Privacy Policy | SPHN&M Limited

Effective date: 13 April 2026

SPHN&M Limited (“we”, “us” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and share personal data when you use our website (sphnm.co.uk), visit our pharmacy at 12 Seddon Road, Wigston, England, LE18 3UL, or otherwise interact with us. It also sets out your rights under UK data protection legislation.

1. Data Controller Identity

The data controller responsible for your personal data is:

SPHN&M Limited
Company Number: 07920056
Registered Office: 12 Seddon Road, Wigston, England, LE18 3UL
Email: info@sphnm.co.uk
Website: sphnm.co.uk

2. Categories of Data We Collect

We may collect and process the following categories of personal data:

Identity data: name, title, date of birth, gender, NHS number.
Contact data: address, email address, telephone number.
Health data: medical history, current medications, allergies, prescriptions, consultation notes and other health information necessary to provide pharmacy services.
Transaction data: details of prescriptions dispensed, payments made and refunds given.
Technical data: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, and other technology on the devices you use to access our website.
Usage data: information about how you use our website and services.
Marketing and communications data: your preferences in receiving marketing from us and your communication preferences.

3. Lawful Basis for Processing

We will only process your personal data where we have a lawful basis to do so. The table below summarises the main processing activities, the lawful basis under the UK GDPR, and our legitimate interests where applicable.

Purpose	Lawful Basis
To dispense NHS and private prescriptions and provide pharmacy services	Performance of a contract with you; Legal obligation (NHS regulations); Vital interests
To comply with regulatory and legal obligations (GPhC, NHS, MHRA, HMRC)	Legal obligation
To manage our relationship with you, including responding to enquiries	Performance of a contract; Legitimate interests (customer service)
To improve our website and services	Legitimate interests (business improvement)
To send you health-related reminders or service updates	Legitimate interests (patient care); Consent (for marketing)

4. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. For detailed information about the specific cookies we use, their purpose and duration, please see our Cookie Policy.

In summary, we use:

Strictly necessary cookies — required for the website to function.
Performance cookies — help us understand how visitors interact with our website.
Functionality cookies — enable enhanced functionality and personalisation.

5. Third-Party Data Sharing and Recipients

We treat your personal data as confidential. We may share it with the following categories of recipients where necessary:

NHS bodies: NHS Business Services Authority, NHS England (Midlands), Integrated Care Boards, GP practices and other healthcare providers involved in your care.
Regulators: General Pharmaceutical Council (GPhC), Care Quality Commission (CQC), Medicines and Healthcare products Regulatory Agency (MHRA) and other statutory regulators.
Service providers: IT support, web hosting, payment processing, delivery couriers, accountants and legal advisers, all bound by confidentiality and data protection obligations.
Law enforcement or courts: where required by law or to protect our legal rights.

We do not sell your personal data to third parties.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. As a pharmacy, we are required by law to retain prescription records for specified periods. Typical retention periods are:

Prescription and patient medication records: in accordance with NHS and GPhC requirements (typically up to 8 years for adults, longer for children).
Website enquiry records: up to 2 years.
Financial and accounting records: 6 years.
CCTV footage: up to 30 days.

7. Your Individual Rights

Under UK data protection law, you have the following rights in relation to your personal data:

Right of access — you may request a copy of the personal data we hold about you.
Right to rectification — you may ask us to correct inaccurate or incomplete data.
Right to erasure — you may ask us to delete your personal data in certain circumstances, although pharmacy and NHS legal obligations may require us to retain certain records.
Right to restriction of processing — you may ask us to restrict the processing of your data.
Right to data portability — you may request that we transfer your data to another organisation.
Right to object — you may object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, please contact us using the details below. We will respond within one month.

8. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

9. International Transfers

We do not routinely transfer personal data outside the United Kingdom. If we do need to transfer data internationally (for example, to a cloud service provider), we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement or Adequacy Regulations.

10. Complaints

If you have any concerns about our use of your personal data, please contact us in the first instance at info@sphnm.co.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk