Privacy policy

We, PHX Ireland Group Limited, together with our affiliates, take privacy very seriously.  This privacy policy describes how we, as a data controller, collect and process personal data about:

• visitors to our websites
• individuals who visit our premises
• individuals who apply for jobs through our website
• subscribers to or users of our online services
• individuals who we communicate or interact with in the course of our business
• individuals whose personal data is provided to us in connection with the provision of our services

• individuals who are employed or engaged by suppliers of goods or services or parties tendering to provide goods or services
• individuals captured on CCTV on our premises
• individuals who follow us on social media that leave comments or reactions to our posts on Twitter or LinkedIn

If you are an employee or contractor of PHX Ireland Group Limited or one of our affiliates, please refer to our internal privacy policy, as this privacy policy is directed at the wide variety of data subjects who may interact externally with us.

Our "websites" includes this website, all our associated sites (such as Lloydspharmacy or United Drug) and our social media pages.

We use cookies on our websites and this is explained here.

WHAT PERSONAL DATA WE HANDLE

 Personal Data provided by you

We handle the personal data that you provide to us when you:

• visit our premises
• visit our websites
• click on an embedded video on our websites
• communicate with us by completing a web form or an order form
• send us an email
• exchange information on a phone call
• apply for a job with us
• enter a competition, promotion or survey
• subscribe to our newsletters

Categories of such personal data include: your name, address, date of birth, billing information (including credit card details), email address, telephone number and other information that is relevant to the provision of our services.

CCTV images may be collected when you visit our premises. We retain these images for 30 days.

When you visit our websites, cookies, pixels and similar technologies (hereinafter referred to as "cookies") may be used. Cookies are text files that are stored in the internet browser or by the internet browser when you visit a website on your computer system.  You can read more about how we use cookies, and how to change your cookies preferences, by using the following link here.  We also use Google analytics to measure the effectiveness and improvement of our websites.  Google uses the data collected on our websites also for their own purposes – e.g. to improve its offer. You can find more information on this at http://www.google.com/analytics/terms/de.html or at https://policies.google.com/privacy.

We are using the provider Vimeo for the integration of videos and display of these. When you press play on a video a connection is established to the Vimeo servers and the video is displayed.  For more information on data processing and privacy notices by Vimeo, please see https://vimeo.com/privacy. Vimeo stores data for up to 12 months.

If you apply for a job with us we use SurveyMonkey to process your application.  You can read their privacy policy here. 

Personal Data not provided by you

We may also handle personal data not collected directly from you.

• Automated technologies or interactions

As you interact with our websites, we may automatically collect technical data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.

Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.

• Third parties or publicly available sources

We may receive personal data about you from various third parties and public sources such as technical data from the following parties:

• analytics providers; and
• social media pages such as our PHX LinkedIn account

We may also receive your personal data directly or indirectly where you work for or represent one of our suppliers or a party tendering to provide goods or services to us, in connection with services or goods we receive from that supplier. Categories of such personal data include: names, addresses, contact information, your job title, your IP address, our correspondence with you or with the supplier you represent or are engaged by, about you, financial information and other information that is relevant to the receipt of those services or goods. 

WHAT DO WE DO WITH YOUR PERSONAL DATA

We will only use your personal data when the law allows us to.  Generally, we will use your personal data in the following circumstances:

• Where we need to perform a contract we are about to enter into or have entered into with you
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• Where we need to comply with a legal or regulatory obligation
• Where you have consented to our use if your data and you can withdraw your consent at any time

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.

Purpose(s) for Processing	Legal Basis
Communicating with you, our customers or other persons in the course of our business	(a) To fulfil our obligations to you under our contract with you or (b) to support our legitimate interests in operating, managing and improving our business and services and providing services provided such interests are not overridden by the rights and interests of the data subjects concerned
Providing our services to customers and managing and improving our business and services	As above
Maintaining and operating our websites	(a) To support our legitimate interests in operating, managing and improving our business and services and providing services provided such interests are not overridden by the rights and interests of the data subjects concerned or (b) consent which may be withdrawn using cookie preferences.
Marketing about our companies and services and events	(a) To support our legitimate interests in organising promotions, events, managing our business and providing and improving services, provided such interests are not overridden by the rights and interests of the data subjects concerned or (b) consent – which you may withdraw at anytime
Processing of job applications	(a) To perform or enter into a contract with the data subject; (b) to support our legitimate interests in managing our business and providing services to our clients provided such interests are not overridden by the rights and interests of the data subjects concerned
Managing the goods and services we receive (including contract management, managing security and access to our systems and premises, payment of invoices and assessment of our suppliers or parties who tender to provide goods or services to us)	(a) To fulfil our obligations to you under our contract with you or (b) to support our legitimate interests in (i) performing a contract with our supplier who you work for or represent (ii) ensuring the protection of our systems and premises and (iii) assessing our suppliers or tenderers, provided such interests are not overridden by the rights and interests of the data subjects concerned
For the prevention and detection of fraud, money laundering and other crimes.	To comply with our legal obligations particularly anti bribery or anti-terrorism legislation
Transferring information to third parties, including to our own service providers	(a) To support our legitimate interests in managing and improving our business and services and providing services to our clients provided such interests are not overridden by the rights and interests of the data subjects concerned; or (b) to comply with our legal obligations.
To use data analytics to improve our website, services, marketing, customer relationships and experiences.	Necessary for our legitimate interests (to define types of customers for our services, to keep our website updated and relevant, to develop our business, and to inform our marketing strategy)

