The Farmacist firmly believes in protecting our customers’ privacy. This is why we intend to inform you how we deal with our customer’s personal data when they interact with us and also to notify you about the privacy laws and rights that serve to protect you.

Important Information and Who We Are

  • Purpose

The aim of this privacy policy notice is to provide you information regarding how The Farmacist collects and processed customers personal data when they interact with us, inclusive of any data that may be provided to us.
This site is not intended for the use of or service to children, and we do not collect data related to children knowingly.
It is important for customers to read this privacy notice along with other fair processing or privacy notice that may be provided by us on specific occasions when we are collecting or processing customers personal data. This is necessary for customers to be fully aware of how and why The Farmacist is using their data. This notice is supplemental to other notices and is not in any way intended to overrule them.

  • Controller

The Farmacist is the controller and responsible for your personal data. In this privacy notice The Farmacist may be referred to as “Farmacist”, “we”, “us”, or “our” here. This privacy policy is issued on the behalf of The Farmacist therefore when words like “Farmacist”, “we”, “us”, or “our” are used, it is in reference to The Farmacist. Customers refers to those visiting The Farmacist’s site, using the site’s features and buying our products or services.

An appointed data protection officer is responsible for overseeing queries or concerns that may arise in relation to this privacy policy. In case of any question regarding our privacy policy, please contact us using the information given below:

Contact information

Data Protection Officer

The Farmacist

E-mail: [email protected]

Postal address: Assembly House, 34-38 Broadway, Maidenhead, Berkshire, England, SL6 1LU

Telephone: +447865565452

We are always appreciative and welcome any opportunity to discuss any concerns of our customers. However, customers also have the right to make a complaint at any point in time to the Information Commissioner’s Office, the United Kingdom’s supervisory authority for data protection concerns. Regardless, The Farmacist would appreciate the opportunity to deal with customer’s concerns before they approach the ICO.

  • Changes to the Privacy Notice and your duty to inform us of Changes

This version was created on December 2020 and will be archived in the event of future updates. Archived versions can be obtained upon request.

It is important that our customer’s personal data that we have is accurate and up to date. Therefore, we ask our customers to inform us and update their information in case their personal data changes in the duration of their relationship with us.

  • Third-party Links

This site may include links to third-party sites, plug-ins and applications. Enabling those links or clicking upon them can allow third parties to collect and/or share data related to you. The Farmacist neither has control over these third-party sites nor is responsible for their privacy statements. We encourage our customers that upon leaving our site, they read the privacy policies of other sites they visit.

The data we collect about you

Personal data (or personal information) refers to any information relating to an individual from which that person can be identified. It does not include anonymous data that cannot be related to a specific individual.

We may collect, store, use and transfer various kinds of personal data about our customers. This data can be characterized as follows:

Identity and Contact Data

This includes first name, middle name, last name, username, marital status, title, DOB and gender. It also includes billing address, shipping address and payment (debit, credit or other) card details.

Profile Data

Username, password, purchases, Wishlist, preferences, interests, and feedback as well as survey responses.

Financial and Transaction Data 

Banking and payment card details as well as details about payments to and from you and others details of the orders and services purchased.

Usage Data

 Information about how customers use our site, products and services.

Technical Data

IP address, operating system, browser type/version, browser plug-in type and versions, login information, location, time zone setting, and other technology on the devices used to access our site.

Marketing and Communications Data

This refers to the Preferences in receiving marketing information from us and our third parties as well as the customer’s communication preferences.

We also collect, use and share aggregated data. This data includes statistical and demographic data. It may be derived or collected from your personal data but is not legally considered personal data as it neither directly nor indirectly reveal customer’s identity. For instance, customer’s usage data may be aggregated to calculate the percentage of users that are accessing a specific webpage or feature. But in the event that we combine or connect aggregated data with customer’s personal data in a manner that it can directly or indirectly identify them, it is treated by us as personal data and is treated accordingly.

We do not collect any special categories of personal data about our customers, this includes race, religion, ethnicity, sexual orientation, health information, biometric data etc. We also do not collect information about customer’s criminal offences and/or convictions.

In the event that customers fail to provide personal data

Where we are legally required to collect personal data or under terms of a contract with a customer and the customer fails to provide it when requested, we may be unable to perform action as per the contract that we have or are trying to enter into with customers. In such a case, we might have to cancel an item or service that the customer has with us. But a notification will be provided at the time of such an event.

