Healthera Pharmacy App
Our NHS-approved mobile app
4.7/5

User Privacy – Superdrug Pharmacy by Healthera App

Superdrug Pharmacy by Healthera App is developed and maintained by Healthera (Healthera) Limited. This Privacy policy describes how Healthera will use any personal data collected from you or that is provided to it.

Healthera (Healthera) Limited (‘we’ or ‘us’) takes your privacy seriously. Please read this Privacy policy, our Privacy Information notices below, help areas (when interacting with our website) and our Cookies Policy. Together they explain our data protection policy and describe how we’ll use any personal data we collect from you or that is provided to us.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

For the purposes of the EU General Data Protection Regulation 2016/679 and the Data Protection Act 2018, in most instances, Healthera is the data controller for the processing of personal information we hold about you. More information on this can be found in the relevant individual privacy information notices available here.

Under the Data Protection Act 2018, Healthera is registered with the Information Commissioner’s Office (Registration number: ZA458369).

Our Data Protection Officer can be contacted at dpo@healthera.co.uk


Changes to the policy

We may change our Privacy policy from time to time. If or when changes are made we’ll include them here, so be sure to check back occasionally.

Your privacy rights when you’ve registered with the Superdrug Pharmacy by Healthera App

This web page expands on the Healthera privacy policies (a copy of which can be found here).

The purpose of this notice is to explain how Healthera Limited collects and uses your personal information and how we comply with data protection law. Where Healthera determines the reasons we use your personal information and the means of processing your personal information, it is the data controller.

In this notice, we explain some things about the personal information Healthera holds, and your rights regarding this information. It’s important that you read it carefully, together with any other privacy notices and information that we provide you, from time to time.

In this document, Healthera App refers to any of the mobile applications available through iOS or Android developed by Healthera Limited including the white label apps Paydens, Weldricks, Superdrug, and Alphega Pharmacy. 

About your personal information and where we obtain it
How we’ll use your personal information
What personal information we use and how long we keep it
Any other personal information not described above
Passing on your personal information to third parties

From time to time, we may need to pass your personal information to third parties. The reasons for this are as follows:

Security and safe storage of your personal information

The security of your personal information is very important to us and we take this matter very seriously.  We’ll use appropriate procedures and security features to process and protect your information.  We have in place a robust framework to ensure the security of your data.

Transfers outside the European Economic Area (E.E.A)

Some of the organisations that we share your personal information with may process it overseas. If any sharing means that your personal information will be transferred outside the E.E.A, we will only make that transfer if:

  • the country to which the personal information is to be transferred ensures an adequate level of protection for personal information
  • we have put in place appropriate safeguards to protect your personal information, such as an appropriate contract (like the contract terms sometimes called Model Contract Clauses issued by the European Commission) with the recipient
  • the transfer is necessary for one of the reasons specified in data protection law
  • sometimes, we will request your consent to the transfer

How you can access and correct your personal information

Queries and further information

Detailed Wording and Content

Your privacy rights when you’ve registered with the Superdrug Pharmacy by Healthera App

This web page expands on the Healthera privacy policies (a copy of which can be found here).

The purpose of this notice is to explain how Healthera Limited collects and uses your personal information and how we comply with data protection law. Where Healthera determines the reasons we use your personal information and the means of processing your personal information, it is the controller.

In this notice, we explain some things about the personal information Healthera holds, and your rights regarding this information. It’s important that you read it carefully, together with any other privacy notices and information that we provide you, from time to time.

About your personal information and where we obtain it

What information do we use and where do we obtain it

We collect and receive different types of personal information about you, in order to administer your Healthera account. Personal information we hold about you includes any information that identifies you (e.g. name, address, phone number etc). It also includes personal information which relates to specific topics which are thought to be more privacy sensitive (e.g. information about your health, your gender, etc). 

You can find more details about the type of information we hold about you in “What personal information we use and how long we keep it” see below.

When you registered as a user with the Superdrug Pharmacy by Healthera App you provided us with personal information about you.

You, or your dependant, will also provide us with personal information about you, from time to time, in order to administer your Superdrug Pharmacy by Healthera App account. For instance, if you want to organise repeat prescriptions, we will also need details of your medication, your date of birth, gender. Another example is when you inform us of a change of address; or when you let us know the information that we hold is incorrect.

