Privacy Policy
Call us: Mon-Fri 8:30AM-6PM, Sat 9:30am-4:30pm, Sun 9AM-2PM 0800 031 8386
Call us: Mon-Fri 8:30AM-6PM, Sat 9:30am-4:30pm, Sun 9AM-2PM 0800 031 8386
Boots Advantage Card Shop


The Boots Online Doctor Services are operated by Boots Digital Health Ltd. Boots Digital Health Ltd is a Boots business and a member of Walgreens Boots Alliance. You can find out more about the companies in Walgreen Boots Alliance on our website

This Privacy Policy, together with Boots’ full Privacy Policy available at, sets out how we collect and process your personal data.

Throughout this Privacy Policy, ‘we’, ‘us’ and ‘our’ means Boots Digital Health Ltd, and ‘Boots’ means companies within the Walgreens Boots Alliance, including subsidiaries, affiliates, joint ventures and franchises.

To enable us to give you the best and most appropriate care and advice, we collect your personal data such as name, address and date of birth, we also collect your more sensitive personal data regarding your ethnicity and health such as medicines you may be taking for the purposes of ensuring the service we provide is appropriate for you.

We may also process your personal data for carefully considered and specific purposes which are in our interest and enable us to enhance the services we provide, but which we believe also benefit our customers and patients

We may share your personal information across Boots services and business areas, such as Boots pharmacy, and with other companies that provide services on our behalf but we assure you that Boots will never sell your personal data. We are committed to safeguarding your privacy and keeping your personal data safe and secure is our top priority.

This notice highlights the key information related to the processing of your personal information by Boots Online Doctor. For more detailed information about who we may share your data with, how Boots processes your data, transfers of your personal data outside the UK and Europe and all of your rights including how to amend or remove your data please refer to our full privacy policy or email


The categories of personal data about you that we may collect, use, store, share and transfer are:

Individual Data. This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, title, date of birth and gender and your contact details such as your billing address, delivery address, email address and telephone numbers;

Advertising Data. This includes personal data which relates to your advertising preferences, such as whether you open our emails (and if you do what links you click on), information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;

Information Technology Data. This includes personal data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browsing behaviour information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices (which include computers as well as hand held devices such as mobile phones and tablets) that you use to access our website;

Account and Profile Data. This includes personal data which relates to your account or profile on our website, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;

Economic and Financial Data. This includes personal data which relates to your finances, such as your payment card details and information which we collect from you for the purposes of the prevention of fraud;

Sales Data. This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of prescriptions and other details of products and services you have purchased from us;

Health Data. This includes personal data relating to your current or former physical or mental health, including information about any healthcare you have received from us or other healthcare providers such as GPs, dentists or hospitals (private and/or NHS), which may include test results, referral letters, prescription or treatment details, photos, information you provide when communicating with our doctors, details of clinic and hospital visits, as well as medicines administered;

Market Research Data. This individual data which is gathered for the purposes of market research, such as price comparison information.

We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

In addition, we may obtain certain special categories of your data / sensitive personal data, and this Privacy Policy specifically sets out how we may process these types of personal data. The special categories of data are: (i) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.


We obtain your personal data from the following sources:

Directly from you, either via video calls, via our website or by telephone or via computers and hand held devices including mobile phones and tablets. This could include personal data which you provide when you:

  • enter into a contract with us for the provision of healthcare services;
  • use any healthcare services provided by us;
  • create an account on our website;
  • request information on our products or services or for other marketing to be sent to you;
  • correspond with us by letter, email or telephone;
  • complete a survey from us or give us feedback; and/or
  • purchase a consultation from us for a product dispensed by Boots, the payment confirmation for which shall be sent to us by Stripe (or such other payment processor as we appoint from time to time).

Via automated technologies, such as cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

Indirectly from other sources. We may also collect personal data about you from third parties when:

  • you are referred to us for the provision of healthcare services (such as where you are referred to us by Boots);
  • we liaise with the relevant pharmacist;
  • we deal with experts (including medical experts) and other service providers about services you have received or are receiving from us (such as a laboratory);
  • we liaise with credit reference agencies;
  • we liaise with debt collection agencies; and/or
  • we liaise with Government agencies, including the Home Office and HMRC.

From someone else, such as:

  • analytics providers (such as Google Analytics);
  • search information providers (such as Facebook, Google Ads and Microsoft Bing Ads);
  • providers of technical, payment and delivery services (such as Stripe);
  • providers of video conferencing and webinar software services for webinars we may provide (such as Zoom); and
  • providers of social media platforms (such as Facebook, Twitter and Instagram) for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter.


