when using TrustArc and Google Analytics tools, we may transfer your IP address or shortened IP address to countries outside the European Union, including the USA.

Updating and Correcting Information

We encourage you to keep your personal information accurate and up to date. You may update or correct your information at any time by selecting “Edit Profile” within the “My Account” section of our website or by contacting our Customer Support team.If you request updates or corrections to information relating to another individual, we may require evidence of your authorization to act on their behalf.

Retention of Personal Data

We retain personal data only for as long as required by applicable laws or for legitimate and lawful business purposes. Personal data will not be kept longer than necessary for the purposes described in this Privacy Policy and is subject to regular review.In certain cases, we may retain anonymized or aggregated data—where all identifying elements have been removed—for statistical or analytical purposes without time limitation, provided we have a lawful basis to do so

Further information on data protection rights and retention standards can be found at the UK Information Commissioner’s Office: https://ico.org.uk/for-the-public/.

Your Rights:
Under applicable data protection laws, you have several rights in relation to your personal data. These include, but are not limited to, the following:

Right of Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You may request the correction of inaccurate, incomplete, or outdated personal data.

Right to Data Portability: You may request the transfer of your personal data to another service provider where processing is based on consent or contractual necessity.

Right to Restrict or Object to Processing: In certain circumstances, you may object to or request restrictions on the processing of your personal data. We may continue processing if we can demonstrate compelling legitimate grounds that override your rights.

Right to Be Forgotten: If you wish to end your association with Medsstore, you may request account suspension via email. Your account will be permanently deactivated, and access will be irreversibly restricted. Please note that we are legally required to retain electronic patient records—including personal data, communications, and treatment records—for a minimum of 10 Years.

Right to Stop Marketing Communications: You may opt out of marketing communications at any time. However, we may still contact you regarding essential account-related matters.
We reserve the right to charge a reasonable administrative fee for requests that are manifestly unfounded or excessive and may request proof of identity before responding.

Complaints: If you have any concerns or complaints regarding this Privacy Policy or how your personal data is processed, please contact us directly. We will investigate and respond within a reasonable timeframe. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or your local data protection authority if you are located outside the United Kingdom.

External Links: Our website may contain links to third-party websites, including partner networks, advertisers, and affiliates. These websites operate independently and have their own privacy policies. We do not accept responsibility or liability for their content or data practices. Please review their privacy policies before submitting any personal information.

Retention of Data

We retain personal data in accordance with applicable laws and may keep it for specific periods to meet legal, regulatory, audit, or statutory requirements. When determining appropriate retention periods, we consider factors such as the nature of the personal data, the potential risks of unauthorized use or disclosure, the purposes for which the data is processed, and whether those purposes can be achieved through alternative means.

As previously noted, Medsstore is legally required to retain electronic patient records, including personal data, communications, and treatment information, for a minimum period of 10 years. Where there is no lawful basis to continue processing your personal data, we will securely delete or anonymize it. If immediate deletion is not possible, we will securely store the data and restrict it from further processing until deletion becomes feasible. We may retain and use anonymized data—such as aggregated usage or statistical information—indefinitely for research, analytical, or statistical purposes, as such data does not identify individuals.

How to contact us

You can contact us via email or web chat through our website at www.medsstore.org.
If you have any questions about this Privacy Policy or our data protection and privacy practices, please email us at medzstore@proton.me or write to us using the contact details provided on our website.