Privacy & Cookie Policy


Healthwave Limited (we or us) is committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read this document carefully to understand your rights, and our views and practices regarding personal data and how we handle it. By visiting you are accepting and consenting to the practices described in this policy. We reserve the right to amend this policy at any time and each time you use our website you will be bound by the then terms. For that reason, we encourage you to revisit the Privacy Policy each time you use this website.


The Data Controller

For the purpose of the Data Protection Acts 1988 – 2018 and the General Data Protection Regulation (GDPR), the data controller is Healthwave Limited. We are registered in Ireland under company number 528404 and we have our registered office at Unit 2, Dundrum Retail and Office Park, Sandyford Road, Dundrum, Dublin 16. Healthwave Limited is a wholly owned subsidiary of COGA Investments Limited.


What personal data do we process?

  • Information provided by you:

You may give us information about you by filling in forms on our website (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our service, contact us, place an order, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site. The information you give us may include your name, shipping and billing address, gender, date of birth, household members name/DOB and gender, e-mail address, phone number, marketing preferences, financial and credit card information, transaction history, passwords, dependents information, spouse (if registered), details of prescribed medications, drugs payment scheme or medical card information and details of healthcare professionals.

If you join Healthwave through an employer scheme we will also hold a record of your employer.

If you decide to use our ‘refer-a-friend’ scheme we may require your friends name and email address.

  • Information we collect about you:

With regard to each of your visits to our site we may automatically collect the following information: Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

If you contact us by telephone, we may record the phone number you use to call our customer service number. As part of quality monitoring, we record telephone calls.

Healthwave operate in-store CCTV for safety and security purposes. CCTV recordings are stored securely and accessed on a need-to-know basis only. For full information refer to our CCTV policy. We may record telephone calls to improve the quality of our service.

  • Information we receive from other sources:

We may receive information about you from other sources. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. From time to time it will be necessary for us to liaise with prescribing medical professionals (GPs and others) to verify the accuracy of information provided.


How do we use this information?

  • To provide our service to our members – In other words, to fulfil your prescription, to provide you with the information, products and services that you request from us including medication, delivery, pharmacist visit etc.
  • To provide you with information about other goods and services we offer – that are similar to those that you have already purchased or enquired about. We will only send you this information if you have opted to receive it.
  • To permit selected third parties to provide you, with information about goods or services we feel may interest you – We will only send you this information if you have opted to receive it.
  • To respond to your query.
  • To notify you about changes to our service.
  • To administer our website including troubleshooting, data analysis, testing, research, statistical and survey purposes and to ensure that content from our site is presented in the most effective manner for you and for your computer.
  • Security and prevention of fraud – we may use your information to keep our systems and users safe.


Legal Basis for Data Processing

Under Data Protection Law Healthwave is required to ensure that there is an appropriate basis for the processing of personal data and to advise what that basis is.

The primary bases used by Healthwave are:

  1. a) Processing necessary for the performance of a contract (e.g. contract of sale or service)
  2. b) Processing necessary for Healthwave to pursue its legitimate interests (e.g. CCTV)
  3. c) Processing based on the Data Subject’s consent
  4. d) Processing that is required under applicable law (e.g. reporting of private vaccinations etc.)
  5. e) Processing that is required to safeguard the vital interests of a data subject (e.g. verification of details in a prescription)

Where we rely on legitimate business interests to justify the purposes of using data subject’s personal data, these interests will usually be:

  • Compliance with a variety of legal and regulatory obligations;
  • The pursuit of commercial activities and objectives;
  • Improve and develop our products/services or operations;
  • Protecting our business, owners, employees, customers or third parties;

We process sensitive data based on one of the following conditions:

  • Explicit consent of the data subject;
  • Pursuant to contracts entered into by us as health practitioners as per Article 9 2(h) ‘processing is necessary … pursuant to contract with a health professional’
  • For the establishment, exercise or defence of legal claims.


Your Rights

  • For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at
  • For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.

