Last updated: 29 July 2020
Introduction and Summary
Truepill Ltd, trading as Truepill (and also referred to here as “we” or “us”), respects your privacy, and we are committed to protecting it through our compliance with this policy.
This policy describes the types of information we may collect as part of our Truepill business:
- On or in connection with our operation of this Website.
- In email, text, and other electronic messages between you and us, or which are forwarded to us, regarding Truepill.
- When you interact with Truepill advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
- Us offline or through any other means, including on any other website operated by Truepill Ltd or any third party (including our affiliates and subsidiaries); or
- Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Truepill Digital Properties.
We use your personal information to provide, personalise and improve our websites, apps and services, promote goods and services, administer loyalty programs and competitions, receive and fulfil your orders and subscriptions, and address your customer support needs. Your personal information is also used and shared as required by law or in connection with legal matters. In particular, we use information about you, such as your order history, to provide you with related offers. We also share personal information with Service Providers so they can do these things.
For these purposes, information is shared with other companies (including affiliates and subsidiaries, if any exist at the relevant time), as well as a number of service providers and partners described below. In the event of a sale of all or part of our business, your personal information will (to the extent permitted by law, and subject to us obtaining any necessary consents from you) be transferred to the new owner. Where we rely on your consent, such as to send you direct marketing, to share your health details and related order history with third parties, and/or to personalise offers, you can withdraw this consent at any time.
We can be required by law to collect, retain and in some cases share sensitive personal information without your consent, for example to public authorities monitoring the prevalence of infectious diseases. We will take all necessary safeguards when doing so.
Please read this policy carefully to understand our policies and practices regarding your information, how we will treat it, and your rights, such as your right to object to certain processing. This policy may change from time to time, so please check the policy periodically for updates.
Children Under the Age of 13
Truepill Digital Properties are not intended for children under 13 years of age. No one under 13 may provide any information to or on Truepill Digital Properties. We do not knowingly collect personal information from children under 13. If you are under 13, do not (i) use or provide any information on Truepill Digital Properties or on or through any of its features, (ii) register on Truepill Digital Properties; (iii) directly or indirectly make any purchases through the Truepill Digital Properties, (iv) use any of the interactive or public comment features of the Truepill Digital Properties, or (iv) provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will aim to delete that information, except in exceptional circumstances, such as where continued retention is necessary to comply with our legal obligations, or in connection with actual or potential legal claims. If you believe we might have any information from or about a child under 13, please contact us.
Information We Collect About You and How We Collect It
We collect several types of information about users of Truepill Digital Properties or Third Party Services (“personal information”), either directly or through Third Party Services or our own service providers. We collect this information:
- Directly from you when you provide it to us.
- Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies and other tracking technologies (described below), and through “chatbots” or related communication systems.
- From third parties, for example Third Party Services or our business partners.
Information You Provide to Us
The information you provide to us on or through Truepill Digital Properties, or information we create based on that information, may include:
- Information (for instance name, login details, contact details, delivery addresses, and details about your health, allergies and prescriptions, or a history of conditions in your family) that you provide by filling in forms on Truepill Digital Properties. This includes information provided at the time of registering to use Truepill Digital Properties or requesting further services. We may also ask you for information when you report a problem with Truepill Digital Properties.
- Customer service notes.
- Records and copies of correspondence (including email addresses), if you contact us and/or we contact you, and/or use our Live Chat function on a Truepill Digital Property.
- Your responses to surveys, and the content and details (e.g. date) of any product or service reviews you leave.
- Details of transactions you carry out through Truepill Digital Properties and of the fulfilment of your orders. You may be required to provide financial information before placing an order through Truepill Digital Properties.
- Your search queries on Truepill Digital Properties.
- Your search queries on Truepill Digital Properties.
- Details about any consents you have provided or withdrawn, and things you have opted out of (e.g. newsletters).
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with Truepill Digital Properties, we may use automatic data collection technologies, such as Google Analytics, to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to Truepill Digital Properties, including traffic data, location data, logs, and other communication data and the resources that you access and use on Truepill Digital Properties.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve Truepill Digital Properties and other Truepill digital properties, and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize Truepill digital properties according to your individual interests.
- Speed up your searches.
- Recognize you when you return to Truepill Digital Properties or other digital properties operated by Truepill, such as helloeve.co.