How is personal data collected?

Different methods are used to collect data from and about the customer, including:

Direction interactions

Data regarding identity, contact and financial information may be given to us by filling in forms or through correspondence with us via phone, socials, email or otherwise. This entails personal data provided to us when customers apply for our products and/or services, create an account on our site, subscribe to our service, request for marketing to be sent to them, participate in a survey, promotion or competition, or provide us feedback.

Third parties or publicly available sources

Personal data about customers may be received by us from different third parties and public sources.

Automated technologies or interactions

When a customer interacts with our site, we may automatically collect technical data relating to the equipment, browsing actions and patterns. This data is collected through the use of server logs, cookies and other technologies of the same kind. It may also be received by us if customer visits other sites using our cookies. Please refer to our cookies policy for more information.

When customers interact with our site, we may automatically collect technical data relating to the equipment, browsing actions and patterns. This data is collected through the use of server logs, cookies and other technologies of the same kind. It may also be received by us if customers visit other sites using our cookies. Please refer to our cookies policy for more information.

When customers interact with our site, we may automatically collect technical data relating to the equipment, browsing actions and patterns. This data is collected through the use of server logs, cookies and other technologies of the same kind. It may also be received by us if customers visit other sites using our cookies. Please refer to our cookies policy for more information.

When customers interact with our site, we may automatically collect technical data relating to the equipment, browsing actions and patterns. This data is collected through the use of server logs, cookies and other technologies of the same kind. It may also be received by us if customers visit other sites using our cookies. Please refer to our cookies policy for more information.

How your personal data is used by us

Our use of personal data is done so within legal and regulatory limitations. The most common circumstances in which the personal data will be employed is when there is a need to perform the contract that we have or are about to enter with the customer, when it is necessary for our (or third party’s) legitimate interests and the customer’s fundamental rights do not override those interests, and when we need to comply with legal or regulatory obligation.

Usually, other than in the case of sharing third party direct marketing communications via text or email, we don’t rely on consent as the legal basis for processing customer’s personal data. Customers have the right to withdraw consent to marketing at any given time and can do so by contacting us at [email protected]

Purposes for personal data

For ease, we have laid down a brief description of how we might use your personal data, the legal parameters we rely upon and our legitimate reasons where needed.

Customers should note that depending upon the specific reasons for using personal data, there might be more than one legal ground for us to do so. If information is needed about these legal grounds, we can be contacted for further information.

For ease, we have laid down a brief description of how we might use your personal data and the legal basis for us to do so.

Purpose

Data type

Lawful basis for processing, and the basis for legitimate interest

To register a new customer.

1.      Identity

2.      Contact

Performance of a contract with customers.

To process and deliver orders including:

1. Management of payments, fees and charges.
2. Collection and recovery of money owed to us.

1.      Identity

2.      Contact

3.      Financial

4.      Transaction

5.      Marketing & Communications

1.      Performance of a contract with customers.

2.      Necessary for our legitimate interests (to recover debts due to us).

To manage our relationship with customers which will include:
1. Notifying about changes to our terms or privacy policy.
2. Asking customers to leave a review or participate in a survey.

1.      Identity

2.      Contact

3.      Profile

4.      Marketing & Communications

1.      Performance of a contract with customers.

2.      Essential for compliance with a legal obligation.

3.      Essential for our legitimate interests (to keep our records up to date and analyze how customers use our products/services).

To enable customers to participate in a prize draw, competition or to complete a survey.

1.      Identity

2.      Contact

3.      Profile

4.      Usage

5.      Marketing & Communications

1.      Performance of a contract with customers.

2.      Essential for compliance with a legal obligation.

3.      Essential for our legitimate interests (to keep our records up to date and analyze how customers use our products/services).

To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting data).

1.      Identity

2.      Contact

3.      Technical

1.      Essential for our legitimate interests (for running our business, provision of administration and IT services, network security, prevention of fraud and in the context of a business reorganization or group restructuring exercise).

2.      Essential to comply with a legal obligation.

To deliver relevant website content and advertisements to customers and measure and/or understand the effectiveness of the advertisements we serve to customers.

