Newmans Pharmacy – Privacy Policy

This Privacy Policy describes the policies and procedures on the collection, use, and disclosure of your information when you use the Service (the website), and explains your privacy rights and how the law protects you. Personal data is used to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Interpretation and Definitions

Interpretation: Capitalised words have specific defined meanings that apply whether they appear in singular or plural form.

Key Definitions:

• Account – A unique account created for you to access the Service.
• Business (CCPA context) – The Company as a legal entity that collects and determines the purposes of processing consumers’ personal information in California.
• Company – Referred to as “We”, “Us”, or “Our”. Under GDPR, the Company is the Data Controller. Country: United Kingdom.
• Consumer (CCPA) – A natural person who is a California resident (including those temporarily outside the USA).
• Cookies – Small files placed on your device by a website, containing browsing history details.
• Data Controller (GDPR) – The Company, which determines the purposes and means of processing personal data.
• Device – Any device that can access the Service (computer, phone, tablet).
• Do Not Track (DNT) – A concept promoted by US authorities allowing users to control tracking of their online activities.
• Personal Data – Any information relating to an identified or identifiable individual. Under GDPR, this includes name, ID number, location, online identifier. Under CCPA, it includes any information that can be reasonably linked to you.
• Sale (CCPA) – Selling, renting, releasing, disclosing, or otherwise communicating a consumer’s personal information to a third party for monetary or other valuable consideration.
• Service – Refers to the Website (https://newmanspharmacy.co.uk).
• Service Provider – Third-party companies/individuals who process data on behalf of the Company. Under GDPR, they are Data Processors.
• Usage Data – Data collected automatically from use of the Service (e.g. page visit duration, IP address).
• You – The individual accessing or using the Service. Under GDPR, you are the Data Subject/User.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data may include:

• Email address
• First name and last name
• Phone number
• Address, State, Province, ZIP/Postal code, City
• Usage Data

Usage Data is collected automatically and may include:

• IP address
• Browser type and version
• Pages visited, time and date of visit, time spent on pages
• Unique device identifiers and diagnostic data
• Mobile device type, unique ID, operating system, mobile browser type

Tracking Technologies and Cookies

The Company uses cookies and similar tracking technologies (beacons, tags, scripts) to track activity and improve the Service. Types include:

• Cookies/Browser Cookies – Small files placed on your device. You can instruct your browser to refuse cookies, but this may limit Service functionality.
• Web Beacons – Small electronic files (clear gifs, pixel tags, single-pixel gifs) used to count page visits, email opens, and gather website statistics.

Cookie Types Used:

Use of Your Personal Data

The Company may use personal data for:

• Providing and maintaining the Service – including usage monitoring
• Managing your Account – enabling access to registered user features
• Contract performance – fulfilling purchases and agreements
• Contacting you – via email, phone, SMS, push notifications regarding updates, security, and services
• Marketing – news, special offers, and information about similar goods/services (unless opted out)
• Managing requests – attending to your queries
• Business transfers – in the event of mergers, acquisitions, or asset sales
• Other purposes – data analysis, usage trends, campaign effectiveness, service improvement

Sharing Personal Information

Personal information may be shared:

• With Service Providers – for monitoring, analysis, payment processing, and contacting you
• For business transfers – during mergers, acquisitions, or financing negotiations
• With Affiliates – parent company, subsidiaries, joint ventures (bound by this Privacy Policy)
• With Business Partners – to offer certain products, services, or promotions
• With Other Users – publicly shared information may be visible to all users
• With Your Consent – for any other purpose you explicitly consent to

Retention of Your Personal Data

• Personal data is retained only as long as necessary for the purposes set out in this policy.
• Data is retained to comply with legal obligations, resolve disputes, and enforce agreements.
• Usage Data is generally retained for a shorter period, unless needed for security, functionality improvement, or legal obligations.

Transfer of Your Personal Data

• Personal data may be processed at the Company’s offices and anywhere else involved parties are located, including countries with different data protection laws.
• Submitting information and agreeing to this policy constitutes consent to such transfers.
• The Company ensures all transfers are treated securely and only occur where adequate controls are in place.

Disclosure of Your Personal Data

Business Transactions: In a merger, acquisition, or asset sale, personal data may be transferred. Notice will be given beforehand.

Law Enforcement: Data may be disclosed if required by law or valid requests from public authorities (courts, government agencies).

Other Legal Requirements: Data may be disclosed in good faith to:

• Comply with legal obligations
• Protect/defend Company rights or property
• Prevent or investigate wrongdoing
• Protect personal safety of users or the public
• Protect against legal liability

Security of Your Personal Data

Third-party Service Providers may access your personal data. These vendors collect, store, use, process, and transfer information about your activity in accordance with their own privacy policies.

Analytics

Third-party providers may be used to monitor and analyse Service usage.

Email Marketing

Personal data may be used to send newsletters, marketing, or promotional materials. You can opt out at any time via the unsubscribe link in any email or by contacting the Company.

Payments

Third-party payment processors are used. Payment card details are not stored or collected by the Company. Payment processors comply with PCI-DSS standards (managed by the PCI Security Standards Council, jointly maintained by Visa, Mastercard, American Express, and Discover).