The technologies we use for this automatic data collection may include:
Google Analytics supports an optional browser add-on that – once installed and enabled – disables measurement by Google Analytics for any site a user visits. Note that this add-on only disables Google Analytics measurement. More information about Google Analytics and your privacy can be found here and here .
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&hlrm=nl&answer=95647
- Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?s=cookies&r=5&as=s
- Safari: https://support.apple.com/en-gb/HT201265
If you disable the cookies that the Website uses, this may impact your experience while on the Website, for example you may not be able to visit certain areas of the Website or you may not receive personalised information when you visit the Website. You can also delete cookies already stored on your computer. Doing this may have a negative impact on the usability of many websites.
As of April 2020, the cookies in use on the Truepill website are as follows:
|__cfduid||1 month||Logrocket session tracking|
|_ga||2 years||Google Analytics|
|_gid||1 day||Google Analytics|
See the Service Providers list for more information about the companies mentioned in this list.
Information we receive from other Truepill services, and from third parties
Truepill Ltd operates several related services. In some cases, the company might look to use data in an integrated fashion across its business, for instance where a service might be interesting to users of the other services. In that case, personal information from one service might be relevant to Truepill (and vice-versa).
Sometimes, we also receive personal information from third parties. In particular:
- Your doctor or Third Party Services may send us your prescriptions or other information, with your permission where applicable. Their own Privacy Policies or other information should explain to you the information they will share with us, but depending on the circumstances it is likely to include:
- Name, unique identifiers, contact details, payment/billing details, insurance or co-payment details, or confirmations;
- Order and/or prescription details;
- Details of permissions/consents you have granted, or of things you have requested;
- Material information about your health or family history;
- Details of support queries, or other enquiries or complaints.
- We may have to check local or national health system records about you (e.g. summary care records), particularly in urgent cases or when it is not possible to speak to you or your doctor about your needs (e.g. outside working hours).
- We may obtain information about you from public sources, e.g. social media, particularly where you are using those to communicate with us (e.g., via Twitter); and/or from other third parties that hold information about you, for example so we can better understand your needs and interests.
- We may obtain information about you from people that contact us, e.g. concerned family members or law enforcement officials.
How We Use Your Information
We use (e.g. collect, store, analyse and/or share) information that we collect about you or that you provide to us, including personal information:
a) To fulfil a contract, or take steps linked to a contract: this is relevant where you wish to make a purchase from us or subscribe to our services, or enter a competition or loyalty scheme we offer. This includes:
- Keeping a list of items you add to your “shopping cart”, so you can complete the checkout process.
- Verifying your identity and/or contact details.
- Checking relevant health details (e.g., allergies to certain types of medication).
- Taking payments.
- Arranging the delivery or other provision of products, services, prizes or rewards.
- In order to contact you in urgent cases regarding your services and products, for example to notify you of product recalls, or where ethics or professional rules of conduct require that we provide information to you about your health.
b) As required to conduct our business and pursue our, your and/or other persons’ other legitimate interests.* In particular, we use personal information in our, your or third parties’ legitimate interest:
- To provide services to or via Third Party Services, for instance to fulfil orders you place through the Third Party Services without contracting directly with us; and to otherwise deal with or meet our obligations to Third Party Services, for instance retaining and sharing order records they request.
- To present Truepill Digital Properties and their contents to you, or to integrate them with Third Party Services, in a fast and secure manner, e.g. by using your IP address to send you the web pages you request; to estimate your location in order to deliver website content from a place near you (thereby reducing website loading times); and to combat the use of automated software agents (“bots”) that would otherwise disrupt the service). This improves customer satisfaction and protects our and your interests in service security.
- To provide you with information, products, or services that you request from us, in cases where this is not done pursuant to a contract between us.
- To enforce our rights, including those arising from any contracts entered into between you and us, including for billing and collection. More generally, we will use personal information in connection with legal claims, and for compliance, regulatory or investigative purposes; including disclosures of such information in connection with civil litigation (e.g. consumer disputes or intellectual property matters), law enforcement enquiries, or voluntary inspections.
- To notify you about changes to Truepill Digital Properties, any products or services we offer or provide though them, or other Truepill services.