1.      Identity

2.      Contact

3.      Profile

4.      Usage

5.      Marketing & Communications

6.      Technical

Essential for our legitimate interests (This includes the purposes of studying how customers use our products/services, develop them, business growth and to inform our marketing strategy).

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.

1.      Technical

2.      Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep the website updated and relevant, develop the business and to inform our marketing strategy).

To make suggestions and recommendations to customers about goods or services that may be of interest to them.

1.      Identity

2.      Contact

3.      Technical

4.      Usage

5.      Profile

Necessary for our legitimate interests (to develop our products/services and for our business growth).

Marketing

The Farmacist aims to provide customers with options with regards to certain personal data uses, specifically with respect to marketing and advertisements. Control mechanism for personal data used by us are as mentioned below:

  • Cookies

Browsers can be customized to reject to all or few cookies or to notify when sites access or set cookies. But it should be noted that in the case where cookies are disabled or refused, it may affect access to some or all parts of the site, rendering it unable to function properly. For additional information, refer to our cookies policy.

  • Third-party marketing

Opt-in consent will be taken before customer’s personal data is shared with any company outside of The Farmacist for marketing purposes.

  • Promotional Offers

Customer’s identity, contact, technical, usage and profile data may be used for the purpose of forming a view on what we think would be of need or interest to customers. This helps us decide which items, services and/or offers might be relevant to customers. In the case where the customer has agreed or requested for us to share marketing information with them, purchased from us before or provided personal details to us during registration or promotion, they have not opted out of the receiving marketing or promotional offers from us.

  • Opting out

At any given time, customers have the right to ask us or third parties to stop sending marketing information/messages by following the unsubscribe link on any marketing information sent out or by contacting us.

When customers opt out of receiving these messages, it won’t be applicable to personal data provided to us as a result of a purchase on our site, product or service experience, warranty registration or other transactions.

  • Change of Purpose

Personal data will only be used for the purposes for which it was collected. This is unless it is reasonably considered for us to have a legitimate need to use it for another reason which is compatible with the original purpose. For explanation regarding how this process takes places, please contact us.

Customers will be notified if there is a need to use personal data for an unrelated purpose, and an explanation along with a lawful basis will also be provided.

It should be noted that we might process personal data without customer’s knowledge or consent, it will be as long as it complies with above rules and where it is required or permitted by law.

Disclosures of your personal data

We might to share personal data with parties mentioned below for the purposes tabled above.

  • Internal Third Parties, as explained in the Glossary.
  • External Third Parties, as explained in the Glossary
  • Third parties that we may choose to sell, transfer or merge our assets with or parts of business. We may also seek to acquire other business or merge with them, in case of such a transition to our business, the new owner(s) can use the personal data in a similar manner as laid out in this privacy policy.

All third parties are required by us to respect the security of all personal data and to treat it accordingly to the law.  We do not allow third-party service providers to use the collected personal data for private purposes They are solely permitted to process it as instructed and for specified purposes.

International Transfers

Personal data is not transferred outside of the European Economic Area.

Personal data will only be transferred to countries that have been deemed to have satisfactory personal data protection by the European Commission. Please refer to the European Commission: Adequacy of the protection of personal data in non-EU countries for additional details.

Where certain service providers are used, we can use specific contracts that have been approved by the European Commission that give the same protection to personal data as in Europe. Please refer to European Commission: Model contracts for the transfer of personal data to third countries for additional details.

When and where providers based in the US are used, we might transfer data to them in the event that they are a part of the privacy shield that requires them to provide similar protection to personal data that is shared between Europe and the US. Please refer to European Commission: EU-US Privacy Shield for additional details.

If further information on what kind of mechanisms we use when transferring personal data out of the European Economic Area is needed, please contact us.

Data security

Suitable security measures have been put in place by us to prevent personal data from being accidentally lost, used, or accessed in any way that is unauthorized, altered or disclosed. Further, the access to personal data is limited to only those employees, agents, contractors and/or third parties on a business need to know basis. They are subject to confidentiality and the personal data will be processed by them on our instructions. Appropriate procedures have been put in place to deal with any suspected personal data breach and customers will be notified, as well as any concerned regulator, of a breach where legally required to do so.

Data retention

Personal data will only be retained for as long as necessary to fulfill the purposes it was collected for by us. These reasons include satisfying any legal, accounting or reporting requirements we may have.

