Facebook Linkedin
Yatton Pharmacy Logo
Book now

Privacy Policy

1. Who We Are

Yatton Pharmacy and Ear Wax Removal Centre is an independent NHS and private community pharmacy at 8 Pages Court, High Street, Yatton, BS49 4EG. We are registered with the General Pharmaceutical Council (GPhC) and contracted to deliver NHS pharmaceutical services in England.

We are the data controller for the personal and health information we hold about you. That means we decide how and why your information is used, and we are responsible for keeping it safe.

Data queries: Yatton Pharmacy and Ear Wax Removal Centre, 8 Pages Court, High Street, Yatton, BS49 4EG. Phone: 01934 832236. Email: info.yattonpharmacy@gmail.com.

2. What Personal Data We Collect

Prescriptions and dispensing

  • Full name, date of birth, NHS number, address
  • Medication details including drug name, dose, quantity, and prescriber
  • Exemption status
  • EPS nomination record

NHS clinical services

  • Name, date of birth, NHS number
  • Clinical consultation notes and assessment findings
  • Treatment or medicine supplied
  • Results reported to your GP as required by service specification
  • Blood pressure and ABPM results from hypertension case-finding
  • Carbon monoxide readings from smoking cessation service

Private services

  • Name, date of birth, address, contact details
  • Medical history, allergy and medication history relevant to the service
  • Consultation notes and clinical findings
  • Medicine supplied under a Patient Group Direction (PGD) with LK Consulting authorisation

Website and contact form

  • Name and contact details from contact forms
  • IP address and browser information (automatic, see Cookies section)
  • Appointment booking details submitted via Healthera

3. Legal Basis for Processing

NHS services: Public task (Article 6(1)(e) UK GDPR) and healthcare provision (Article 9(2)(h)).

Private services: Contract performance (Article 6(1)(b)) and healthcare provision (Article 9(2)(h)).

Legal obligations: Record retention under NHS Records Management Code of Practice (Article 6(1)(c)).

Website enquiries: Consent or legitimate interest (Article 6(1)(a) or 6(1)(f)).

4. How We Use Your Data: NHS Services

For NHS services, we use your data to dispense prescriptions safely, carry out clinical checks, complete service consultations, record outcomes, report activity to NHSBSA, notify your GP as required by service specifications, and submit data to NHS-approved platforms such as PharmOutcomes and MYS.

5. How We Use Your Data: Private Services

For private services, we use your data to carry out pharmacist assessments, determine clinical suitability, supply medicines under a Patient Group Direction, maintain clinical records, follow up on multi-dose courses such as HPV vaccination, and comply with PGD requirements including GP notification where specified.

Health data is special category data under UK GDPR. We access and share it only where there is a clear clinical or legal reason to do so.

6. Who We Share Your Data With

We do not sell your data. We do not share it for marketing purposes.

NHS organisations

  • NHSBSA for prescription payment and NHS service claims
  • NHS Spine and EPS for prescription handling
  • Your registered GP practice as required by service specifications
  • NHS-approved clinical platforms including PharmOutcomes and MYS

Private service providers

  • LK Consulting, our PGD authorising organisation

When required by law

We may share data with GPhC, ICO, law enforcement, or public health authorities where required by law, for example for notifiable disease reporting or safeguarding.

7. How Long We Keep Your Data

  • Adult patient medication records: minimum 8 years from last entry
  • Children’s records: until the patient’s 25th birthday, or 26th if treatment ended at age 17
  • PGD supply records: 8 years for adult-only PGDs, 25 years where records relate to children
  • NHS service records: in line with service specifications, typically 8 years
  • Private consultation records: 8 years minimum, 25 years where records relate to children
  • Website contact data: retained only as long as needed to respond to the enquiry

When data reaches the end of its retention period, it is securely destroyed in line with NHS and ICO guidance.

8. Your Rights Under UK GDPR

Right of access: You can request a copy of the personal data we hold about you. We will respond within one calendar month.

Right to rectification: You can ask us to correct inaccurate data.

Right to erasure: You can ask us to delete data where no legal retention obligation applies.

Right to restrict processing: You can ask us to pause processing while a dispute is resolved.

Right to object: You can object to processing based on our legitimate interests.

Right to withdraw consent: You can withdraw consent at any time where processing is consent-based.

If you are unhappy with how we handle your data, contact the ICO at www.ico.org.uk or call 0303 123 1113.

9. Cookies and Website Data

Essential cookies

These are necessary for the website to work. You cannot opt out without disabling the site.

Analytics cookies

We may use tools such as Google Analytics to understand how visitors use our website. Data is anonymised and does not identify you personally. You can opt out via the cookie banner on your first visit.

Third-party cookies

Third-party and other embedded tools may set their own cookies. Please review their respective privacy policies for details.

10. Changes to This Policy

We review and update this policy periodically. Any changes will be published on this page with an updated date. Continued use of our services after an update means you accept the revised terms.