Data protection declaration

The expert panel for pharmacies is run by Numark, which is a trading identity of PHOENIX Healthcare Distribution Limited.

The PHOENIX group takes the protection and security of its employees, business partners and customers’ data seriously. The respect of privacy is a serious concern to which we pay special attention when processing and using personal data. Insofar as personal data is collected (e.g. your name, address, or other contact data), it is processed and used exclusively in accordance with applicable data protection regulations. In this document we would like to inform you about the collection of personal data when registering and using the panel for pharmacies. Personal data refers to all data that can be related to you personally, e.g. name, address, email address, user behavior.

  1. Controller & data protection officer

    The controller responsible for the collection, processing, and use of your personal data in the context of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 is:

    Numark
    Numark House
    5/6 Fairway Court
    Amber Close
    Tamworth
    Staffordshire
    B77 4RP

    Headquarters: Runcorn
    Company Number: 00129370
    ICO Registration Number: Z599980X
    You can contact our data protection team at dataprotection@phoenixmedical.co.uk or via our postal address, marked for the attention of “the data protection officer”.

  2. Processing of personal data in the context of displaying the website

    When using our website, we collect the following data, which is technically necessary to display our website to you and to ensure stability and security:

    • IP address
    • Date and time of the request
    • Time zone difference from Greenwich Mean Time (GMT)
    • Content of the request (specific page)
    • Access status / HTTP status code
    • Amount of transferred data
    • Referrer URL
    • Browser
    • Operating system and interface
    • Language and version of the browser software
  3. Processing of personal data in the context of user account

    1. If you wish to participate in our panel program, and therefor to create a user account, we will process your following data:

      • Last name
      • Email address
      • Company details
      • Range of work experience

      The provision of the above-mentioned data is mandatory, all further information you provide voluntarily by using our portal.

    2. By agreeing to the Terms of Use of the panel program, you register for a service provided by us (the expert panel and participation in related promotions or competitions). The legal basis of processing of your data is the performance of service/contract according the Art. 6 para. 1 lit. b GDPR.

    3. During the registering process to the panel program, you will also sign up for email invitation to new panels. Sending of email invitations to new panels is based on performance of contract according to Art. 6 para. 1 lit. b GDPR.

    4. We apply the so-called double opt-in process to the registration process for our portal. This means you complete the registration only if you confirm your registration by clicking on the link contained in the confirmation email sent to you for this purpose. If you do not confirm within one week, we delete your registration from our database automatically.

    5. If you wish to no longer participate in our surveys, you, of course, have the option to deactivate your user account. We erase your data within 30 days after your account deactivation.

    6. You can unsubscribe from receiving email invitations at any time by clicking the opt-out link at the end of each invitation email or by sending an email to contact@numarkpharmacypanel.co.uk. You will then no longer receive email invitations but please note that our user account will also be deactivated and personal data erased (see No. 5 above).

  4. Processing of personal data in the context of panel participation

    The purpose of the panel participation is the analysation of customer satisfaction and market situation in order to optimise our processes and services. The processing of your personal data for this purpose is based on the service, which you have registered for (Art. 6 para. 1 lit. b GDPR) and on our legitimate interest according to Art. 6 para. 1 lit. f GDPR. We process your data from the panel participation in pseudonymous form.

  5. Processing of personal data in the context of lottery participation

    From time to time, PHOENIX offers a lottery after participation in a panel. The participation is voluntary and data for your lottery participation will be collected in a separate form, which you can access after finishing the panel. The processing of your data is based on our legitimate interest (Art. 6 para.1 lit. f GDPR), which consists in sending you the lottery prize in the case of winning. Your personal data will be erased after the end of the lottery, or in case of a win, after sending of the prize, unless legal retention periods apply.

  6. Processing of personal data through 3rd parties

    To some extent, we use external service providers to process your data. These service providers have been carefully selected and commissioned by us, are bound by our instructions, process personal data solely within the EU / EEA and are checked regularly.

