Data Privacy and Cookies

What are the rights of our customers?

The points below clearly set out the rights each customer is entitled to. Please don't hesitate to ask us for an explanation of each, should you wish to have more information.

  1. The right to be informed.
  2. The right of access.
  3. The right to resolution.
  4. The right to erasure.
  5. The right to restrict processing.
  6. The right to data portability.
  7. The right to object.
  8. Right to complain.

On rare occasions where you believe your data has been wrongfully processed, stored or handled, and we are unable to correct this satisfactorily, you have the right to raise a concern with the Information Commissioner’s Office (ICO).

Details on how to do this can be found here:

https://ico.org.uk/your-data-matters/raising-concerns/

Definitions

In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way. They are:

“personal data” any information about an identifiable living human being.

“process” we “process” your personal data when we do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.

“Customers” who have bought goods or services from us;

“Suppliers”, “Associates” suppliers or potential suppliers of goods or services to us;

“Affiliates” who have signed up to our affiliate scheme (if we have one).

 

Types of Data we Process and Retain

Name, address, email, phone number, previous order history

How we obtain consent to process personal data.

    We obtain consent with a clear, specific and explicit request:

    Thank you for trusting us with some information about you. We take that trust seriously and we want you to know how we use your information and why.

    If you have queries about how we use your data, or comments or questions about this Policy, please do email us.

    Policy updates: We keep this Policy under regular review, and this page may be updated from time to time.

     

    Security measures and policies in place.

    • GDPR-compliant,
    • Broad use of encryption
    • Two-stage security login when necessary
    • Two-stage newsletter sign up

    How we meet access requests within a one-month timeframe.

    Our small professional team will respond to all access requests quickly and

    efficiently according to our standard operating procedures.

    Our employees understand what constitutes a personal data breach.

    Everybody involved in our business is aware of the need to report any data breach

    to the person or team responsible for data protection compliance.

     

    How we conduct due diligence on your supply chain.

    List of all suppliers and contractors who are GDPR-compliant.

    Terms in place with suppliers (which puts important obligations on them,

    such as the need to notify you promptly if they have a data breach).

     

    How we collect information

    Customer

    Once you buy something from us, we will collect information from you at the point of sale.

    This will include the information we collect from Prospects (above). We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.

    We process your data to support the delivery, the goods and services you have bought. We keep records of the goods/services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need.

    Financial and credit card details

    Credit card payments are handled by an external secure processor in accordance with their data security policies. We receive limited information from our processor for us to tie up your payment with your invoice.

    If you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person who paid us and how much and the reference number.

    We do not routinely keep credit scores nor use credit reference agencies.

    Newsletters and automated emails

    We monitor who opens what in our newsletter lists, and pre-set sequences of information we send you. We do this, so we can see if the content is popular and generate more of it, or if it is not read.

    There may be sub-routines that trigger if you click on links or articles. These are designed to offer you more information about things you are interested in.

    You can unsubscribe from these sequences at any time.

    Existing customers may receive emails about specific offers relating to things you have already purchased. You can unsubscribe from these at any time.

    From time to time, we contact individual email newsletter subscribers but it is extremely rare. This would normally be if something odd were going on and we wanted to check you could see and use the content or find out what was causing a problem.

    Data sharing with 3rd Parties

    We do not sell or exchange your personal data with organisations that may want to sell you something or use your data for research or other purposes.

    Platforms

    We keep a list of the software platforms we use to run our business. If you would like a list of all the platforms we use, please email us.

    People

    We have an outsourced support team for our own business which may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more. They have limited access to your data, where the service they provide to us means they need it.

    For example, if our IT support wants to check the functionality of a laptop or back up, they may need temporary access to information that may include something about you.

    For example, if we invoice you, our Accountant needs to process the information on the invoice.

    Your information/advice is held in the strictest confidence. Our team are all contracted to strict confidentiality clauses.

    Where is your data located?

    Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our customer records, to email, to accounting.

    This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. We have picked reputable, mainstream suppliers with appropriate security standards.

    Retention periods

    Your information will be kept for a minimum of 8 years.

    We need to keep customer information long enough to satisfy HMRC and our insurers. We keep information on prospective customers long enough to make our sales enquiry system effective.

    If you subscribed to a newsletter or updates list, you will remain on the list(s) you joined until you unsubscribe from that list.

    Your rights

    You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.

    If you feel for some reason we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.

    Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our products and services.

    If you want to know what information we have about you (if any) email us at the email address set out above and give us your name, email address(es) and we will happily do a search and let you know what information we hold on you and how we are using it/have used it.

    You have a “right to be forgotten” - but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a customer, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.

    Complaints

    If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address set out above.

    If we can’t sort it out, the relevant supervisory authority for us is the Information Commissioner for the UK.

    Cookies

    For information about cookies and how we use them, please see our cookie policy below.

    Data Protection 

    The information you have provided and held by Matrix Enterprises Ltd is subject to the General Data Protection Regulation (Regulation (EU) 2016/679). (GDPR) 

    You consent to us or any company associated with us, for example, product providers or platforms we use to provide you with our services, with processing your personal data both manually and by electronic means.

