PRIVACY POLICY
BOOTS ONLINE DOCTOR SERVICE
The Boots Online Doctor Services are operated by Boots Digital Health Ltd. Boots Digital Health Ltd is a Boots business and a member of Walgreens Boots Alliance. You can find out more about the companies in Walgreen Boots Alliance on our website.
This Privacy Policy, together with Boots’ full Privacy Policy available at www.boots.com/privacypolicy, sets out how we collect and process your personal data.
Throughout this Privacy Policy, ‘we’, ‘us’ and ‘our’ means Boots Digital Health Ltd, and ‘Boots’ means companies within the Walgreens Boots Alliance, including subsidiaries, affiliates, joint ventures and franchises.
Let's Talk About Privacy
At Boots, we believe in making things easy for our customers. We know there’s nothing more off putting than the sight of a lot of boring small print, so we’ve written our Privacy Policy to make it clear, simple, and easy to read.
The policy explains how Boots Online Doctor (BOD) uses your personal data, whether you’re using an online service or one of our health and lifestyle applications.
We may share your personal information across Boots services and business areas, such as Boots pharmacy, and with other companies that provide services on our behalf, but we assure you that BOD will never sell your personal data. We are committed to safeguarding your privacy and keeping your personal data safe and secure is our top priority. To find out more information on how Boots processes your personal data please visit Legal Privacy & Cookies Information - Boots.
CATEGORIES OF PERSONAL DATA BOOTS ONLINE DOCTOR COLLECTS
The categories of personal data about you that we may collect, use, store, share and transfer are:
Category | Description |
---|---|
Individual Data | This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, title, date of birth, gender and your contact details such as your billing address, delivery address, email address and telephone numbers. |
Advertising Data | This includes personal data which relates to your advertising preferences, such as whether you open our emails (and if you do what links you click on), information about your preferences in receiving marketing materials from us and our third parties and your communication preferences. |
Information Technology Data | This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browsing behaviour information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices (which include computers as well as hand held devices such as mobile phones and tablets) that you use to access our website. |
Account and Profile Data | This includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses. |
Economic and Financial Data | This includes personal data which relates to your finances, such as your payment card details and information which we collect from you for the purposes of the prevention of fraud. |
Sales Data | This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you and details of products and services you have purchased from us. |
Health Data | This includes personal data relating to your current or former physical or mental health, including information about any healthcare you have received from us or other healthcare providers such as GPs, dentists, or hospitals (private and/or NHS), which may include test results, referral letters, prescription or treatment details, photos, information you provide when communicating with our doctors, details of clinic and hospital visits, as well as medicines administered. |
Special Category Data | We may obtain some of your more sensitive data such as personal data revealing racial or ethnic origin, the processing of genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation. |
Market Research Data | This individual data which is gathered for the purposes of market research, such as price comparison information. |
Aggregated Data | We also obtain and use certain aggregated data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. |
THE SOURCES FROM WHICH BOOTS ONLINE DOCTOR OBTAINS YOUR PERSONAL DATA
We obtain your personal data from the following sources:
Use | Detail | Example |
---|---|---|
Directly from you, either via video calls, via our website or by telephone or via computers and handheld devices including mobile phones and tablets |
This could include personal data which you provide when you:
|
|
Via automated technologies such as cookies, server logs and other similar technologies | We may collect Information Technology Data about your equipment, browsing actions, click behaviour, and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details. | |
Indirectly from other sources |
We may also collect personal data about you from third parties
when:
|
|
Analytics providers and social media platforms |
|
HOW BOOTS ONLINE DOCTOR USES YOUR PERSONAL DATA
We collect personal data about you in order to:
Use | Detail | Example |
---|---|---|
Perform our contractual obligations to you |
Processing data for the purposes of a contract to which you are a party to. There’s a range of legal and regulatory requirements we and our parent company need to comply with, and some of these may affect the way we process personal data, or the length of time we are required to keep it. |
|
Consent | You’ll be asked to confirm that you’re happy to provide your personal data and that you give permission to BOD to process your personal data. All of the details such as why BOD want your data, how it will be used and if your data will be shared, will be provided at the time of asking you for your consent. Where BOD are relying on consent you will usually see a tick box. |
For certain purposes it may be appropriate for us to obtain your prior consent such as our marketing activity. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way. In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please email us at Boots.CustomerCare_Team@boots.co.uk to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes. |
