This Privacy Notice (the “Notice”) sets out how we Ruby Labs Ltd (under
the trading name of Able) (“Able”, “us”, “our” or “we”) process personal
information about you (the “Customer” or “you”) when you use our
website, and when you place an order with us via our website
https://ableapp.com (our “Site”). We
are responsible for protecting the personal information we collect and
process. We make sure our systems, processes and staff follow data
protection laws. If you do not agree with this policy, please do not
provide us with your information.
In order to fulfil your
order, we also need to transfer your data to other data controllers,
specifically a partner pharmacy, Able Pharmacy (“Able Pharmacy,” or the
“Pharmacy”), and the clinicians. Together, Able Pharmacy and our partner
clinicians will be known as the “Partners”.
This Privacy
Notice (the “Notice”) sets out how we Ruby Labs Ltd (under the trading
name of Able (“Able”, “us”, “our” or “we”) process personal information
about you (the “Customer” or “you”) when you use our website, and when
you place an order with us via our website
https://ableapp.com (our “Site”). We
are a data controller of the personal information we process and are
therefore responsible for ensuring our systems, processes, suppliers and
staff comply with data protection laws in relation to the information we
handle. If you disagree with this Notice, you should not submit
information to us.
In order to fulfil your order, we may
also need to transfer your data to other data controllers, including any
independently contracted clinicians, our medical service delivery
partners, and our delivery partners together, the “Partners”.
You
can find out more about Able’s responsibilities and about how and why we
collect and use your personal information by reading this Notice. This
Notice also details the responsibilities of the Partners and how they
will collect and use your personal information. Further information
about how we use cookies is available in our Cookie Policy. If anything
is unclear or if you have any questions about this Notice, please
contact us at
[email protected].
Personal data, or personal information, means any
information about a person from which they can be identified. We may
collect, store, and use some or all of the following categories of
information:
System Information (Website Visitors, Account Holders and
Customers)
When you use our website, we automatically collect information about
your usage, such as the pages you view and the resources you access.
This data can include the website traffic, your IP address, location,
browser, operating system, source of referral, duration of the visit,
and other communication data. This information is usually not linked to
you personally, and we restrict access to it to make sure it stays
anonymous. We also collect System Information when you use our Site or
interact with us in other ways.
Identity Information (Account Holders and Customers)
When creating an account on our website, logging into or updating an
existing account, or placing an order, we will collect Personal data:
- Personal contact details such as name, title, addresses, telephone
numbers, and email addresses
- Date of birth and other physical
characteristics such as your age, weight and gender
- Billing
information and account settings
Subject to your
explicit consent, we will also collect, store and use your health data,
including your prescription requirements. This is considered a special
category of more sensitive data. Where we process health data, it will
immediately be treated as confidential, and will never be used for
direct marketing purposes.
We collect Identity Information
provided voluntarily by you or provided through a partner. For example,
when you use Google to login to our Site, or when you register with or
use our platform to buy medication (by entering your prescription
details for review).
We also collect Identity Information
when you contact us (by email, telephone or otherwise) to ask a question
or request information.
Special Category Data (Prescription Customers)
In order to provide our services, we will be required to process
special category data, for example, your health information from your
questionnaire or prescription. Where we process this special category
data, data protection law requires that we satisfy certain additional
conditions. We will only process special category data with your
explicit consent to the processing. For example, where you have
consented to us accessing your health data contained in your
prescription so that we may provide our services and products to you.