We receive information about you from third parties. These could include:

  • pharmacies selected by yourself, if any
  • the GP Surgery that you have selected, if any
  • 3rd parties in relation to an event affecting you as a user (such as information provided by your CCG regarding your repeat prescription)

You need to help us keep the personal information we hold about you accurate. If you notice that any of your personal information is incorrect or if any personal information about you changes, please see below on how you can correct your personal information.

Please note: The personal information you provide to us, as well as that we collect about you, is necessary for us to administer your Healthera account and action your requests. Without it we may not be able to do so.

How we’ll use your personal information

Administration of your Superdrug Pharmacy by Healthera App account

In order to provide the Superdrug Pharmacy by Healthera App service we will use your personal information to:

  • Create your account
  • Manage changes to your account
  • Communicate and interact with you in relation to your Superdrug Pharmacy by Healthera App account. This can be by phone, web messaging, email, post, secure email, app
  • Provide you with support so that technical problems can be fixed
  • Match you with local pharmacies that can dispense medication and if requested their pharmacy services
  • Inform you about changes to the service
  • Improve our service offering including through surveys and research activities

The lawful basis for processing is the performance of a contact with you and necessity for our legitimate interests (e.g. to provide the Superdrug Pharmacy by Healthera App service, to provide customer support, to troubleshoot problems etc).

When Healthera need to use information about your health or other sensitive personal information we may ask you for your consent. However from time to time, there may be cases where due to legal reasons Healthera can use this personal information without your consent.

Processing your repeat prescriptions and pharmacy service requests

If requested, the Superdrug Pharmacy by Healthera App will process repeat prescriptions and requests for pharmacy services. We will work with your pharmacy that has been selected from the Healthera network of pharmacies and your registered GP to process your repeat prescription or place an order for a pharmacy service that you have selected.

The pharmacy will use the information to identify and engage with you as part of our services including to send you notifications regarding your medication and the dispensing of medicines to you.

The lawful basis for processing is your explicit consent, the performance of a contact with you and necessity for our legitimate interests (e.g. to provide a repeat prescription service, to provide a pharmacy service booking facility etc).

When ordering a repeat prescription within the Superdrug Pharmacy by Healthera App, you will be asked to press ‘Nominate’. This will enable your selected pharmacy to electronically manage (on your behalf) repeat prescription requests with your registered GP. This will enable your selected pharmacy to receive your prescription on paper or via Electronic Transfer of Prescription (ETP). Your pharmacy may contact you to verify your prescription or if they have any queries with the items or to advise you that your prescription is ready.

Your GP practice will use the information to identify you and issue prescriptions to you.

Your CCG may also be contacted at some stage during the processing of your repeat prescriptions and pharmacy requests. For instance, they may have to grant approval.

Processing pill alarm requests

If requested, the Superdrug Pharmacy by Healthera App will enable you to set a pill alarm to help you or your dependant to remember to take the medication, at the time and quantity advised by the pharmacy.

The lawful basis for processing is your explicit consent and necessity for our legitimate interests (e.g. to provide a pill alarm facility).

Processing your dependent’s repeat prescriptions and pharmacy service requests

If requested, the Superdrug Pharmacy by Healthera App can be used to process repeat prescriptions for your dependents.

When you enter their name and email address and register your dependant, we will send them an email or SMS message to introduce Healthera and to record their consent for us to process their personal data to enable you to order their repeat prescriptions and book pharmacy services on their behalf.

The lawful basis for processing is explicit consent and necessity for our legitimate interests (e.g. to facilitate the processing of repeat prescriptions and the booking of pharmacy services).

Marketing activity

We’ll use your personal information to provide you with other information you’ve consented to receive. You can easily withdraw your consent at any time. We explain how you can do so, each time we ask for your consent.

For example: when logging in to your Superdrug Pharmacy by Healthera App account for the first time, you will be asked whether you are happy to receive news and other information about Healthera that may interest you. If you have consented to receive such information, you can withdraw your consent at any time, by logging into your Healthera account going to “edit my profile” and changing your marketing preference.

We may also use your personal information to see if and when you open emails or links we send you, where you have consented to receive them.

Use of Cookies

If you use our website, you’ll see a message asking you to consent to the use of non-essential cookies, at your first visit. If you consent to the use of cookies, we’ll also use your personal information to monitor the traffic, security and performance of our website.