- To ensure Truepill customers’ needs are being correctly identified and addressed (improving their experience and supporting the success of our business), for example by:
- inviting you to take part in customer feedback surveys or market research;
- addressing complaints or comments received from you or from others about Truepill products, services, digital content, marketing, suppliers or partners; or
- monitoring, improving and protecting Truepill products, services and website/app content, for example by learning about how people use Truepill websites, and what features could be improved.
- To produce statistics about the medicines we have dispensed and other products we have sold – these statistics (which will normally not be linked to you, e.g. because they are about an entire category of our customers) can help inform Truepill and third parties’ business decisions.
- To personalise Truepill Digital Properties and other Truepill services, products, services or promotions for you (for example, reminders to order refills of a product you previously purchased or reviewed).
- To verify creditworthiness and/or identity.
- To detect, prevent and/or report suspected crime (e.g. fraud) or other misconduct.
- To conduct research (e.g., to produce statistics allowing a better understanding of health trends and risks, and to invite you to participate in research projects).
The activities above can be undertaken directly or through another person, e.g. through the Third Party Service you are using (if any).
*Regarding data used in our or a third party’s “legitimate interests”: Even if we or third parties have a legitimate interest in a proposed use of your personal information, this does not automatically mean we can engage in that use; companies must also consider your own interests, for instance risks to your privacy. If you have any questions, or would like to object to our processing of personal information in accordance based on “legitimate interests”, you can get in touch using the contact details set out below.
c) As required or authorised by applicable rules and regulations, for example:
- Keeping, inspecting and disclosing records in order to meet tax/accounting legal requirements.
- Keeping and reporting data about the incidence of certain diseases, for public health statistical purposes.
- In response to orders from government or law enforcement authorities conducting an investigation or prosecution.
d) Where you give us consent, the consent itself will explain the data uses it covers. This could include:
- sending you newsletters and direct marketing in relation to our relevant products and services, or other products and services provided by Truepill and selected partners;
- placing cookies and using similar technologies to store or access information on your device; or
- transferring personal information, e.g. within or outside our group.
Note that consent is not always required for these activities, so consent is only our legal basis for such processing if we have in fact requested your consent to it.
e) In any other way we may describe when you provide the information.
Disclosure of Your Information
We may disclose aggregated information about our users, and other information that does not relate to any identifiable individual, without restriction.
- Internally within our company; or to our subsidiaries, affiliates or a parent company.
- To Third Party Services, to help them meet their obligations (e.g. to fulfil an order), exercise their rights (e.g. to defend a complaint), or to otherwise support their business (e.g. for billing or accounting, for fraud detection purposes, or to help them review order lists or generate statistics for business administration and planning purposes);
- To contractors, service providers, and other third parties we use to support our business, including, but not limited to, other pharmacies when transferring prescriptions. We use third parties for services including website hosting; IT maintenance; customer support and call centre operation; identity and fraud checking; payment processing; shipping and returns of ordered products; loyalty programs and competitions; market research; website and app analytics; marketing; manufacturing or supply. A periodically-updated list of our main service providers is available in the Service Providers section of this policy.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Truepill assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information about Truepill Digital Properties’ users is among the assets transferred.
- To fulfil the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent, for purposes and to the types of recipient disclosed to you when that consent is requested (for example, sharing information about an online consultation with your GP/family doctor).
We may also disclose your personal information:
- To comply with any court order, law, legal process or request, including to respond to any government or regulatory request, or to meet legal obligations to share information with your doctor.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Trupill Ltd, Third Party Services, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
If personal information is transferred to a recipient outside the UK or the European Economic Area, and the recipient is in a country that is not subject to an “adequacy decision” by the EU Commission or equivalent, that personal information will so far as feasible be protected pursuant to additional safeguards such as officially-approved standard contractual clauses, an appropriate Privacy Shield certification (or similar), or a vendor’s Processor Binding Corporate Rules. More details, such as a copy of or link to the relevant safeguards, can be provided upon request, by contacting us at the details provided below. Note that those additional safeguards may not be usable in all circumstances, for example in the case of (i) disclosures to foreign authorities, (ii) where an urgent data transfer is necessary in your or another person’s vital interests, or (iii) where you have expressly consented to the data transfers.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent.