You have the right to request:

  • A copy of data we hold about you (Right of Access)
  • That any error in data we hold about you is corrected (Right of Rectification)
  • That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it (Right of Erasure)
  • That we refrain from processing data for a specific purpose (Right to Restrict processing)
  • A copy of the data in a structured, commonly used and machine-readable form to enable you to reuse your personal data for your own purposes across different services (Right of Data Portability)
  • You have the right to complain to the Irish Data Protection Commission ( and to seek compensation through the courts.

We will accede to any such valid requests within 30 calendar days of the receipt of a valid request in writing.  Please send all requests in writing to Data Protection Manager, Healthwave, Unit 2 Dundrum Retail & Office Park, Sandyford Road, Dundrum, Dublin 16 or We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.


Who do we share your information with?

We do not share your information with data processors other than set out in this policy. We may share your personal information with any member of our group, which means our holding company, as defined in the Companies Act 1963.

We may share your information with selected data processors including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
  • To process payments (Stripe).
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • Third parties for whom you have provided your consent for us to share your data.
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • As part of our operational processes: Healthwave use a carefully selected combination of software systems (Touchstore), communication systems (MS Outlook), Customer Relationship Management Systems (Zendesk) and storage systems to store and process personal data.
  • Legal and safety: In certain instances, we may share information where we reasonably believe that it is necessary for legal reasons, to defend our legal rights, to enforce our Terms of Use or to protect our rights, property, users, customers or the safety of any person. For example, we may provide personal information where ordered by a court to do so.


Other recipients

For some processing activities, the company is required to disclose data to 3rd parties who are not data processors acting on its behalf or data controllers on whose behalf the company is working.

These categories of recipients include

  • Tax Authorities (e.g. Irish Revenue Commissioners)
  • Law enforcement (where required for the investigation, detection or prosecution of criminal offences)
  • HSE & data subject’s GP (as specified in the Medicinal Products Act 2011, S.I. No. 525) – to report all private vaccines administered by the pharmacy.
  • HPRA & Pharmaceutical Companies – where information regarding adverse reactions is provided to the pharmacy and it is deemed necessary and proportionate to report this information.


Other Healthcare Professionals

From time to time Healthwave may deem it necessary to liaise with GPs or prescribing doctors regarding a prescription if there is genuine concern or confusion regarding its content.


Security of Personal Data

Healthwave uses appropriate technical, organisational, legal and physical measures which comply with data protection laws to keep personal data secure. These measures include anti-virus protection systems, firewalls, and data encryption technologies, CCTV, premises alarmed when not occupied, staff training, secure data storage and transfer.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately.


Transfers outside of the EEA

Healthwave may make use of services provided by 3rd parties which may necessitate the transfer of personal data outside of the EU/EEA. Where data needs to be transferred or processed outside of the EU/EEA Healthwave choose providers who process data based on:

  • EU/US Privacy Shield
  • Model Contract Clauses
  • An Adequacy Decision from the European Commission.



  • Healthwave may record telephone calls to monitor and improve its service through training. It may also use calls to respond to queries or complaints and/or to comply with legal or regulatory obligations.
  • Healthwave may monitor other communications (electronic or written) to monitor the quality of the service provided, to respond to queries or complaints and /or to comply with legal or regulatory obligations.


Data Retention  

Healthwave retains personal data about individuals for a range of periods. The basis for our retention periods is based on our contractual obligations. We commit to not keeping personal data for longer than is necessary and review records on an annual basis. Healthwave will retain data as set out in our Data Retention Policy. 


Cookies policy 

We use a range of technologies on our website some of which are controlled by us (first party) and some are controlled by other organisations (third party).

These technologies include (but are not limited to) cookies, scripts, fonts and images; some of which are considered as necessary for us to be able to deliver the web site to you and others which we use to enhance our understanding of how you use our web site; to assist in our marketing activities and other purposes explained below.

Under European law we are required to obtain your consent for any use of these technologies which is not considered as necessary, as well as provide you with clear information as to what these technologies do; and the third parties we work with.


The Technologies We Use 


Cookies are small files containing specific information relating to your use of our website – such as login credentials; items in a shopping cart and tracking identifiers. Cookies are placed on your computer or device and are set by our web server and the web servers of third parties we use on our web site. Cookies can be read, updated or deleted by those same servers, each time you visit our web site, depending on the type of cookie it is.

