Privacy, security and data protection for pharmacy patients and service users

This guidance describes how and for what purposes we collect and use personal data from our pharmacy patients and service users. It has been made available electronically to help meet the needs of various users who may access it. For example, it can be enlarged to make it easier to read using the software on your computer.

We will only collect data that is necessary and relevant to the delivery of Boots pharmacy services, or for any future products, or services, Boots may offer you from time-to-time.

How we will use your data

The information you give to us will be used to provide you with the pharmacy service for which it was intended. We may be required to share your data as part of our contractual requirements - for example if you take part in the NHS New Medicine Service we may need to share the information discussed with your GP. In addition your data may be used to:

  • Contact you if we need to resolve a query
  • Enable us to deliver an effective pharmacy service
  • Assess the quality of the services we have provided to you
  • Help us assure quality and safety of the services we provide to you in the future
  • Ensure consistent quality and safety of other services Boots may provide to you
  • Provide us with broad demographic data
  • Provide us with information in order to develop new products or services

Your consent regarding the use of your information submitted via Boots websites eg boots.com is given by your use of the website and any terms and conditions applicable to the particular service you are accessing.

We may be legally obliged to share your data upon receipt of a legitimate request, but we will only do so in accordance with the law.

Your data and third parties

We may share or discuss your data with appropriate parties involved in your care, but we will only do so in line with data protection requirements. For example, we may need to discuss your prescription with your prescriber, or we may need to obtain information from another Boots pharmacy from which you have obtained pharmacy services previously, in order to ensure the service we are providing to you is clinically appropriate.

From time to time, we may use the data we obtain from you for statistical analysis and research which may be used at a corporate, national or global level by ourselves. We may also provide data showing trends to third parties - for example, we share some data with the NHS to help improve patient safety. It will not be possible to identify you or any other individual from such data.

How to opt out of disclosure of your information

If you would like to explicitly refuse consent for information to be shared, for example with other healthcare professionals involved in providing care to you, it may mean that the care that can be provided to you is limited. If the service to which this applies is in a Boots store, you should advise the staff of your wishes and discuss the potential implications on your care or treatment. If the service was received via another means, such as on boots.com, you should contact Boots Customer Care on 0345 070 8090 to discuss this request.

Where your data will be stored

Your data will be held on the computer system(s) within the Boots store(s) involved in your care and on any paperwork relevant to the provision of pharmacy services to you. Your data may also be held by systems and support networks within Boots involved in your care - for example if you provide data to boots.com or Boots Customer Care. Your data may also be backed up or archived within purpose-built, professionally managed, secure data storage facilities in the UK, which will be monitored 24 hours a day, 365 days of the year. Appropriate security measures are in place in line with our NHS requirements to protect your data.

How we comply with the Data Protection Act 1998

Boots UK has internal procedures to ensure that all information which is collected and held about you is held in accordance with the legal requirements and principles of the Data Protection Act 1998.

The Data Protection Act 1998 has eight main principles. These are listed below together with an explanation of how Boots UK complies with these principles.

A summary of the data protection principles

1) Personal data shall be processed fairly and lawfully

Boots UK has developed procedures to ensure that all information collected about you is processed fairly and lawfully. In addition, Boots UK has developed this guidance to help you understand the purpose of our data collection and the steps we have taken to protect your data.


2) Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes

Boots UK has notified the purposes for which we will use your data to the Information Commissioner.


3) Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed

We ask only for data that is to be used to provide you with information relating to the service you are accessing. Sometimes we may aggregate data so we can identify trends and draw wider conclusions. In these circumstances the data will be processed to prevent identification of any individuals.


4) Personal data shall be accurate and, where necessary, kept up to date

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose, those purposes, or for the purpose of any future services provided by Boots.

The information that Boots UK collects from you and from which you are identifiable will be updated at your request. We may ask for appropriate evidence before updating this information.


5) Personal data shall be processed in accordance with the rights of data subjects under this act

Your rights under the Data Protection Act 1998 are fully observed. If you feel that your rights are being contravened then you have full recourse to the Information Commissioner's Office.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Boots UK recommends that you review the paragraphs above which set out the measures which we have taken to protect your data.


6) Personal data shall be kept for no longer than necessary

We are legally required to keep some information for a certain length of time. Your information will be held in line with our legal requirements. It will be held for an appropriate period of time which allows us to provide an effective pharmacy service to you and to refer back to the information in the future, if we may reasonably be required to do so. For example, in the event that you had a complaint about our pharmacy services, we may need to check the information we held at the time.


7) Personal data shall be protected against unauthorised or unlawful processing and against accidental loss, destruction or damage

We have various physical and technical security measures in place to prevent unauthorised access to your data, such as passwords on computer systems to which only our staff have access. We also have systems to prevent unexpected loss of your data, such as secure computer backup facilities.


8) Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

We abide by the high level of data protection regulation within the UK and consequently you can be assured that your information is processed in accordance with UK data protection principles.

Keeping your data up to date and requesting copies of the data held about you

If you would like to update your details, please contact the relevant pharmacy from which you received a service. If you would like to update your details with respect to a service received through a Boots website such as boots.com, log in to your account to make the appropriate changes. If this does not meet your requirements, if you have a specific or detailed query about the use of your data, which is not covered within this guidance, or if you would like to obtain a copy of the data held about you, please speak to Boots Customer Care on 0345 070 8090.


Download a pdf version of this policy