Legal Obligations |
BOD will on occasion be under a legal obligation to obtain and disclose your personal data. Where possible BOD will notify you when processing your data due to a legal obligation, however this may not always be possible. |
|
Public Interest | The processing is necessary for the performance of a task carried out in the or in the exercise of official authority vested in us. | To protect individuals or society from the risk of harm or death, such as from a serious communicable disease or violent crime. |
Legitimate Interests |
BOD process personal data for our own legitimate business interest. This relates to us managing our business to enable us to give you the best service/products and most secure experience. When we rely on this, we’ll carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests don’t automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to do so by law. |
|
Extra conditions for sensitive personal data
Where we are processing your sensitive / special category personal data one of the following conditions will also apply:
- you have given your explicit consent to the processing;
- the processing relates to personal data which are manifestly made public by you;
- the processing is necessary for the establishment, exercise or defence of legal claims;
- the processing is necessary for archiving purposes in the public interest;
- the processing is necessary to protect an individual’s vital interests where the individual cannot give consent;
- the processing is necessary for reasons of substantial public interest;
- processing is necessary in relation to your or our rights in the field of employment and social security and social protection law;
- processing is necessary for the purposes of preventative or occupational medicine; and
- processing is necessary for reasons of public interest in the area of public health.
KEEPING IN TOUCH
We will always ask you if you want to receive offers and information from us and via what channels you are happy to receive them.
Your BOD preferences provided will need to be managed independently of your Boots preferences.
If you have opted into to receive email and digital communications, you will receive traditional emails but may also receive marketing online and via social media platforms.
If you have opted into marketing using your lifestyle and health information, we will send you offers on healthcare products you buy.
Some of our marketing selection processes are fully automated so that we can ensure we’re selecting offers, products and services that are the most relevant for each customer. We combine our data with demographic data that we obtained when you signed up, such as your gender, your age and where you live. This aggregated data is then compared against our other customers to understand you better.
Please be aware that as our marketing campaigns are prepared well in advance, you may still receive material by post for up to two months, and by e-mail or text for up to 28 days after updating your preferences.
WHO RECEIVES YOUR PERSONAL DATA FROM BOOTS ONLINE DOCTOR
We may disclose your personal data to:
- our group companies and affiliates or third-party data processors who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Policy;
- a doctor, nurse, carer or any other healthcare professional involved in your treatment, including your GP, pharmacist, dentist or other clinicians (including their medical secretaries);
- other members of support staff involved in the delivery of your care, such as admin staff;
- other Boots businesses in connection with dispensing and fulfilling prescriptions, responding to patient support enquiries, investigating complaints and fraudulent activity, adding points to your Advantage card and updating any consents that we collect on Boots’ behalf;
- Royal Mail or other delivery service providers;
- anyone that you ask us to communicate with or provide as an emergency contact (e.g. your next of kin or carer);
- private sector healthcare providers;
- third parties who assist in the administration of your healthcare, such as insurance companies or Boots;
- national and other professional research/audit programmes and registries;
- government bodies including the Home Office and HMRC as well as our regulators, like the Care Quality Commission, Regulation and Quality Improvement Authority, Health Inspectorate Wales and Healthcare Improvement Scotland;
- the police and other third parties where reasonably necessary for the prevention, investigation, prosecution, or detection of crime;
- our insurers;
- debt collection agencies;
- credit referencing agencies;
- our third-party services providers such as technology suppliers, actuaries, auditors, lawyers, document management providers and tax advisers;
- third parties who provide marketing or digital advertising services, such as marketing and PR agencies, email platforms, analytics software providers, survey tools and social media platforms;
- law enforcement agencies, courts, or other relevant party, to the extent necessary for the establishment, exercise, or defence of legal rights;
- third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution, or liquidation); and
- senior staff within our business and IT staff if access to the data is necessary for the performance of their roles, as applicable.
PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US
If you provide personal data to us about someone else (such as one of your next of kin or, where you are a business, your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without taking any further steps, we may collect, use and disclose that personal data as described or referenced in this Privacy Policy.
