Privacy Policy
Introduction
At Pillo, we care deeply about privacy and take our responsibilities with your data very seriously. We know you care about your privacy too, so we are committed to being upfront and transparent about our privacy practices.
This privacy policy explains our privacy practices, including what personal information we collect, how we collect it, how we use it and your rights relating to this data. References to “you” or “your” in this privacy policy refer to both you and the patient you are acting on behalf of as relevant.
Who are we?
Pillo is the trading name of RPK Healthcare Limited, a company registered in England and Wales with the registration number 11825118, operating at Unit 25, Oakhill Trading Estate, Devonshire Road, Manchester, M28 3PT.
This privacy policy covers all services run by Pillo (“we”, “us”, “our”) including our websites, apps, services and pharmacy which is registered with the General Pharmaceutical Council as RPK Healthcare Limited, under registration number 9011300 at Unit 25, Oakhill Trading Estate, Devonshire Road, Manchester, M28 3PT.
Pillo is the controller of the personal information we process unless otherwise stated. You can read more about our duties with regards to your personal information here.
How can you contact us?
If you have any questions, queries or complaints regarding your personal information or how we use it, you can contact Pillo or our Data Protection Officer using the details below.
Pillo can be contacted:
By email at help@pillo.co.uk
By post to:
RPK Healthcare Limited
Unit 25, Oakhill Trading Estate,
Devonshire Road,
Worsley,
Manchester,
M28 3PT
Our Data Protection Officer is Rohin Patel. Rohin can be contacted:
By email at dpo@pillo.co.uk
By Post to:
Data Protection Officer
RPK Healthcare Limited
Unit 25, Oakhill Trading Estate,
Devonshire Road,
Worsley,
Manchester,
M28 3PT
What are the legal bases for collecting personal information?
When you use Pillo, we collect, use, share, and otherwise process your personal information for the purposes described in this policy. We rely on a number of legal bases to use your information in these ways. These legal bases include where:
-
Necessary to perform the contractual obligations in our Terms and Conditions and in order to provide our services to you;
-
You have consented to the processing, which you can revoke at any time;
-
Necessary to comply with a legal obligation, a court order, or to exercise or defend any impending or asserted legal claims;
-
Necessary for the purposes of our, or a third party’s legitimate interests;
-
You have expressly made the information public;
-
Necessary in the public interest, such as to prevent crime; and
-
Occasionally necessary to protect your vital interests or those of others (in rare cases where we may need to share information to prevent loss of life or personal injury).
What personal information do we collect and how do we collect it?
We collect information in order to provide our services to you and to better understand how they are used. Most of the personal information that we collect is provided to us by you through the Pillo app or when you communicate to us in other ways (for example over the phone, by email or by post). Some of this information is essential for us to be able to process your prescriptions. Failure to provide this information to us, or providing us with incorrect information will result in us being unable to process your prescriptions. We have outlined below the types of information that we handle and how it is collected:
-
Personal information - this includes information such as name, address, date of birth and GP details. This is collected during registration.
-
Contact information -this includes information such as your phone number and email address. This is collected during registration.
-
NHS Number -this is obtained and verified using the NHS Personal Demographic Service through our pharmacy management system.
-
Medication details - this includes records of medicines you have been prescribed or supplied by Pillo (including medication name and dosage instruction). We will never use your information about your prescriptions for marketing, although we may use it to advise you of other health services / products that might be useful or relevant to you. This is collected when shared with us by other health professionals for example your GP, when we receive a prescription for you, or when we access your Summary Care Record.
-
Health information - this includes details and notes about your health and medical treatment, and information relevant to your continued care from other people who care for you and know you well, such as other health professionals. This is collected directly from you, or when shared with us by other health professionals for example your GP. This also includes data we collect from NHS bodies such as your GP/surgery or hospital and when we access your NHS Summary Care Record if you have provided consent for us to do so.
-
Prescription charge exemption details - if you do not pay for your prescriptions. This is collected upon registration, or when you enter them.
-
Proof of consent - when you sign up to use our service, collected during registration.
-
Payment details - this is for prescription charges if you pay for your NHS prescriptions. Please note that we do not store your card details. This data is managed by our payment provider Worldpay. This is collected at the point of payment when entered by you.
-
Delivery and contact details - when you tell us your delivery address, we pass these details onto our third-party delivery services (e.g. Royal Mail). This is collected when you make a prescription request through our app, or if you tell us through other means of communication such as phone or email.
-
If you choose to enable location services, location information from your phone will be used to help you find your GP address. This is collected during registration.
-
Behavioural data - this includes information such as when you use Pillo and what actions you take within the app. We do this as part of our legitimate business interests in continuously improving our service to you. This is collected once you register to use Pillo and throughout your use of Pillo.
-
Technical data -this includes information such as crashes and glitches to help us identify when and how things go wrong and break down. We do this as part of our legitimate business interests in continuously improving our service to you from a technical perspective. This is collected once you register to use Pillo and throughout your use of Pillo.
Why do we process your personal information?
Pillo will only collect and process your information for clear and lawful purposes. These purposes include:
-
Storing your data in order to provide our services to you. This includes all functions within the app (such as dose reminders), processing prescription requests, dispensing and delivering your prescription.
-
Verifying your identity in order to complete your registration.
-
Communicating with GP surgeries in order to process your request and dispense your prescriptions.
-
Analysing and auditing your data in order to help us resolve issues, and improve our services.
-
Managing medication returns and confidential waste.
-
Communicating with you and contacting you by phone, post, email, in-app notifications, push notifications or other online communications.