If you want more information about cookies we use or if you’d like to change your cookie settings, please go to our cookies policy page.

For research purposes

From time to time, Healthera may conduct research and surveys.  

We will use anonymisation techniques and aggregated datasets (so that personal data can no longer be associated with an individual) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

The lawful basis for processing is our legitimate interests (e.g. in order to help with improving our service and research into the quality of treatment.

What personal information we use and how long we keep it

We follow NHS guidelines on how long we keep your personal information that is used to process your prescriptions. You can find out more details below.

Data we use
  • First name,
  • Last name,
  • Address,
  • Postcode,
  • Date of birth,
  • Gender,
  • Login email address,
  • Mobile telephone number,
  • NHS Number,
  • Geo-location data ,
  • IP address,
  • Registered GP Practice & address,
  • Preferred Pharmacy & address,
  • Your consent to use the Superdrug Pharmacy by Healthera App and its services,
  • Messages,
  • Emails,
  • Consent for prescription ordered,
  • Consent for Pharmacy service ordered,
  • Prescription Exemptions,
  • Medication information:
  • Medicine currently taking (either retrieved from a third-party system, self-input, or otherwise), including name, dosage, dosing schedule. Your self-reported times and notes for when these medicines are taken.  
  • Date of account creation.
  • Date of account cancellation.

If you use the Superdrug Pharmacy by Healthera App to process repeat prescriptions for dependants the following personal information will be processed:

Your Dependants consent to permit processing of their personal data by Healthera,

  • Messages,
  • Emails,
  • Your dependants First name,
  • Your dependants Last name,
  • Your dependants Address,
  • Your dependants Postcode,
  • Your dependants Date of birth,
  • Your dependants Gender,
  • Your dependants   email address,
  • Your dependants Mobile telephone number,
  • Prescription Exemptions,
  • Your dependants NHS Number.
  • Your dependants Medication information: Medicine currently taking (either retrieved from a third-party system, self-input, or otherwise), including name, dosage, dosing schedule. Your self-reported times and notes for when these medicines are taken.
  • Your relationship to your dependant.
  • Date of Dependant registration.
  • Date of dependant registration cancellation.

How long we keep it for

We’ll keep the prescription transaction data for 2 years after which it will be deleted.

We’ll keep your Healthera account information and the information on any dependant for as long as you remain a user.

Messages and emails will be stored for 6 years.

If you cancel your account we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Any other personal information not described above

Data we use

Any other personal information we collect, not described in any of the categories above will be brought to your attention with a message at the point of collection from you.

How long we keep it for

We’ll keep it for 6 years.

In addition, we may keep your personal information for a longer period of time than mentioned above for archiving or research purposes, or in the event of ongoing disputes, claims, complaints or data migration. In such cases, we’ll consider the nature, degree of sensitivity, and volume of your personal information that needs to be kept. We’ll also take into consideration the purpose for extending the retention period and whether this purpose could be achieved through other means.

Passing on your personal information to third parties

From time to time, we may need to pass your personal information to third parties. The third parties we may share information with are:

For Administration of your Superdrug Pharmacy by Healthera App account

Most of our administration is carried out by Healthera staff in the UK.

In the course of providing Healthera services, we also use other processors such as:

  • fax service providers operating in E.E.A

Where this occurs, Healthera requires sufficient guarantees that appropriate technical and organisational measures are in place with all processors and that their standard of security with regard to the processing of your personal information is satisfactory to Healthera

In certain circumstances, we may need to disclose your personal information to other trusted third parties, who will receive it as data controllers in their own right (such as auditors, consultants and legal advisers. In such cases, we will ensure that the appropriate contracts and safeguards are in place.

Supply of Repeat Prescriptions and Pharmacy services

When you use our repeat prescription service we’ll need to share some of your personal information with the pharmacy, your GP and your CCG.

When you use our pharmacy service booking facility we’ll need to share some of your personal information with the pharmacy supplying the service.

Third party processors for website and App analytics purposes

Healthera uses website analytics in order to provide valuable information and insight into the performance, security and use of our website. We also share information about your use of our site with those web analytics providers. You’ll find more information in our cookies policy.

From that page, you will also be able to manage your preferences and be able to opt in or out from cookies that are not essential to the operation of the website.

We also use the Fabric SDK, Firebase SDK, Facebook SDK and UXCam SDK to help monitor the use, performance and security of the Superdrug Pharmacy by Healthera App, and to understand user demographics.