You must ensure the individual concerned is aware of the various matters detailed or referenced in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
ACCURACY OF YOUR PERSONAL INFORMATION
It is important that the personal data we hold about you is accurate and current, and we take all reasonable precautions to ensure that this is the case, but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient, or incomplete personal data that you provide to us.
INFORMATION WE GET FROM THE BOOTS ONLINE DOCTOR: WEIGHT LOSS TRACKER
Data / Use | Details |
---|---|
Purpose |
The Boots Online Doctor: Weight Loss Tracker supports your weight loss journey by helping you to:
|
Personal data being processed |
|
Health data |
|
Data retention | Data collected from the Boots Online Doctor: Weight Loss Tracker will be retained for 12 months after your last login |
Lawful basis for processing |
|
Third party permissions and data sharing | If you enable Apple Health or Android Health Connect, the Boots Online Doctor: Weight Loss Tracker will access available data regarding your Height, Weight, Hydration, Sleep, and Step Count. |
Data location | Your data will only be processed and stored within the UK or EU. |
YOUR DATA RIGHTS
We respect the fact that your personal information is your information, and we’ll make it easy for you to update or change your personal details or marketing permissions. Please help us to help you by letting us know if your contact details change, or if you spot any errors in the information, we hold about you.
Your data rights are explained below, all of which are free of charge and should be concluded within a 30-day time frame. We may require you to provide identification in order to fulfil your request.
To exercise any of your data rights below, please contact boots.customercare_team@boots.co.uk
Your data right | Detail of right |
---|---|
Access | You have a to right to obtain a copy of all the information that BOD holds about you, such as personal details, correspondence, marketing preferences, consent information, complaints, and queries. |
Portability | You may be able to request BOD to move your data to another service provider. This is not an automatic right; this depends on the type of data that BOD holds about you and the reason BOD process the data. |
Processing | You have a to right to request that BOD stop certain data processing activities that involve your personal data. This isn’t an automatic right, what BOD are able to do will depend on the type of data that they hold about you and why. |
Deletion | You have a right to request that BOD deletes your personal data it holds. This isn’t an automatic right, what Boots or BOD are able to delete will depend on the type of data and the reason for processing that data. |
HOW LONG BOOTS ONLINE DOCTOR STORES YOUR PERSONAL DATA FOR
We will store your personal data for the time period which is appropriate in relation to your treatment in most cases your personal data will be stored for 10 years.
ABOUT THIS POLICY
For all questions relating to this policy please contact boots.customercare_team@boots.co.uk.
Who to contact
If you have an enquiry or concern about the contents of our Privacy Policy or our handling and use of your data, please email the Privacy Team or our Data Protection Officer on boots.customercare_team@boots.co.uk.
Your right to complain in the ICO
Although we hope it never comes to this, you do have the right to complain to the Information Commissioners Office (ICO) about any of Boots processing activities at casework@ico.org.uk.
Changes to our business
If ownership of all or part of our business changes, or we undergo a reorganisation (including a merger or transfer between Walgreens Boots Alliance companies), we’ll transfer your personal information to the new owner or successor company, so we can continue to provide the services.
Changes to this Privacy Policy
This Privacy Policy was updated in September 2024. We may update it from time to time, so we recommend that you check back here occasionally. If we make changes, we think may affect you significantly, particularly if they could have an impact on the choices, you have made or your marketing preferences, we’ll provide you with a prominent notice.
BOOTS ONLINE DOCTOR WEIGHT LOSS COACHING SERVICE
The Boots Online Doctor: Coach app is operated by Liva Health UK Ltd (“Liva”) on behalf of Boots Digital Health Ltd t/a Boots Online Doctor (“Boots Online Doctor”).
Information we get from the Boots Online Doctor: Coach
Boots Online Doctor will share with Liva information required for you to register on the app such as your name, date of birth, email address and phone number. Boots Online Doctor will also share subscription information with Liva to confirm you have a subscription. Boots Online Doctor may also collect and process information you provide to Liva on the app such as transcripts of coaching calls and chat messages in cases of customer complaints and incidents. The legal basis for processing this data is for the fulfilment of a contract.
For more information on how Liva uses your information, please read the Liva Privacy Notice and Terms of Use.