Providing our services
As part of the provision of our services, we use the personal
information that we collect from you to:
- Register you as a user
of our service
- Process your orders and provide your details: (a)
to our clinicians to assess your medication needs; and (b) to the
Pharmacy to enable you to purchase the medication from them
-
Process your orders and sell, supply, dispense and post prescription
medicines to you in accordance with the Terms of Sale and the Website
Terms and Conditions
- Manage our relationship with you (for
example by dealing with any queries you raise or notifying you about
changes to our terms or asking for feedback on our service)
Monitoring, administering and improving
We use your personal information to help us to monitor our performance,
administer and improve our service by:
- Tracking and
analysing activity to identify patterns and help us improve our Site and
communications
- Troubleshooting, conducting data analysis,
testing, system maintenance, support, reporting and hosting of data
-
Using data analytics to improve customer relationships and
experiences
analysing information so that we can prioritise
features that are relevant and popular
- Educating, training and
developing our staff’s performance
- Ensuring network and
information security, including preventing unauthorised access to our
computer and electronic communications systems and preventing malicious
software distribution
- Preventing fraud
- Other business
administration such as management and planning, including accounting and
auditing
Other uses
With your prior
explicit consent and occasionally under Legitimate Interest, we may use
your data to send you specialist information about goods and services
offered by us which may be of interest to you. If you wish to withdraw
your consent at any time, please contact us at [email protected] or click
Unsubscribe in any of our emails.
Personal data, or personal information, means any information about a
person from which they can be identified. We may collect, store,
and use some or all of the following categories of information:
System
Information (Website Visitors, Account Holders and Customers)
When
you visit our Site, we automatically collect information about your use
of the platform including details of your visits such as pages viewed
and the resources that you access. This information may include website
traffic data, IP address, pages viewed, location data, browser,
operating system, referral source, length of visit, clickstream data and
other communication data. This information is not normally personally
identifiable from the methods and systems we use. In some situations
this information could be combined with other sources to make it
personally identifiable, we limit access to ensure that this information
remains anonymous.
We collect System Information when you
interact with our platform, through our Site or otherwise.
Identity
Information (Account Holders and Customers)
When creating an
account on our website, logging into or updating an existing account, or
placing an order, we will collect Personal data:
- personal contact
details such as name, title, addresses, telephone numbers, and email
addresses
- date of birth and other physical characteristics such
as your age, weight and gender
- billing information and account
settings
Subject to your explicit consent, we will also
collect, store and use your health data, including your prescription
requirements. This is considered a special category of more sensitive
data. Where we process health data, it will be treated confidentially
and will never be used for direct marketing purposes.
We
collect Identity Information provided voluntarily by you or provided
through a partner. For example, when you use Google to login to our
Site, or when you register with or use our platform to buy medication
(by entering your prescription details for review).
We also
collect Identity Information when you contact us (by email, telephone or
otherwise) to ask a question or request information.
Special
Category Data (Prescription Customers)
In order to provide
our services, we will be required to process special category data, for
example your health information from your questionnaire or prescription.
Where we process this special category data, data protection law
requires that we satisfy certain additional conditions. We will only
process special category data with your explicit consent to the
processing. For example, where you have consented to us accessing your
health data contained in your prescription so that we may provide our
services and products to you.
Providing our services
As part of the provision of our
services, we use the personal information that we collect from you
to:
- register you as a user of our service
- process
your orders and provide your details: (a) to our clinicians to assess
your medication needs, and (b) to the Pharmacy to enable you to purchase
the medication from them
- manage our relationship with you (for
example by notifying you about changes to our terms or asking for
feedback on our service)
Monitoring, administering and
improving
We use your personal information to help us to
monitor our performance, administer and improve our service by:
-
tracking and analysing activity to identify patterns and help us improve
our Site and communications
- troubleshooting, conducting data
analysis, testing, system maintenance, support, reporting and hosting of
data
- using data analytics to improve customer relationships and
experiences
- analysing information so that we can prioritise
features that are relevant and popular
- educating, training and
developing our staff’s performance
- ensuring network and
information security, including preventing unauthorised access to our
computer and electronic communications systems and preventing malicious
software distribution
- preventing fraud
- other business
administration such as management and planning, including accounting and
auditing
Other uses
With your prior explicit
consent and occasionally under Legitimate Interest, we may use your data
to send you specialist information about goods and services offered by
us which may be of interest to you. If you wish to withdraw your consent
at any time, please contact us at [email protected] or click Unsubscribe
in any of our emails.
As stated above, in order to provide our services to you, we may provide
your personal information to our Partners who will act as data
controllers in respect of that information. Please see our general
Website Terms of Use and Terms of Sale for further information on our
Partners’ roles.