Cookies which are only related to a single session (a single visit to our website) are deleted automatically when you close your web browser – these are typically considered as necessary for us to deliver the website to you and are sometimes known as session cookies.

Other cookies (such as tracking cookies or authentication cookies) are often saved for an extended period of time from days to years, known as persistent cookies.

Who sets these Cookies? 

First party cookies are stored and accessed by our web server; third party cookies are stored and accessed by other organisations, such as analytics providers and advertisers.

Why we use Cookies? 

We use cookies on our website for a variety of purposes:

  1. Necessary Cookies: These are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
  2. Analytical/Performance Cookies: These cookies are set by our analytics providers and allow us to record certain information about you, such as the pages you visit on our website, how many times you visit our website, and links you might click on. Furthermore, when you connect to our analytics provider in order for them to set the cookie – they may also collect other information about you such as your geographical location; your IP address; what type of device you are using and various information about the device. This information can be used to create a unique fingerprint to help further identify you on other websites you might visit and can be used to create a profile of your online activities and interests.
  3. Marketing Cookies: Cookies set by our marketing providers are used for the purpose of tracking your online activities to create a profile and give us a better understanding of your interests.


Details on Non-Essential Cookies  

These are used for other business purposes which are not considered necessary to deliver the website to you.

They include:


Analytic Technologies  

Cookie/Tracker Request Who can store and access the cookie?  What is the cookie used for? 
_gid Google Analytics For the purpose of analyzing the use of our website
_zlcmid Zopim Live Chat Function For the purpose of facilitating live chat with web visitors


Google Analytics For the purpose of analyzing the use of our website
 Crazy Egg Crazy Egg Site analytics – Collects and analyzes data related to site usage and performance
 New Relic New Relic Deep performance site analytics


Marketing Technologies 


Cookie/Tracker Request Who can store and access the cookie?  What is the cookie used for? 
_fbp Facebook Facebook use this to track which websites you visit for the purpose of delivering behavioral advertising. Google Provides advertising or advertising-related services such as data collection, behavioural analysis or retargeting.


Embedded Media 

Cookie/Tracker Request Who can store and access the technology  What is the technology used for? 
_cfduid Cloudflare Identify individual users on shared IP addresses
Fr Facebook Tracks logged out facebook users


Embedded Other 

Cookie/Tracker Request Technology provider  What is the technology used for? 
AWSALB Amazon web services Allocate server traffic to make a smooth user experience


Do I have to agree to Healthwave’s use of cookies?   

No. If you do not consent to our use of cookies, you can set your browser settings to reject cookies. These settings are usually found in the “options” or “preferences” menu of your web browser. You can find more details about how to control cookies here.  Alternatively, you can use the “Help” option in your web browser get more details. A number of features of our services may not work or will be curtailed from working effectively without cookies. As a result, changing your browser settings to reject cookies may have a negative impact on your ability to use our website.

If you use our website with your web browser set to accept cookies, you consent to our use of cookies as described in this cookies policy. If you do not accept our use of cookies, you should either (a) immediately stop using our services or (b) use the settings described above to reject cookies. To withdraw your consent to our use of cookies, you should either (a) cease using our website or (b) delete our cookies using your web browser’s settings and set your browser to reject future cookies. You can find out more about deleting and blocking cookies here and using your web browser’s “Help” option.


Your choices regarding these technologies 

Essential technologies will be placed in your web browser without your prior consent. These are being used to maintain the functionality of the website. Any non-essential technologies will only be placed in your web browser with your prior consent.



We take our security responsibilities seriously, employing the most appropriate physical and technical measures. We review our security policy regularly.


Governing Law and Jurisdiction 

This legal notice and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.



Delay or failure on our part in enforcing any of our rights shall not constitute a waiver by us of our rights and remedies. If any part of this Privacy policy is held to be invalid or unenforceable, the validity or enforceability of the remainder will not be affected.

This privacy policy governs the online processing of personal data on this website. Offline activities are covered by our Data Protection Policy which is available upon request or upon your first order.


Contacting us 

If you have any questions about this privacy policy, our practices relating to the website or your dealing with the website you can contact us at


Changes to this privacy policy 

We keep our privacy notice under regular review. This privacy policy was last updated on 30 May 2019.