    Your data will be used for the sole purpose of providing advice, administration and management.

    “Processing” includes obtaining, recording or holding information or data, transferring it to other companies associated with us, such as product providers, the Financial Conduct Authority (FCA) or any other statutory, governmental or regulatory body for legitimate purposes including, where relevant, to solicitors and carrying out operations on the information or data.

    You may be assured that we and any company associated with us will treat all personal data and sensitive personal data as confidential and will not process it other than for a legitimate purpose associated with the service we will provide you. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary.

    Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the data. 

    Subject to certain exceptions, you are entitled to have access to your personal data that is held by us. You will not be charged for us supplying you with such data, however, we do reserve the right to apply a ‘reasonable fee’ where requests are deemed excessive.

    We will respond to your request as soon as possible and within the maximum time frame of one month.

    In order to provide services to you, we may be required to pass your personal information to parties located outside of the European Economic Area (EEA) in countries that do not have Data Protection Laws equivalent to those in the UK. Where this is the case we will take reasonable steps to ensure the privacy of your information.

    Our Cookie Policy

    The Naked Pharmacy does not use cookies for any purpose other than the ones listed in this policy. By using our website, you agree that cookies may be placed on your computer or internet-enabled device.

    What are cookies?

    A cookie is a small amount of information that’s downloaded to your computer or device when you visit certain websites. We use a number of different cookies on The Naked Pharmacy website, including necessary, functional, performance and targeting cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance, whether it’s their first time visiting or if they are a frequent visitor. We use this information to improve the browsing experience for all of our users.

    What cookies do we use and why?

    Some cookies are necessary to allow you to browse our website, use its features, and access secure areas. The use of these cookies is essential for the website to work, and we do not use these cookies to collect personal information about you. For example, we use user-input cookies for the duration of a session to keep track of a user’s input when filling in forms that span several pages.

    We also use functional cookies to remember the choices you’ve made or information you’ve provided, such as your username, language, or the region you are in. This allows us to tailor your website experience specifically to your preferences. For example, authentication cookies are functional cookies that are used for the duration of a session to allow users to authenticate themselves on subsequent visits or to gain access to authorised content across pages. The functional cookies we use include:

    User-centric security cookies to detect authentication abuses for a limited persistent duration, like repeated failed login attempts. These cookies are set for the specific task of increasing the security of the service.

    Multimedia content player session cookies (flash cookies) are used for the duration of a session to store technical data needed to playback video or audio content (e.g. image quality, network link speed, and buffering parameters).

    Load balancing session cookies are used for the duration of the session to identify the same server in the pool in order for the load balancer to redirect user requests appropriately.

    User interface customisation persistent cookies are used to store a user’s preference regarding a service across web pages.

    The Naked Pharmacy is dedicated to user experience and we use many tools to help us improve our website. To this end, we use performance cookies to collect information about how you use our website and how often. These cookies only gather information for statistical purposes and do not gather any information that can personally identify you. However, because these cookies are not strictly necessary for the use of our website, we require your consent to use them. The performance cookies we use include:

    First party analytics cookies - We use these cookies to estimate the number of unique visitors, to improve our website and to detect the most searched for words in search engines that lead to a webpage. These cookies are not used to target you with online marketing. We use these cookies to learn how our website is performing and make relevant improvements to improve your browsing experience.

    We also use Google Analytics and other third-party analytics providers to help measure how users interact with our website content. These cookies “remember” what our users have done on previous pages and how they’ve interacted with the website. For more information on Google Analytics, visit Google’s information page. For instructions on how to opt out of Google Analytics, see below.

    Targeting cookies are used on our website to tailor marketing to you and your interests and provide you with a more personalized service in the future. These cookies remember that you visited our website and we may share this information with third-parties, such as advertisers. Although these cookies can track your visits to our website and other sites, they typically cannot personally identify you. Without these cookies, the advertisements that you see may be less relevant and interesting to you. We do not use third-party advertising cookies.

    Finally, Social plug-in tracking cookies are used by many social networks that have “social plug-in modules”. We integrate these modules into our platform to provide services that can be considered as “explicitly requested” by our users. Your consent, however, is required because some third-party social plug-in tracking cookies are used for things like behavioural advertising, analytics, and/or market research.

    How long will cookies remain on my computer or mobile device?

    The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 90 days and two years from the date they are downloaded to your device. See the section below on how to control cookies for more information on removing them before they expire.

    Social Buttons

    Social Buttons for third-party social media sites are used to enable our users to share or bookmark web pages. We cannot prevent these sites from collecting information about you. To understand how third-party social media sites use information about your activities on our website and the internet, please read their respective Terms of Use and Privacy Policies.

    How to control cookies?

    You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

    Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser's “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

    You can opt out of customized ads by visiting:

    Ads Preference Manager

    To opt-out of Google Analytics:

    Google Analytics Opt-out Browser Add-on

    If you use our website without opting out, it means that you understand and agree to data collection for the purpose of marketing ads to you.