The sensitivity, amount and nature of the personal data, purposes for which personal data is processes by us, potential risk of harm due to unauthorized use or disclosure of personal data, and if we can achieve those purposes through other means and relevant legal requirements  are considered in depth to determine the appropriate retention period for personal data.

For further details regarding various aspect of personal data’s retention periods, a request can be made.

Legal rights

Under certain circumstances, customers have rights under the data protection laws with respect to their personal data. They can: request access to their personal data, request correction of their personal data, request erasure of their personal data, object to the processing of their personal data, request for the restriction of processing of their personal data, request transfer of their personal data and have the right to withdraw their consent.

If customers wish to exercise any of these rights, they can contact us.

Customers will not have to pay a fee to access their personal data nor to exercise these other rights. But a reasonable fee may be charged by us if the request is unfounded, repetitive or excessive. Conversely, in these circumstances we may refuse to comply with the request.

Specific information may be requested from the customer to confirm identity and make sure that the customer’s right to access their personal data and to exercise any of these other rights are not hindered. This request is a security measure that is in place to ensure that personal data is not disclosed to any person that has no right to have access to it. Further contact may also be established by us for additional information in relation to the request for a speedier response.

It is our effort to respond to all legitimate requests within one month. However, at times it may take us longer if the request is complex or a number of requests have been made. In such scenarios, we will keep the requester notified and updated.

Agechecked

Given that CBD, nicotine and e-cigarettes are age-restricted products, we are legally required to ensure that only customers that are aged 18 and older can purchase them. For this reason, we have joined hands with Age checked, a UK age verification service that checks customers details against UK electoral roll data to verify customer’s identity.  When customers get to checkout, their details are verified by Age checked, and upon confirmation if they are 18 or older, the order will be processed. Once confirmed, there will not be a requirement to verify age again.

In the event that Age checked is unable to confirm their age, customers will be directed to a portal that will ask for alternate proof of ID. If unable to be provided, an email will be sent to inform of the cancellation of the order.

Personal data, other than email address, is not stored by Age checked. All data is kept anonymous.

Glossary

Lawful basis

Legitimate interest means the interest of our business in carrying out and managing our business to permit us to provide our customers with the best products and service with a secure and positive experience. We ensure to consider and tackle any potential impact, positive and negative, on customers and their rights before processing their personal data for our legitimate interests. The personal data is not used by us for activities where our interests override the impact on customers. This is unless we have customer’s consent or are otherwise required by or permitted by law. Customers can contact us for further information.

Complying with a legal or regulatory obligation means processing of personal data where and when it is considered necessary for compliance with a legal or regulatory obligation, we are subject to.

Performance of contract refers to processing of personal data where it is deemed necessary for the performance of a contract which the customer is a party to or to take steps at the customer’s request prior to entering into such a contract.

Third parties

  • Internal

Other companies that are affiliated with The Farmacist, based in the EU, acting as joint controllers or processers and providing IT and system administrative services, and which undertake leadership reporting.

  • External

These are the service providers based in the EU, who provide IT and administrative services.

HM revenue and customs, regulators and other authorities acting as processors or joint controllers, based in the UK, who require reporting of processing activities in specific circumstances.

Professional advisers refer to those acting as processors or joint controllers, these include bankers, auditors, lawyers and insurers based in the EU who provide banking, consultancy, legal, accounting and insurance services.

Rights

Customers have the right to:

  • Request Access. Customers can request access to their personal data through the data subject access request It enables them to receive a copy of the personal data that we hold and to check that we are processing it legally.
  • Request Erasure. A request to erase personal data. It enables customers to ask us to delete or remove personal data if and when there is no good reason for us to continue processing it. Customers also have the right to ask us to delete, remove their personal data where they have successfully exercised right to object its processing, where we might have processed the information lawfully or are required to erase their personal data in compliance with local laws. But we may not always comply with request of erasure for specific legal reasons which we will inform the requestee of, if applicable, at the time of request.
  • Request Correction. It enables customers to have incorrect or incomplete data that we hold about them to be corrected, however, we may need to verify the accuracy of the new data shared with us.
  • Object to Processing. In the event that we are relying on a legitimate interest of ours or that of a third party, and customer has a certain situation where they might want to object to processing their personal data for some reason as it is held by them that it may impact their fundamental rights and freedoms. Objection can also be raised where this information is processed for direct marketing purposes. In a few instances we might demonstrate that we have compelling legitimate grounds for processing this information which overrides their rights and freedoms.
  • Request Restriction of Processing. This enables the customers to ask us to suspend the processing of their personal data in cases where:
  • Our use of this data is unlawful, but they do not want us to erase it,
  • Want us to establish data accuracy,
  • An objection has been raised to our use of their personal data, but we need to verify whether we have overriding legitimate grounds to use it, or
  • Customers need us to hold personal data even if we are no longer in need of it, as it is needed by them to establish, exercise, or defend legal claims.
  • Request Transfer. Customer can request the transfer of personal data to themselves or a third party. In the event of a such a request, we will provide you or the chosen third party your personal data in a structured, easily understood and machine-readable format. It should be noted that this right applies to automated information which you originally consented for us to use or where we used this information to perform a contract with the customer.
  • Withdraw Consent. Consent can be withdrawn at any given time where we are relying upon consent to process personal data. But this will not have an impact on the lawfulness of any processing being carried out before the withdrawal of consent. If customer withdraws consent, we may be unable to provide certain products or services. It will be intimated to the requestee in the event of such a possibility.

Age Verification

According to UK legislation, products sold by The Farmacist can only be purchased by and shipped to customers that are at the age of 18 or older. With vape (e-cigarettes), CBD and tobacco products being age-restricted products, The Farmacist is required by law to verify the age of its customer.
Age verification is necessary to help ensure that age-restricted products are not sold to minors. Your age can be verified quickly in most cases and upon verification your order will be shipped as normal.

CBD and Tobacco Disclaimer

It should be noted that CBD products are not medicine, and hence, cannot be used to diagnose, treat and/or cure diseases. Customers should also be aware that tobacco is an addictive substance and can have health consequences.
These products are not intended for use by children, women who are pregnant or breast feeding, or persons with high blood pressure, heart diseases or other medical conditions. It is recommended for customers to consult a licensed physician prior to use.

Cookies Policy

The Farmacist’s website uses cookies to improve user experience. Continuing your use of the website means that you agree with our use of cookies.

Cookies help do so by distinguishing between users on our site. Cookies here refers to a file of letters and numbers stored on your browser or computer’s hard drive upon your agreement and approval. They help identify user and/or device and is used to collect information. The information we collect helps us enhance user experience through personalization and is also critical in making improvements to our site based on your feedback.

The Farmacist uses cookies that can be categorized with respect to their function and intended use, these are mentioned below:

Performance Cookies

These cookies permit us to identify and measure the traffic on our site and observe the visitors’ behavior on our site during the duration of their use. This performance information is used by us to help ensure that the user’s experience is smooth and all actions on the site can be carried out with ease.
Necessary Cookies
These are the operationally imperative cookies that help determine the use and utility of important functions like enabling users to securely log into the website, shop and make payments.
Functionality Cookies
A big part of improving user experience is personalization. These cookies are used to recognize users upon their return to our site. With the help of this information the user is not required to select preferences again e.g., language, region or fill in their information again. Functionality cookies enable us to personalize content on the site for users and remember them and their preferences.
Targeting Cookies
These keep a record of your site to this site, pages visited, and links followed. This information will be used to ensure that the website and ads displayed on it are actually relevant to your interests. For this reason, we may share this information with third parties as well.

Occasionally third parties might be used by us for the purposes of helping monitor and analyze web traffic, performance of the website and user behavior on there. Should a request be made, a list detailing these third parties can be provided.
Following platforms are used by us for our eCommerce store and to perform these analyses.
Magento
This is the platform that this online store is built upon. It uses cookies to ensure the smooth running of the website.
CloudIQ
It tracks the abandoned baskets or shopping carts. Upon tracking, it may trigger an email remining customers to complete an unfinished purchase.
Google Analytics
This analytics software is used to monitor web traffic and user behavior on the site. The information is collected anonymously. For further information, click on the link on this link.
Users should note that third parties may also use cookies. Users can choose to set their browser settings to refuse cookies. But if you choose to do so, please note that it may affect functionality of some parts of the site and you may not be able to access all or some parts of this website.