Live Chat
Ready to get started?Register Now
WhatsApp

Legal

Privacy Policy

Last updated: 13 March 2026

1. Who We Are

This Privacy Policy applies to Medcann Pharma Ltd, trading as MEDCANN Pharmacy("we", "us", "our"). We are a company registered in England and Wales (Company Registration No. 13383526), with our registered address at MEDCANN PO Box 78260, London NW2 9UY. We operate as a GPhC-registered online pharmacy (GPhC Premises Registration No. 9011824), regulated by the General Pharmaceutical Council.

We are registered with the Information Commissioner's Office (ICO) as a data controller. Our Superintendent Pharmacist is Rishi Jani (GPhC Registration No. 2076816).

For any privacy-related enquiries, please contact us at: [email protected]

2. What This Policy Covers

This policy explains what personal data we collect about you, why we collect it, how we use it, who we share it with, how long we keep it, and what your rights are under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all users of our website at www.medcannpharmacy.co.uk and to all patients who register with or use our pharmacy services.

3. Data We Collect

We collect the following categories of personal data:

CategoryExamplesHow Collected
Identity DataFull name, date of birth, genderRegistration form, patient signup
Contact DataEmail address, phone number, postal addressRegistration form, contact form
Health Data (Special Category)Medical conditions, prescriptions, treatment history, medication detailsPatient consultation, prescription submission
Technical DataIP address, browser type, device type, pages visited, time on siteAutomatically via cookies and analytics
Communications DataEmails, messages, enquiries sent to usContact form, email correspondence
Transaction DataPayment records, order history (payment card details are not stored by us)Payment processor

Special category data: Health and medical data is classified as "special category" data under UK GDPR and receives the highest level of protection. We only process this data where strictly necessary to provide you with pharmacy services and with your explicit consent.

4. Legal Basis for Processing

We rely on the following legal bases to process your personal data:

  • Contract performance — to fulfil our obligations as your pharmacy, including dispensing prescriptions and delivering medication.
  • Legal obligation — to comply with our duties as a GPhC-registered pharmacy, including record-keeping requirements under the Medicines Act 1968 and the Misuse of Drugs Regulations 2001.
  • Explicit consent — for processing special category health data and for sending you marketing communications. You may withdraw consent at any time.
  • Legitimate interests — for improving our services, fraud prevention, and website analytics, where these interests are not overridden by your rights.
  • Vital interests — in rare circumstances where processing is necessary to protect your life or the life of another person.

5. How We Use Your Data

We use your personal data for the following purposes:

  • To register you as a patient and manage your patient account
  • To process, verify, and dispense your prescriptions
  • To arrange delivery of your medication
  • To communicate with you about your treatment, orders, and appointments
  • To comply with our regulatory obligations as a GPhC-registered pharmacy
  • To maintain accurate pharmaceutical records as required by law
  • To respond to your enquiries and provide customer support
  • To send you service-related notifications (e.g., prescription reminders)
  • To send you marketing communications where you have given consent
  • To improve and develop our website and services
  • To detect and prevent fraud or misuse of our services

6. Who We Share Your Data With

We do not sell your personal data. We may share your data with the following categories of third parties, only where necessary and under appropriate data protection agreements:

  • Prescribing clinicians and specialist doctors — to coordinate your care and verify prescriptions
  • Delivery and logistics providers — to dispatch your medication securely
  • Payment processors — to handle transactions securely (we do not store card details)
  • IT and hosting providers — who host our website and systems under strict data processing agreements
  • Regulatory bodies — including the GPhC, MHRA, and ICO, where we are legally required to disclose information
  • Law enforcement or courts — where required by law or court order

All third parties are required to handle your data securely and in accordance with UK GDPR. We do not transfer your data outside the UK or European Economic Area without appropriate safeguards in place.

7. Cookies

Our website uses cookies to improve your browsing experience and to collect anonymous analytics data. Cookies are small text files stored on your device. We use the following types of cookies:

  • Essential cookies — required for the website to function correctly
  • Analytics cookies — to understand how visitors use our site (e.g., Google Analytics)
  • Preference cookies — to remember your settings and preferences

You can control cookies through your browser settings. Disabling analytics cookies will not affect your ability to use our services. By continuing to use our website, you consent to our use of essential cookies.

8. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. As a registered pharmacy, we are required to retain prescription and dispensing records for a minimum of 2 years for adults and until the age of 25 for patients who were under 18 at the time of treatment, in accordance with GPhC guidance and the Misuse of Drugs Regulations 2001.

Patient records relating to controlled drugs (Schedule 2) are retained for a minimum of 7 years. After the applicable retention period, data is securely deleted or anonymised.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you (Subject Access Request)
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data in certain circumstances ("right to be forgotten")
  • Right to restrict processing — to request that we limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
  • Rights related to automated decision-making — we do not make solely automated decisions that significantly affect you

To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive.

Please note that certain rights may be limited where we are required to retain data to comply with our legal obligations as a regulated pharmacy.

10. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include encrypted data transmission (SSL/TLS), access controls, and regular security reviews. Our staff who handle personal data are trained in data protection and bound by confidentiality obligations.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly.

11. Children's Data

Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under the age of 13 without verified parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. How to Complain

If you are unhappy with how we have handled your personal data, please contact us in the first instance at [email protected]. We will do our best to resolve your concern promptly.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection regulator:

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically. Where changes are material, we will notify you by email or by a prominent notice on our website.

14. Contact Us

For any questions about this Privacy Policy or how we handle your data, please contact:

Medcann Pharma Ltd

MEDCANN PO Box 78260, London NW2 9UY

Email: [email protected]

Phone: 0208 123 8883

Company Reg No: 13383526 | GPhC Premises Reg No: 9011824