SHARING YOUR PERSONAL DATA

Based on the legal bases set out in the table above we may disclose your personal data to:

• our affiliates who may contact you by email, phone or post about other products and services in which you may be interested (where you have consented to such communication)
• manufacturers who have a relationship or contract with you
• our outsourced service providers or suppliers to facilitate the provision of our services to you
• our data centre provider for the safe keeping of your personal data
• our webhosting provider through which your personal data may be collected. We use Shopify as our webhosting provider. You can read their privacy policy here.  Your personal data will be stored for two years after the hosting services are terminated.  Your personal data could be sent to the US.
• our identity verification partners in order to verify your identity against public databases
• our analytics and search engine providers that assist us in the improvement and optimisation of our websites.
• third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons
• a third party, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to the purchaser or successor company
• public authorities where we are required by law to do so
• if required, in order for us to receive legal advice
• any other third party where you have provided your consent.

TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EEA

In certain instances, we may transfer your personal outside of the EEA. We will ensure that appropriate measures are in place to protect your personal data and to comply with our obligations under the data protection law. This may mean that we enter into contracts in the form approved by the European Commission, and that we implement appropriate technical and organisational measures in respect of such transfers. If you would like to receive further details about these safeguarding measures please Contact Us.

LINKS TO OTHER SITES

Our websites may contain third party links to and from other websites, plugins and applications. If you click on those links or enable a connection, you may allow those third parties to collect or share your personal data.  We are not responsible for the operation of those websites or their privacy policies.  They are subject to their own privacy policies. Please check their privacy policies before you submit any personal data to those websites.

YOUR RIGHTS AS A DATA SUBJECT

To the extent that we are the data controller of your personal data you have rights under data protection laws in relation to your personal data.  In each case, these rights are subject to restrictions as laid down by law.  You have the right to:

• request access to your personal data (commonly known as a “data subject access request”).
• request correction of the personal data that we hold about you.
• request erasure of your personal data. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• where you have previously provided your consent, you have the right to withdraw your consent to our processing of your information at any time. For example, you can withdraw your consent to email marketing by using the unsubscribe link in such communications or contacting us Protection@united-drug.ie. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
• lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is:
Office of the Data Protection Commissioner.
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Phone +353 (0761) 104 800
LoCall 1890 25 22 31
Fax +353 57 868 4757
Email: info@dataprotection.ie 

If you wish to exercise any of the rights set out above, please Contact Us.  We will respond to your request within one month.  That period may be extended by two further months where necessary, taking into account the complexity and number of requests.  We will inform you of any such extension within one month of receipt of your request.  We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available by contacting us.
In some circumstances you can ask us to delete your data: see Your Rights as a Data Subject for further information.

CONTACT US

We are the data controller for the personal data we process, unless otherwise stated.  Fiona Joyce is our Data Protection Officer.  If you have any queries in relation to this policy you can contact either using the contact details below.

Data Controller

PHX Ireland Group Limited a PHOENIX Group company, United Drug House, Magna Drive, Magna Business Park, Citywest Road, D24 XKE5, Dublin, Ireland. Telephone: +353 1 215 8800 Email: Data.Protection@united-drug.ie 

Data Protection Officer

Fiona Joyce, Data Protection Officer, United Drug House, Magna Drive, Magna Business Park, Citywest Road, D24 XKE5, Dublin, Ireland. Telephone: +353 1 215 8800 Email: Data.Protection@united-drug.com 

CHANGES TO THIS POLICY

We reserve the right to amend this privacy policy at any time.  Any changes will be announced by the publication of the revised privacy policy on our websites and we will update the “Last updated” at the bottom of this policy. Unless specified to the contrary, any amendments take effect immediately.  Please review this privacy policy regularly for updates.

Last updated in March 2024