We collect personal data about you in order to:

  • perform our contractual obligations to you. This would include:
    • registering you as a patient;
    • providing you with healthcare and related services and to communicating with you in relation to the same (including in relation to complaints);
    • providing any treatments or prescriptions which have been prescribed to you or referring you to Boots for the fulfilment of any prescriptions;
    • communicating with any other individual that you ask us to update about your care, including family members and other healthcare professionals;
    • using our systems to compile and organise your answers to our health questionnaire to enable our healthcare professionals to better assess your health, understand your healthcare needs and provide you with any relevant prescriptions;
    • making or receiving payments, fees and charges; and
    • collecting and recovering money owed.
    • inviting you to participate in clinical research.
  • manage our relationship with you including:
    • to send you important notices such as communications about changes to our terms and conditions and policies (including this Privacy Policy);
    • to provide you with important real-time information about healthcare services and prescriptions you have ordered from us (e.g. when your prescription is ready for collection or in the unlikely event that we have to change your appointment time); and
    • to send you information you have requested;
    • to deal with your enquiries; and
    • to ask you to leave a review or feedback on us;
  • administer our business and carry out business activities and operations, such as maintaining accounting records, analysis of financial results, internal audit requirements and receiving professional advice;
  • send you relevant communications where you start the process of registering as a patient with us but do not complete this process;
  • make suggestions and recommendations to you about goods or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising;
  • for internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, patient relationships and experiences;
  • protect our business including to deal with any misuse of our website and to comply with our security policies at our locations;
  • conduct or taking part in any medical audits (e.g. an audit carried out by us for the purposes of assessing outcomes for patients and identifying improvements which could be made for the future);
  • comply with our own legal and industry obligations e.g. to comply with health and safety requirements, or to assist in a police investigation;
  • enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties;
  • perform an official role which we have been designated to carry out by an official authority (e.g. the government) or where we are otherwise carrying out tasks which are in the public interest (e.g. which have been designated as such by government, or which would otherwise be deemed in the public interest);
  • to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same), for example we may use your personal data to prevent people from obtaining prescription medications fraudulently;
  • finance, restructure, sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers; and
  • investigate and defend any third-party claims or allegations.


Where we may rely on consent

For certain purposes it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.

In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing your personal data. Please email us at email to do so.
Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other lawful bases to process your personal data for other purposes.

Other legal bases we may rely on

Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:

  • the processing is necessary in order for us to comply with our legal obligations (such as compliance with medical legislation);
  • the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
  • processing is necessary for the establishment, exercise or defence of legal claims; or
  • the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:
    • the provision of our healthcare services and goods;
    • the recovery of debt;
    • the provision of administration and / or technology services;
    • the security of our technology network;
    • the prevention of fraud;
    • marketing of goods and services and promotion of our business;
    • the reorganisation or sale or refinancing of the business or a group restructure;
    • the study in how to develop, update and improve our products and services;
    • to invite you to participate in clinical trials
    • the development of our business strategy;
    • protecting our business and property;
  • the processing is necessary in order to protect the vital interests of an individual e.g. where there is a medical emergency; or
  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Extra conditions for sensitive personal data

Where we are processing your sensitive / special category personal data one of the following conditions will also apply:

  • you have given your explicit consent to the processing;
  • the processing relates to personal data which are manifestly made public by you;
  • the processing is necessary for the establishment, exercise or defence of legal claims;
  • the processing is necessary for archiving purposes in the public interest; scientific or historical research purposes or statistical purposes;
  • the processing is necessary to protect an individual’s vital interests where the individual cannot give consent;
  • the processing is necessary for reasons of substantial public interest;
  • processing is necessary in relation to your or our rights in the field of employment and social security and social protection law;
  • processing by a not-for-profit body in certain circumstances;
  • processing is necessary for the purposes of preventative or occupational medicine; and
  • processing is necessary for reasons of public interest in the area of public health.


We may disclose your personal data to:

  • our group companies and affiliates or third-party data processors who may process data on our behalf to enable us to carry out our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Policy;
  • a doctor, nurse, carer or any other healthcare professional involved in your treatment, including your GP, pharmacist, dentist or other clinicians (including their medical secretaries);
  • other members of support staff involved in the delivery of your care, such as admin staff;
  • other Boots businesses in connection with dispensing and fulfilling prescriptions, responding to patient support enquiries, investigating complaints and fraudulent activity, adding points to your Advantage card and updating any consents that we collect on Boots’ behalf;
  • Royal Mail or other delivery service providers;
  • anyone that you ask us to communicate with or provide as an emergency contact (e.g. your next of kin or carer);
  • NHS organisations, including NHS Resolution, NHS England, Department of Health;
  • relevant parties if we have concerns about your wellbeing if you provide your consent or in order to protect your vital interests;
  • private sector healthcare providers;
  • third parties who assist in the administration of your healthcare, such as insurance companies or Boots;
  • national and other professional research/audit programmes and registries;
  • government bodies including the Home Office and HMRC as well as our regulators, like the Care Quality Commission, Regulation and Quality Improvement Authority, Health Inspectorate Wales and Healthcare Improvement Scotland;
  • the police and other third parties where reasonably necessary for the prevention, investigation, prosecution or detection of crime;
  • our insurers;
  • debt collection agencies;
  • credit referencing agencies;
  • our third-party services providers such as technology suppliers, actuaries, auditors, lawyers, document management providers and tax advisers;
  • third parties who provide marketing or digital advertising services, such as marketing and PR agencies, email platforms, analytics software providers, survey tools and social media platforms;
  • law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
  • third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation); and
  • senior staff within our business and IT staff if access to the data is necessary for the performance of their roles, as applicable.


If you provide personal data to us about someone else (such as one of your next of kin or, where you are a business, your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described or referenced in this Privacy Policy.

You must ensure the individual concerned is aware of the various matters detailed or referenced in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.


It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.


We will store your personal data for the time period which is appropriate in relation to your treatment.

This Privacy Policy was updated in August 2023.