- Promotional Offers from Truepill Ltd. If you do not wish to have your contact information used by Truepill Ltd to promote its own or our affiliates’ products or services, you can opt-out by sending us an email. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to services communications and other communications relating to a product purchase, warranty registration, product service experience or other transactions.
How long we keep personal information
a) Clinical Information
- Clinical information will be stored on Truepill systems. This information will be deleted in accordance with applicable law and the Records Management Code of Practice for Health and Social Care, or equivalent.
b) Other Information
- Account information for individuals (including people who have completed the on-line registration process) who have not used our consultation services will be deleted after two years, unless we are required to retain such information for any legal or regulatory reason.
- Account information about individuals (for example your name, log in details, summary details of services you have used, any complaints you have made about our service) who have accessed our services will be kept until two years after they last accessed the services or communicated with us, whichever is later. Notwithstanding the foregoing, where we process personal information in connection with performing a contract (including our terms of service, or individual transactions) or for a competition, we keep the data for 8 years from your last interaction with us.
- Where we process personal information (including order details) for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests. We also keep a record of that request indefinitely, so that we can continue to respect your request in future.
- Where we process personal information for site security purposes, we retain it for 12 months.
We retain accounting records for the minimum periods or, where applicable, the maximum periods specified by applicable law pertinent to those records.
Accessing and Correcting Your Information
Depending on applicable law, you may have the right:
- to ask us for a copy of personal information about you;
- to correct or delete that personal information;
- to restrict the processing of that personal information;
- in the case of personal information you provided, or which is used to perform a contract with you, to obtain a “portable” copy of that personal information and to ask us to share that information with another organisation.
In addition, you can object to the processing of your personal information in some circumstances (in particular, where we don’t have to process the information to meet a contractual or other legal requirement, or where we are using the information for direct marketing).
These rights may however be limited, for example if fulfilling your request would reveal personal information about another person, would infringe the rights of another person or legal entity (including our rights), or if you ask us to delete or change data which we are required by law to keep (or have other compelling legitimate interests in keeping). We will inform you of relevant exemptions we need to rely on, when responding.
To exercise any of these rights, or to obtain other information, you may send us an email. Please note however that in some cases, we might not be able to delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred. In the UK, this is the Information Commissioner (https://ico.org.uk/). Relevant data protection authorities in the EU are listed here: https://edpb.europa.eu/about-edpb/board/members_en.
In order to purchase products, the provision of billing and delivery information, and often also information about your health or prescription, is mandatory: if it is not provided, then we will not be able to safely complete and fulfil or renew your order or subscription. Similarly, in order to enter competitions, you need to provide basic details about yourself, in case you are selected as a winner. Mandatory fields in forms will be marked as such. Other information is optional, but the quality of the products, services and promotions you receive may be reduced, for instance they may be less relevant to your interests.
How the NHS and care services use your information
Truepill is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety
- planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit https://www.nhs.uk/your-nhs-data-matters/. On this web page you will:
- See what is meant by confidential patient information
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
- Find out more about the benefits of sharing data
- Understand more about who uses the data
- Find out how your data is protected
- Be able to access the system to view, set or change your opt-out setting
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
- See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time. Our organisation ‘is currently’ compliant with the national data opt-out policy. “
Truepill takes the security of information very seriously and has established security standards and procedures to prevent unauthorized access to patient information. We maintain physical, electronic, and procedural safeguards to comply with applicable standards to guard health information, including storing all information you provide to us on secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Truepill Digital Properties, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of Truepill Digital Properties like message boards. The information you share in public areas may be viewed by any user of Truepill Digital Properties.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to Truepill Digital Properties. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on Truepill Digital Properties.
Truepill shares your personal information with our service providers who process your data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure.
Like any business, we use many other providers to help us operate our business and who process your personal information as part of providing their services to us. A list of these providers is below:
- AWS – for data storage and hosting
- SignEasy – for electronic signature used in prescriptions
- Facebook – for advertising and marketing
- Google – for data storage
- Google Analytics– to analyse and develop our web services
- Google AdWords – for advertising and marketing
- Hotjar – to analyse and develop our offerings
- Intercom – for customer engagement services including email and SMS storage
- LogRocket – to help identify software defects
- PayPal – for payment processing
- Royal Mail / DX / DPD – for delivery services