For compliance purposes

In order to comply with our legal, regulatory and statutory obligations, sometimes we also need to pass your personal information to 3rd parties, such as the Department of Health, CCG, courts, law enforcement agencies, our insurers, our auditors, and our professional advisers.

For Customer Support

Contact information which may include name, phone number, email address, and your pharmacy/GP details, will be shared with our live chat platform, Intercom. You can read about Intercom’s security credentials here.

Security and safe storage of your personal information

The security of your personal information is very important to us and we take this matter very seriously.  We’ll use appropriate procedures and security features to process and protect your information.  We have in place a robust framework to ensure the security of your data.

Transfers outside the European Economic Area (E.E.A)

Some of the organisations that we share your personal information with may process it overseas. If any sharing means that your personal information will be transferred outside the E.E.A, we will only make that transfer if:

  • the country to which the personal information is to be transferred ensures an adequate level of protection for personal information
  • we have put in place appropriate safeguards to protect your personal information, such as an appropriate contract (like the contract terms sometimes called Model Contract Clauses issued by the European Commission) with the recipient
  • the transfer is necessary for one of the reasons specified in data protection law
  • sometimes, we will request your consent to the transfer

How you can access and correct your personal information

How you can correct or rectify your personal information

In order to administer your Healthera Account and complete your requests for repeat prescriptions and other requests, it is important that we have accurate and complete information about you. We encourage you to notify us of any changes regarding your personal information, as mentioned just below.

You can correct the information we hold about you by logging into your Superdrug Pharmacy by Healthera App account, then selecting “edit your profile” and making the changes.

You can also contact us at Healthera Limited , St John’s Innovation Centre, Cowley Road  Cambridge, United Kingdom CB4 0WS or email us at support@healthera.co.uk.

How you can access your personal information and exercise your rights

Subject to certain conditions, you have the right to request access to the personal information that we hold about you. This is commonly called a “data subject access request” or in its abbreviated form, a “DSAR”.

If possible, you should specify the type of information you would like to see to ensure that our disclosure meets your expectations. We must be able to verify your identity. Your request shall not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other individuals.

In addition to your right to request access to or rectification of the personal information we hold about you, you’ll have the right, under certain circumstances, to make a request to:

  • restrict or object to the processing of the personal information we hold about you (see Note1)
  • erase your personal information (see Note1)
  • receive personal information about you that you have provided to us in a structured, commonly used, machine-readable format where we use it with your consent (‘right to data portability’)(see Note2)
  • withdraw your consent for us to process your personal information, where based on consent (see Note3)

Note1:  It is important to note that your request to restrict or object to processing, or erase your personal information doesn’t automatically lead to a requirement for the processing to stop, or for your personal information to be deleted. For instance, we may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.

Note2:  In addition, the right to data portability only applies in certain circumstances such as where the processing relies on consent.

Note3:  If you do decide to withdraw your consent we will stop processing your personal information for that purpose going forward, unless there is another lawful basis we rely on – in which case, we will let you know.

To make a request under these rights you can:

  • write to us at  Healthera  Limited , St John’s Innovation Centre, Cowley Road  Cambridge, United Kingdom CB4 0WS   or
  • email us at support@healthera.co.uk

Queries and further information          

Further information

The information provided in this privacy notice is in addition to any other privacy information we may give you on this website or via other channels (App, paper communication, secure message, webchat, telephone etc.).

We may update this notice from time to time. We will keep updated you on material changes to this notice. We also encourage you to check this notice on a regular basis.

If you want more information about the use of cookies on the Healthera website or Healthera App, please view our cookies policy. 

Contact us

If you want to contact us, you can

  • write to us at Healthera  Limited , St John’s Innovation Centre, Cowley Road  Cambridge, United Kingdom CB4 0WS  
  • email us at support@healthera.co.uk
  • contact our data protection officer at dpo@healthera.co.uk

Raise a complaint with ICO

If you have concerns about the way we handle your personal information and you think we haven’t dealt with them properly, you can contact the Information Commissioner’s Office or raise a complaint.

We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office so please contact us in the first instance.

The Information Commissioner’s Office can be contacted:

  • by phone on +44 303 123 1113
  • by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
  • via their website at http://www.ico.org.uk/concerns
  • Last updated on 12th August 202