GDPR Privacy Policy

Legal Basis for Processing Personal Data

Processing may occur under these conditions:

• Consent – You have given explicit consent
• Contract performance – Necessary for an agreement with you
• Legal obligations – Required by law
• Vital interests – To protect your vital interests or another person’s
• Public interests – Related to a task in the public interest or official authority
• Legitimate interests – Necessary for the Company’s legitimate interests

Your Rights under GDPR

If you are within the EU, you have the right to:

• Access – View, update, or delete your personal data; receive a copy of data held
• Correction – Have incomplete or inaccurate data corrected
• Object – Object to processing based on legitimate interests or direct marketing
• Erasure – Request deletion of personal data when there is no good reason to continue processing
• Data Portability – Receive your data in a structured, machine-readable format for transfer to another entity
• Withdraw Consent – Withdraw consent at any time (may limit access to certain functionalities)

Exercising GDPR Rights

Contact the Company directly. Identity verification may be required. Responses will be provided as soon as possible. You also have the right to complain to your local Data Protection Authority in the EEA.

CCPA Privacy Policy (California Residents)

Categories of Personal Information Collected (Last 12 Months)

CCPA exclusions (not considered personal information):

• Publicly available government records
• Deidentified or aggregated consumer information
• HIPAA/CMIA health/medical data, FCRA, GLBA, FIPA, Driver’s Privacy Protection Act data

Sources of Personal Information

• Directly from you – Forms, preferences, purchases
• Indirectly from you – Observed activity on the Service
• Automatically from you – Cookies and device tracking
• From Service Providers – Analytics vendors, payment processors, other third parties

Use of Personal Information for Business/Commercial Purposes

• Operate and provide the Service
• Support and respond to enquiries
• Fulfil the reason information was provided
• Respond to law enforcement / legal requirements
• Internal administration and auditing
• Detect security incidents, protect against fraud or illegal activity

Disclosure of Personal Information (Last 12 Months)

Categories disclosed for business/commercial purposes:

• Category A: Identifiers
• Category B: California Customer Records
• Category D: Commercial information
• Category F: Internet/network activity

Disclosures are governed by contracts requiring confidentiality and restricting use to the stated purpose.

Sale of Personal Information

The Company may have sold in the last 12 months:

• Category A: Identifiers
• Category B: California Customer Records
• Category D: Commercial information
• Category F: Internet/network activity

Personal information is shared with: Service Providers, payment processors, affiliates, business partners, and authorised third parties.

Sale of Personal Information of Minors Under 16

• The Company does not knowingly collect personal information from anyone under 13.
• Personal information of consumers under 16 is not sold without affirmative opt-in authorisation (from the 13–16-year-old, or parent/guardian for under-13s).
• Parents/guardians should contact the Company if they believe a child under 13 has provided personal data.

Your Rights under CCPA

• Right to Notice – Know which categories of data are collected and why
• Right to Request – Disclosure of collection, use, sale, and sharing of personal information
• Right to Opt-Out of Sale – Direct the Company not to sell your personal information
• Right to Delete – Request deletion (subject to certain exceptions for legal, security, contract, or research purposes)
• Right Not to Be Discriminated Against – Cannot be denied goods/services, charged different prices, given different quality, or threatened for exercising CCPA rights

Exercising CCPA Rights

• Visit the Contact Us page on the website
• Send an email (address not publicly listed on the page)

Requests must: verify your identity and describe the request in sufficient detail. Responses are provided free of charge within 45 days (extendable by an additional 45 days with notice). Disclosures cover the preceding 12-month period.

Do Not Sell My Personal Information

You can opt out of the sale of your personal information. To opt out of interest-based advertising by Service Providers:

• NAI opt-out platform
• EDAA opt-out platform
• DAA opt-out platform

On mobile devices:

• Android: “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization”
• iOS: “Limit Ad Tracking”

Note: Opt-outs are browser-specific and must be repeated if you change browsers or clear cookies.

“Do Not Track” Policy (CalOPPA)

The Service does not respond to Do Not Track (DNT) signals. Third-party websites may track browsing activities; DNT preferences can be set in your browser settings.

Children’s Privacy

The Service is not directed at anyone under 13. The Company does not knowingly collect personal data from under-13s. If a parent/guardian believes their child has provided data, they should contact the Company immediately, and the data will be removed.

California Privacy Rights  Shine the Light Law

Under California Civil Code §1798, California residents with an established business relationship may request once per year information about sharing of personal data with third parties for direct marketing purposes. Contact the Company using the details provided.

California Privacy Rights for Minor Users (Business and Professions Code §22581)

California residents under 18 who are registered users may request removal of publicly posted content or information. Contact the Company with the email address associated with your account. Note: removal is not guaranteed in all circumstances.

Links to Other Websites

The Service may contain links to third-party websites. The Company has no control over and assumes no responsibility for those sites’ content or privacy policies. You are strongly advised to review the privacy policy of every external site you visit.

Changes to This Privacy Policy

The policy may be updated periodically. Changes will be notified:

• By posting the new policy on this page
• Via email and/or a prominent notice on the Service prior to the change taking effect
• The “Last updated” date will be updated accordingly

You are advised to review this policy periodically.

Contact Us

For questions about this Privacy Policy:

• Visit the Contact page on the website
• Send an email (the specific email address is not publicly displayed on the page)