4.1 THE PHARMACY
The Pharmacy
dispensing your order will be:
1. Able Pharmacy, our own
pharmacy, operated from 3 Magellan Terrace, Gatwick Rd, Crawley, West
Sussex, RH10 9PJ, ENGLAND
2. <any partner pharmacy>
How
the Pharmacy will use your personal information
As part of
the provision of the Pharmacy’s services, it will use your personal
information that we transfer to the Pharmacy to provide its services,
specifically to:
- process your orders and sell, supply,
dispense and post prescription medicines to you in accordance with the
Terms of Sale and the Website Terms and Conditions;
- manage its
relationship with you (for example by dealing with any queries you
raise);
4.2 OUR PARTNER CLINICIANS
Our partner
clinicians are a number of individuals registered in the United Kingdom
with the General Pharmaceutical Council, each holding accredited
pharmacist independent clinician qualifications and trained in
providing remote consultations and issuing prescription medicine online.
The clinicians will assess your request for the ordered treatment
regarding its clinical appropriateness. For more information on the
consultation process, please visit our Terms of Sale.
How
our clinicians will use your personal information
As stated
above, in order to provide our services to you, we may provide your
personal information to our Partners who will act as data controllers in
respect of that information. Please see our general Website Terms of Use
and Terms of Sale for further information on our Partners’ roles.
4.1
OUR MEDICAL SERVICE DELIVERY PARTNERS
For the provision of
<list treatment> services Able engages as its subcontractor
its subsidiary company, <company name> (“Company”). Company
is registered with the Care Quality Commission (CQC) – <insert cqc
company link>
How the Company will use your personal information
As
part of the provision of its services, Company will use your personal
information that we transfer to them to provide its services,
specifically to:
- Register you as a user of our service
-
Process your orders and provide your details: (a) to our clinicians to
assess your medication needs; and (b) to the Pharmacy to enable you to
purchase the medication from them
- Process your orders and sell,
supply, dispense and post prescription medicines to you in accordance
with the Terms of Sale and the Website Terms and Conditions
-
Manage our relationship with you (for example by dealing with any
queries you raise or notifying you about changes to our terms or asking
for feedback on our service)
For more information on how
Company will process your data, please see their Privacy Policy at:
https://ableapp.com/privacy-policy
4.2 OUR PARTNER CLINICIANS
Our partner clinicians are
a number of individuals registered in the United Kingdom with the
General Pharmaceutical Council (each holding accredited pharmacist
independent clinician qualifications) or the General Medical Council,
and trained in providing remote consultations and issuing prescription
medicine online. The clinicians will assess your request for the ordered
treatment regarding its clinical appropriateness. For more information
on the consultation process, please visit our Terms of Sale.
How
our clinicians will use your personal information
As part of
the provision of the clinician’s services, they will use your personal
information which we provide to them to:
- assess your
health information to determine whether your ordered treatment is
clinically appropriate and, if so, write your prescription
- obtain
further information from you if necessary to inform their decision by
contacting you using your contact details
As part of the
provision of the clinician’s services, they will use your personal
information which we provide to them to:
- assess your
health information to determine whether your ordered treatment is
clinically appropriate and, if so, write your prescription
- obtain
further information from you if necessary to inform their decision by
contacting you using your contact details
Fair processing
information
We are providing the following information to
you, required by data protection law, on behalf of the clinicians:
Identity
of the clinicians:
Individuals registered in the United
Kingdom with the General Pharmaceutical Council, each holding accredited
pharmacist independent clinician qualifications and trained in
providing remote consultations and issuing prescription medicine
online.
Contact details (which you should use to exercise any
of your rights listed at Paragraph 11 of this Notice):
If you
would like to request the contact details of our clinicians, please
contact us at [email protected]
Purpose of the processing:
As
above in “How the clinicians will use your personal information”.
Legal
basis of the processing:
The processing is necessary for health
purposes subject to relevant conditions and safeguards and is carried
out by a health professional.
The period for which your personal
information will be stored by the clinician:
The period for which
personal information will be stored will be determined in accordance
with applicable law and regulatory guidance issued by the Department of
Health.
Your rights in relation to the clinician:
As
below in Paragraph 11.
