🔒 PharmGrowth takes data protection seriously. As a supplier of digital services to NHS pharmacies, we handle health-related data and are committed to full compliance with UK GDPR and the Data Protection Act 2018.
1. Who We Are
PharmGrowth ("we", "us", "our") is a trading name of a UK-based web services business providing professionally built and hosted websites for independent pharmacies. Our contact email is support@pharmgrowth.co.
We act as a data processor on behalf of pharmacy clients (who are the data controllers) for data submitted through the websites we build and host. We are also a data controller for data we collect about our own customers and website visitors.
2. What Data We Collect
2a. Data collected via PharmGrowth.co (our marketing website)
- Contact enquiry data: name, email address, pharmacy name, Pharmacy ODS Code, phone number, message content
- Demo request data: name, email, pharmacy name, ODS Code, phone number
- Subscription/payment data: handled and processed by Stripe; we do not store card details
- Analytics data: anonymised visitor data via cookies (see our Cookie Policy)
2b. Data collected via pharmacy websites we build and host
Pharmacy websites built by PharmGrowth may collect patient-submitted data including:
- NHS nomination requests: name, date of birth, NHS number, address
- Repeat prescription requests: name, date of birth, NHS number, medication details
- Pharmacy First / minor ailment consultations: name, contact details, symptom information
- Contact and callback requests: name, phone number, email
- Weight loss, vaccination and private service enquiries: name, contact details, health information
3. Legal Basis for Processing
- Contract performance: processing necessary to deliver our services to pharmacy clients
- Legitimate interests: responding to enquiries, improving our services, sending relevant communications to existing customers
- Consent: where we use optional cookies or send marketing communications
- Legal obligation: where required by law or regulation
For health-related data processed through pharmacy websites, the legal basis is typically Article 9(2)(h) GDPR — processing necessary for the provision of health or social care, under the responsibility of the pharmacy as data controller.
4. How We Use Your Data
PharmGrowth.co enquiries and demo requests
- To respond to your enquiry or build your demo website
- To set up and manage your website subscription
- To send service-related communications (invoices, renewal reminders, support)
- To comply with legal and regulatory obligations
Pharmacy website form submissions
- Data is stored securely in our database and made accessible only to the authorised pharmacy admin
- We do not use patient-submitted data for marketing or share it with third parties outside of delivering the service
5. Data Storage and Security
All data is stored within Supabase (hosted on AWS infrastructure within the EU/UK). Our backend services run on Railway, hosted within the EU. We implement the following security measures:
- All connections encrypted with SSL/TLS
- Row-level security on database access
- Admin dashboards protected by authentication (username/password)
- No patient data stored on client-side systems or browsers
- Regular access reviews for admin credentials
6. Data Retention
- Enquiry and demo request data: retained for 2 years from last contact
- Customer (pharmacy) account data: retained for the duration of the subscription plus 7 years for financial/legal compliance
- Patient-submitted form data (on pharmacy websites): retained until the pharmacy requests deletion; we recommend pharmacies review their own retention policies
- Analytics/cookie data: typically 13 months (see Cookie Policy)
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access: request a copy of the data we hold about you
- Right to rectification: request correction of inaccurate data
- Right to erasure: request deletion of your data (subject to legal obligations)
- Right to restrict processing: request that we limit how we use your data
- Right to data portability: request your data in a machine-readable format
- Right to object: object to processing based on legitimate interests
To exercise any of these rights, email us at support@pharmgrowth.co. We will respond within 30 days.
8. Third-Party Processors
We use the following trusted third-party processors who are contractually bound to process data securely and in compliance with UK GDPR:
- Stripe — payment processing (Stripe's Privacy Policy governs card data)
- Supabase / AWS — database and file storage (EU infrastructure)
- Railway — backend hosting (EU infrastructure)
- Netlify — frontend website hosting (EU CDN)
- Google (Gmail) — transactional email notifications via SMTP
We do not sell, rent or share personal data with third parties for marketing purposes.
9. Cookies
We use cookies to improve your experience on our website. For full details, see our Cookie Policy.
10. Health Data (Special Category)
Some pharmacy websites we build collect health-related information (NHS numbers, medication details, symptom data). This is classified as special category data under UK GDPR and is afforded the highest level of protection:
- Health data is only accessible to the pharmacy's authorised admin team
- We do not access, view or process patient health data except for technical maintenance and debugging purposes, with the pharmacy's consent
- Pharmacies are the data controllers for patient health data and are responsible for their own GDPR compliance, including ICO registration
11. ICO Registration
PharmGrowth is registered with the Information Commissioner's Office (ICO) as a data controller. Pharmacy clients who collect patient data through their website are independently required to be registered with the ICO.
12. Changes to This Policy
We may update this policy from time to time. The most current version will always be available at this URL. We will notify active customers of material changes by email.
13. Contact Us
For any data protection queries, requests to exercise your rights, or to report a concern:
Email: support@pharmgrowth.co
We aim to respond to all data-related requests within 5 working days and will complete requests within the statutory 30-day period.