  7. Cookies
    1. This website uses session cookies, these cookies do not store personal data such as names, usernames, email addresses or IP addresses. The cookie only stores a random session ID on the user’s device. The session cookie is automatically deleted on the server after two hours of inactivity and also is deleted when the browser is closed on the user’s device. The cookie enable the user’s behaviour to be analysed.
    2. The use of cookies is based on our legitimate interest according to Art. 6 para. 1 lit f GDPR. Our legitimate interest is to enable the use of the website by guaranteeing the stable operation and security of the website. Where are not specifically indicated, we store personal data only for as long as it is necessary to fulfil the purposes for which they were collected.
    3. You can configure your browser setting according to your wishes. For example decline the acceptance of third-party cookies or all cookies. Please be aware that you may not be able to use all features of this site.
    4. Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via the settings of your browser. Please use the help features of your internet browser to find out how to change these settings. Please note that some features of our website may not work if you have disabled the use of cookies and that the session cookies can’t be deactivated.
  8. Security

    We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

  9. Your Data Privacy Rights

    Under the terms of the general data protection regulation (GDPR) you have the following rights with regard to any personal data we are processing:

    • Right of Access

      You have the right to request confirmation whether data concerning you are being processed and to request information regarding these data according to Art. 15 GDPR.

    • Right to rectification

      In accordance with Article 16 of the GDPR, you have the right to request the completion or correction of inaccurate data concerning you.

    • Right to erasure

      In accordance with Art. 17 GDPR, you have the right to demand that relevant data may be deleted in case there are no legal obligations preventing the deletion.

    • Right to restriction of processing

      You may demand a restriction of the processing in accordance with Art. 18 GDPR.

    • Right of data portability

      You have the right to request to receive the data provided to us in accordance with Art. 20 GDPR and additionally to request its transmission to other processors.

    • Right to object

      You may object to the future processing according to Art. 21 GDPR at any time.

    • Right to revocation

      You have the right to revoke consent anytime according to Art. 7 Par. 3 GDPR valid for the future.

    • Right to notify the supervisory authority

      In accordance with Art. 77 GDPR you have the right to file a complaint with the competent supervisory authority.

  10. Reporting System

    The PHOENIX group and its affiliated companies within the meaning of §§ 15ff AktG have established a web based reporting system which is designed to enable employees, business partners, customers and third parties an easy system by which to report data incidents or concerns. These reports are taken seriously and are reviewed and actioned regularly and are used to improve the protection of personal data.

    You can access this reporting tool at any time via:
    https://phoenixgroup-databreach.integrityplatform.org/

    In order to explain the reporting system in more detail, we have also answered some frequently asked questions below:

    • When should I report an incident?

      PHOENIX group has an obligation to notify the supervisory authority within 72 hours of becoming aware of an incident, due to this, all incidents must be reported without delay via the online reporting tool.

    • What data incidents should be reported and how?

      All personal data incidents are to be reported to the Data Protection team via the online reporting tool.

    • What is a data protection incident?

      Data Protection incidents are any event which has, or could have, resulted in the accidental or deliberate loss of personal data (electronic or paper) or destruction of data, or unauthorised access to data (e.g. loss or theft of laptop, smartphone, paper record, prescriptions).

    • Data Protection incidents are any event which has, or could have, resulted in the accidental or deliberate loss of personal data (electronic or paper) or destruction of data, or unauthorised access to data (e.g. loss or theft of laptop, smartphone, paper record, prescriptions).

      The Data Protection team will review the incident report and will contact you for further information or, where necessary, will assist you with the post incident actions.

      If you believe that any information we are holding on you is incorrect or incomplete, please telephone, write or email us as soon as possible at the address shown below. We will promptly correct any information found to be incorrect.

      Customer Services
      Numark House
      5/6 Fairway Court
      Amber Close
      Tamworth
      Staffordshire
      B77 4RP

      0800 783 5709
      webadmin@numarknet.com

      Our Data Protection Team can help you with any general enquires relating to data protection and can be contacted at dataprotection@phoenixmedical.co.uk

      You may also report a data issue directly to us via our on line reporting tool https://phoenixgroup.integrityplatform.org/index.php?action=reportIncident

      You have the right to lodge a complaint with the supervisory authority (although we would encourage you to contact us in the first instance). The Information Commissioner can be contacted at; Information Commissioners Office, Wycliffe house, Water Lane, Wilmslow, Cheshire, SK9 5AF https://ico.org.uk/

  11. General Remark

    We retain the right to change our data privacy statement. This may be necessary as a result of technical developments. We therefore ask you to consult the data privacy statement from time to time and to apply the current version.

    Should you have any questions about data protection, please contact our Data Protection Officer at dataprotection@phoenixmedical.co.uk.

Date of last review and update: 17/09/2020

< back