Who do we share your personal information with?
Pillo will never sell, trade or rent out your personal information with third parties.
There are particular instances where we share your personal information with others. We are obliged to share certain information to comply with UK law and regulations, and to fulfil our contractual requirements with the NHS.
We have outlined below these instances and the third parties who we may share your data with:
-
Our Payments – sharing your information with the NHS Business Services Authority, others in the wider NHS, and sometimes Local Authorities, and only limited information.
-
Management – sharing limited information with the NHS Business Services Authority and others in the wider NHS, and sometimes Local Authorities; as well as those external to the NHS who ensure we maintain appropriate professional and service standards and that your declarations and ours are accurate.
-
Delivery service and couriers – for business purposes, postal delivery of prescriptions, and to send your prescriptions to the NHS (where a physical prescription is received)
-
Dispensing appliance contractors – where your prescription is for a medical appliance (such as catheters, stoma bags etc), we will pass your prescription, and the personal information on it to a third party appliance contractor to process.
-
Law Enforcement Agencies (LEA) – we will release personal data to LEA’s (such as the police) where we are required to do so by law. This will most likely be for the detection or prevention of crime, or to exercise or defend a legal claim.
Is your personal information transferred to other countries?
Given the global nature of the internet and online services, many websites and apps transfer data outside of the country from where it is collected. This could be the case where a website offering services in one country stores data on a server in another country.
Within the European Economic Area (EEA), there are strong data protection laws that provide a high level of protection. Some countries outside of the EEA do not have laws that provide the same level of protection, for example the USA. Where we transfer your data to countries outside the EEA, we will only do so if there are measures in place to protect your data and privacy.
Where we transfer your data to the USA, we use the EU-US Privacy Shield. This is a European Commission approved framework for regulating exchanges of personal data between the EU and the USA. This ensures that those companies who use the EU-US Privacy Shield have adequate protections in place for the exchange of personal information.
How do we keep your data secure?
Pillo takes data security very seriously and understands the importance of keeping your personal information safe and secure. We securely store your data and have effective security features in place.
For the transfer of data between your phone and our servers, we use 256-AES SSL encryption. We restrict the access to your data to authorised persons only, and where data is transferred, it is kept within the EEA, with ‘Privacy Shield’ providers or using agreed model clauses approved by the European Commission.
How long do we keep your personal information?
We will retain or process your data no longer than necessary. Generally, we will retain your data for as long as necessary to provide our services to you, for as long as we are legally or contractually required to do so, or for a period which is justifiable to meet our business needs.
If you require further information on our retention periods, please contact us using the details above.
How do we use cookies?
Across our website we utilise cookies to provide you with the best possible experience. Cookies are information stored on your device that assist us in understanding your preferences and how you use our website so that we can then better your experience on our site. The information stored is not personal information such as card details or contact details. and so cannot be used to identify you.
Our website is automatically set to 'allow cookies' and by browsing our site you consent to this. You can change your browser settings to deactivate cookies howeverplease note this may alter the functionality of our website. If you would like any further information visit the Information Comissioner's Office website.
We use multiple types of cookies on our website:
Necessary Cookies:
Necessary cookies are crucial for the basic functions of the website and the website will not work in its intended way without them. These cookies do not store any personally identifiable data.
Functional Cookies:
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Analytic Cookies:
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc
Performance Cookies:
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisments Cookies:
Advertisement cookies are used to deliver visitors with customized advertisements based on the pages they visited before and analyze the effectiveness of the ad campaign.
Other Cookies:
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Marketing
If you have given us permission to do so, we will, from time to time send you marketing emails. You can decide to opt-out of this at any time, and there will be instructions on how to do this at the bottom of the marketing emails. You can also change your marketing preferences though our app or by contacting us directly.
What are your privacy rights?
We would like to make sure you are fully aware of all of your data protection rights. You are entitled to the following:
-
The right to be notified – you have the right to know how we process your personal information and this must be presented in a clear, transparent and easily understandable manner. This is why we have produced this privacy policy.
-
The right of access – you have the right to ask us for copies of your personal information that we hold and process. This is so that you can check the accuracy of the data and that we are using it in line with the law.
-
The right to rectification – you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. (You can change certain personal information held in your account through the Pillo app).
-
The right to erasure – you have the right to ask us to erase your personal information in certain circumstances. For example, where it is no longer necessary for us to process it, you have withdrawn consent, or where there is no lawful basis for keeping it.
-
Your right to object to processing – you have the right to object to processing in certain circumstances. For example, you can object to us sending you marketing material.
-
Your right to restriction of processing – you have the right to ask us to restrict the processing of your information in certain circumstances. When processing is restricted, information can still be stored, but will it will not be used.
-
Your right to portability – this only applies to information you have shared with us directly. You have the right to ask us to transfer the information you gave us to another organisation or to yourselves.
-
Your right to file a complaint – you are entitled to make a complaint to the Data Protection Supervisory Agency about the way we handle your personal information. In the UK, this is the Information Commissioner’s Office (ICO). Their contact details can be found here.
-
Your right to withdraw consent – if you have given your consent to how we handle your personal information, you have the right to withdraw this consent at any time.
Privacy policies of other websites
Our website contains links to other websites. Our privacy policy applies only to our website, app and services. If you click on a link to another website, you should read their privacy policy.
Updating the Privacy Policy
Pillo keeps its privacy policy under regular review and we may update it at any time. We recommend that you check this page periodically. When significant changes are made, we will notify you by email using the email address associated with the account holder.
This privacy policy was last updated on 20 February 2020.