Privacy Policy

Introduction

This is the website of Healthwave Ltd. (‘we’, ‘us, ‘our’, ‘Healthwave’).

This policy (together with our terms of use and any other documents referred to in it) discloses our information gathering and dissemination practices relating to this website. In order to fully understand your rights, we encourage you to read this in full. We are not responsible for the content or privacy practices of other websites. We reserve the right to modify this privacy policy at any time. Each time you use this website you shall be bound by the then current privacy policy and accordingly you should review the privacy policy each time you use this website.

This policy governs the online processing activities of this website. For offline processing of personal data, please request a copy of our data protection policy from our Data Protection Manager (contact details below).

Who are we?

We are Healthwave Ltd. A pharmacy specialising in developing innovative ways to dispense medication. The Healthwave website www.healthwave.ie provides information, an online portal for members and an online shop.

We are registered in Ireland under company number 528404 and we have our registered office at Unit 2, Dundrum Retail and Office Park, Sandyford Road, Dundrum, Dublin 16. Healthwave Limited is a wholly owned subsidiary of COGA Investments Limited.

Data Controller

Healthwave Ltd. is the controller of the personal data it processes. You can contact us in a number of ways, which are set out on our contact us page.

Data Protection

We take our responsibility to protect your data seriously and will not collect any personal information about you on this website without your clear knowledge and permission. Any personal information which you volunteer to us will be treated strictly in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018. Where data is submitted it will be used for the stated purpose and any reasonably incidental purposes only.

We do not sell or distribute your personal information to third parties for purposes of allowing them to market products and services to you.

Communicating via the internet and sending information to you by other means necessarily involves your personal information passing through or being handled by third-parties.

What information do we collect ?

For general web-browsing certain statistical information is available to us via our internet service provider. This information may include the IP and logical address of the server you are using, the top level domain name from which you access the internet (for example .ie, .com, etc.), the type of browser you are using, the date and time you access our site and the internet address linking to our site. We may also use temporary “session” cookies which enable a visitor’s web browser to remember which pages on this website have already been visited.
You may provide us with information about you by contacting us via the contact details supplied on our website (telephone or email address) or by entering a competition, promotion or survey or by engaging with us via social media. If you contact us by telephone, we may record the phone number you use to call our customer service number. As part of quality monitoring, we record telephone calls.
If you register for our service, we will request the following information: name, DOB, gender, email address, phone number, billing and delivery address, chosen password, drugs payment scheme and/or medical card information. In the case of family memberships, we may ask for details relating to your partner and/or dependants. If you join Healthwave through an employer scheme we will also hold a record of your employer. To log into your account your name and password will be required.
If you make a purchase through our online shop we will require your name, delivery and billing address, phone number, email address and payment information. Note: we use Stripe as our payment platform. This means your card details are encrypted as soon as they are processed. Healthwave do not have any access to your card details after payment.
If you use Carebot (our online messaging service) the information we collect will vary depending on your needs. Generally, this will include your name, phone number, email address, membership type, medicine name and Eircode.
Information we receive from other sources: We may receive information about you from other sources. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them. From time to time it will be necessary for us to liaise with prescribing medical professionals (GPs and others) to verify the accuracy of information provided.
Information contained within a job application (CV) where that is sent via our website.

How do we use this information ?

To provide our service to our members – In other words, to fulfil your prescription, to provide you with the information, products and services that you request from us including medication, delivery, pharmacist visit etc. This includes registering you as a member.
To provide you with information about other goods and services we offer – that are similar to those that you have already purchased or enquired about. We will only send you this information if you have opted to receive it.
To permit selected third parties to provide you, with information about goods or services we feel may interest you – We will only send you this information if you have opted to receive it.
To respond to your query or complaint.
Job applications – from time to time jobs may be advertised on our website and potential candidates will submit their personal data (e.g. CV’s) for our review.
Entering competitions.
To notify you about changes to our service.
To administer our website including troubleshooting, data analysis, testing, research, statistical and survey purposes and to ensure that content from our site is presented in the most effective manner for you and for your computer.
Security and prevention of fraud – we may use your information to keep our systems and users safe.

What is our Legal Basis for Data Processing

We process your personal data based on the following lawful basis:

Consent: We will only process your data for marketing purposes with your consent. For processing activities for which we rely on consent as a basis for processing, you have the right to withdraw that consent at any time.
Contract: We may process the data you provide while fulfilling our obligations under a contract e.g. during the provision of products or services to you.
Statutory: Some processing activities are required by law e.g. Revenue reporting, reporting of private vaccinations. This includes our obligation as pharmacists to verify details in a prescription.
Legitimate interests: We analyse visitors interactions with our service and website to get a better understanding of customers needs and preferences in order to better tailor our offering.

Where we rely on legitimate business interests to justify the purposes of using data subject’s personal data, these interests will usually be:

Compliance with a variety of legal and regulatory obligations
The pursuit of commercial activities and objectives
Improve and develop our products/services or operations
Protecting our business, owners, employees, customers or third parties

We process sensitive data based on one of the following conditions:

Explicit consent of the data subject
Pursuant to contracts entered into by us as health practitioners as per Article 9 2(h) ‘processing is necessary … pursuant to contract with a health professional’
For the establishment, exercise or defence of legal claims

What are your rights ?

Under data protection law, data subjects have certain rights. Subject to certain restrictions, which are set out below, you can exercise these rights in relation to your personal data we process.

The right to be informed about the processing of your personal data
The right to access your personal data
The right to rectification of your personal data
The right to erasure of your personal data
The right to data portability
The right to object to processing of your personal data
The right to restrict processing of your personal data
Rights in relation to automated decision making, including profiling.
You have the right to complain to the Irish Data Protection Commission (www.dataprotection.ie ) and to seek compensation through the courts

We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.