Data protection law says we only have the right to use your personal
information where we can identify a lawful basis for doing so. Your
consent to the processing as specified in this Notice is our primary
lawful basis. In some circumstances, we may also rely on another lawful
basis. Most commonly, these will be:
- where we need to use
the information to perform the contract we have entered into with you
-
where it is necessary for our legitimate interests (or those of a third
party) and your interests and fundamental rights do not override those
interests
- where we need to comply with a legal or regulatory
obligation
The Internet is not a secure medium. However, we have put in place
various security procedures as set out in this Notice.
Please
be aware that communications over the Internet, such as emails and
online messages are not secure unless they have been encrypted. Your
communications may route through a number of countries before being
delivered – this is the nature of the Internet. We cannot accept
responsibility for any unauthorised access or loss of personal data that
is beyond our control.
We believe that we have appropriate
policies, rules and technical measures to protect the personal data that
we have under our control (having regard to the type and amount of that
personal data) from unauthorised access, improper use or disclosure,
unauthorised modification, unlawful destruction or accidental loss.
We will not share your personal information with or to third parties,
except as otherwise provided for in this Notice (for example, to our
Partners) and under the following limited circumstances when we want to
or are compelled to share your personal information, including:
-
with third-party service providers or suppliers to enable us to provide
our services (for example payment processors, web hosts, ID verification
partners etc). Where we share data with service providers, we require
them to sign a contract that obliges them amongst other things to have
stringent security measures in place, comply with our instructions and
help us to comply with data protection law;
- to another legal
entity on a temporary or permanent basis, in connection with a business
deal, such as a merger, financing, acquisition, or sale of our
business;
- where we are required to do so by law;
- where you
have provided your consent;
- with third-party clinic partners such
as hair transplant clinics in order to perform our joint services for
you and to allow them to contact you as part of our joint service.
We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. Where this occurs we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at [email protected]
We have put in place appropriate security measures to prevent your
personal information from being accidentally lost, used or accessed in
an unauthorised way, altered or disclosed. We also have procedures
to deal with any suspected data security breach and will notify you and
any applicable regulator of a suspected breach where we are legally
required to do so.
We will only retain your personal
information for as long as necessary to fulfil the purposes we collected
it for, including for the purposes of satisfying any legal, accounting,
or reporting requirements.
To determine the appropriate
retention period for personal information, we consider the amount,
nature, and sensitivity of the information, the potential risk of harm
from unauthorised use or disclosure of your information, the purposes
for which we process it and whether we can achieve those purposes
through other means, and the applicable legal requirements.
Under certain circumstances, by law, you have the right to:
-
Request access to your personal information (commonly known as a “data
subject access request”). This enables you to receive a copy of the
personal information we hold about you and to check that we are lawfully
processing it
- Request correction of the personal information that
we hold about you. This enables you to have any incomplete or inaccurate
information we hold about you corrected
- Request the erasure of
your personal information. This enables you to ask us to delete or
remove personal information where there is no good reason for us
continuing to process it
- Object to processing of your personal
information where we are relying on a legitimate interest (or those of a
third party) and there is something about your particular situation
which makes you want to object to processing on this ground
-
Request the restriction of processing of your personal information. This
enables you to ask us to suspend the processing of personal information
about you, for example, if you want us to establish its accuracy or the
reason for processing it
- Request the transfer of your personal
information to another party
You will not have to pay a fee
to access your personal information (or to exercise any of the other
rights). However, we may charge a reasonable fee if your request for
access is clearly unfounded or excessive. Alternatively, we may refuse
to comply with the request in such circumstances.
We may
need to request specific information from you to help us confirm your
identity and ensure your right to access the information (or to exercise
any of your other rights). This is another appropriate security measure
to ensure that personal information is not disclosed to any person who
has no right to receive it.
If you wish to exercise your
rights in relation to the processing of your information by any of our
Partners, you should at [email protected]
We reserve the right to update this Notice at any time, and we will
provide you with a new Notice when we make any substantial updates. We
may also notify you in other ways from time to time about the processing
of your personal information.
HAVE A QUESTION?
Whatever
it is, get in touch:
1) Send us an email to
[email protected]
2) Contact us through WhatsApp: +16468105749