GPhC-registered UK pharmacy Reviewed by UK prescribers Free next-day tracked delivery

Privacy policy

Version: 2026-07-03

EA Pharma Group Ltd ("we", "us") is the data controller for personal data processed through this service. We are registered with the Information Commissioner's Office (ICO registration number: [TODO before launch]). This policy explains what we collect, why, and your rights under UK GDPR and the Data Protection Act 2018.

1. What we collect

To provide a safe clinical service we collect the following categories of data:

  • Identity and contact data — name, date of birth, address, email, phone, photo ID.
  • Health data (special category) — your consultation answers, height, weight, BMI, medical history, medicines, photos used for clinical verification, prescriptions and clinical notes.
  • Order and payment data — items ordered, delivery address, payment status. Card details are processed by our payment provider and never stored on our servers.
  • Technical data — IP address, device/browser information and, with your consent, analytics cookies.

2. Why we process it (lawful bases)

We process identity, order and delivery data to perform our contract with you (UK GDPR Art. 6(1)(b)).

We process your health data for the provision of healthcare, under the responsibility of registered health professionals (Art. 9(2)(h), with Art. 6(1)(e)/(f)), and with your explicit consent collected during the consultation (Art. 9(2)(a)).

We process records to comply with legal obligations that apply to pharmacies, including record-keeping requirements under medicines legislation and GPhC standards (Art. 6(1)(c)).

We send marketing only with your separate, optional consent, which you can withdraw at any time (Art. 6(1)(a)). We never sell your data.

3. Who sees your data

Your consultation, photos and clinical records are accessible only to our clinical team (prescribers and pharmacists) and, where strictly necessary, trained support staff bound by confidentiality.

  • Our prescribers, to make prescribing decisions.
  • Our pharmacy team, to dispense and dispatch your medicine.
  • Delivery partners receive only your name, address and contact details for delivery.
  • Our payment provider processes payments; our email provider sends service emails.
  • With your consent, your GP — we recommend keeping your GP informed of treatment.
  • Regulators or authorities where the law requires it.

4. Where your data lives and how it's protected

Data is stored on servers located in the UK/EEA. Data is encrypted in transit (TLS) and at rest. Access to clinical records is role-restricted and every access or change to a clinical record is written to an audit log. Identity and clinical photos are stored in private storage that is never publicly accessible.

5. How long we keep it

Pharmacy and prescription records must be retained to meet legal and professional requirements — typically 8 years for adult clinical records in line with NHS records-management guidance. Account data is kept while your account is active. Where records are no longer required we delete or irreversibly anonymise them.

6. Your rights

Under UK GDPR you have the right to:

  • Access a copy of your data (subject access request).
  • Correct inaccurate data.
  • Request erasure, where retention is not legally required.
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent at any time (this doesn't affect processing already carried out).
  • Complain to the ICO (ico.org.uk). We'd appreciate the chance to resolve concerns first: care@eapharmagroup.com.

7. Contact

Data protection queries: care@eapharmagroup.com. Registered pharmacy: 23a Gowthorpe, Selby YO8 4HE.

This document is a working draft prepared for launch review. Have it checked by a suitably qualified adviser before going live.