Please send to the Data Protection Manager, Healthwave, Unit 2 Dundrum Retail & Office Park, Sandyford Road, Dundrum, Dublin 16 or info@healthwave.ie. We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.

Restriction of data subject rights in certain circumstances

Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances. In addition, the 2018 Act contains certain provisions dealing with the restriction of rights of data subjects, in particular Sections 59, 60 and 61, which give further effect to the provisions of Article 23. Further information can be found here.

With whom do we share your information ?

We do not share your information with third parties other than those set out in this policy. We may share your information in the following circumstances:

Service providers: We may need to share personal information with our service providers, such as where necessary to provide our services to you. If there has been a breach of our terms of use, we may also share personal information with our legal advisors. All of our service providers will be obliged to keep your personal information safe and secure. As part of our operational processes: Healthwave use a carefully selected combination of software systems (Touchstore), communication systems (MS Outlook and online messaging), Customer Relationship Management Systems (Zendesk) and storage systems to store and process personal data.
Business Transfer: Where some or all of our company and/or its assets may potentially be or have been acquired, we may need to transfer your personal information to the new or prospective owners.
Legal and safety: In certain instances, we may share information where we reasonably believe that it is necessary for legal reasons, to defend our legal rights, to enforce our terms of use or to protect our rights, property, users, customers or the safety of any person. For example, we may provide personal information where ordered by a court to do so.
Other: We will share your information with a third party other than a service provider where you have given your consent for us to do so.

Other recipients

For some processing activities, the company is required to disclose data to 3rd parties who are not data processors acting on its behalf or data controllers on whose behalf the company is working.

These categories of recipients include

Tax Authorities (e.g. Irish Revenue Commissioners)
Law enforcement (where required for the investigation, detection or prosecution of criminal offences)
HSE & data subject’s GP (as specified in the Medicinal Products Act 2011, S.I. No. 525) – to report all private vaccines administered by the pharmacy.
HPRA & Pharmaceutical Companies – where information regarding adverse reactions is provided to the pharmacy and it is deemed necessary and proportionate to report this information.
Other Healthcare Professionals: From time to time Healthwave may deem it necessary to liaise with GPs or prescribing doctors regarding a prescription if there is genuine concern or confusion regarding its content.

Where we store personal information

We generally store personal information on servers located inside the European Economic Area. However, in certain cases it may be necessary for us to transfer certain information to servers located outside of the EU. It is important to be aware that the privacy protections in certain jurisdictions may not be equivalent to those in Europe but we will only transfer your information outside the EEA where permitted by law and ensuring that it is subject to appropriate protections.

Data Retention

Healthwave retains personal data for a range of periods as set out in our Data Retention Policy.

Cookie Policy

Cookies are small files containing specific information that may be placed on your device when you use a website. Cookies help us to remember your preferences and to tailor our digital content according to your interests. Below is some terminology used to explain cookies.

First Party Cookies

These are cookies that are set and read by our own website. They store information such as your preferences, usage, login credentials and items in your shopping cart.

Third Party Cookies

Cookies set by another domain which are read by the code on our website. These cookies track your internet use across a number of sites and can be used to profile you for advertising networks.

Session Cookies

These are cookies which are only related to a single session (a single visit to our website) and are automatically deleted when you close your web browser – these are typically considered as necessary for our website to function.

Persistent Cookies

These cookies remain on your device after you’ve finished your session.

Other cookies (such as tracking cookies or authentication cookies) are often saved for an extended period of time from days to years, known as persistent cookies.

Necessary Cookies

Cookies which are required for our website to work e.g. cookies for load balancers, login, cookies acceptance etc.

Marketing/Advertising Cookies

Advertising cookies are used to monitor your internet usage and target ads which are more relevant to you. These are mainly third-party cookies from advertiser networks.

Analytic/Performance Cookies

These cookies are set by our analytics providers and allow us to record certain information about you, such as the pages you visit on our website, how many times you visit our website, and links you might click on. These cookies may also capture your geographical location; your IP address; what type of device you are using and various information about the device. This information can be used to create a unique fingerprint to help further identify you on other websites you might visit and can be used to create a profile of your online activities and interests.

Cookies on our site

We use a range of technologies on our website www.healthwave.ie, some of which are controlled by us (first party) and some are controlled by other organisations (third party).

These technologies include (but are not limited to) cookies, scripts, fonts and images; some of which are considered as necessary for us to be able to deliver the web site to you and others which we use to enhance our understanding of how you use our web site; to assist in our marketing activities and other purposes explained below.

Under European law we are required to obtain your consent for any use of these technologies which are not considered as necessary, as well as provide you with clear information as to what these technologies do; and the third parties we work with.

The cookies we use

Analytic/Performance Technologies

Name of the Cookie	Host	Purpose	First/Third Party	Persistent/Session
_gid	Healthwave	Google Analytics – Track what pages you visit, how long you are on the site, how you got here and what you click on.	First Party	Persistent
_ga	Healthwave		First Party	Persistent
_gat	Healthwave		First Party	Persistent
_gat_UA-46308483-1	Healthwave	A pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to.	First Party	Persistent
__stripe_sid	Healthwave	stripe.com uses this cookie to process payments for our website.	First Party	Session
__stripe_mid	Healthwave	Stripe uses a cookie to remember who you are and to enable our website to process payments without storing any credit card information on our own servers.	First Party	Persistent

Marketing/Advertising Technologies

Name of the Cookie	Host	Purpose	First/Third Party	Persistent/Session
_fbp	Facebook	Facebook use this to track which websites you visit for the purpose of delivering behavioral advertising.	Third Party	Persistent
_fr	Facebook	Helps deliver advertising to visitors who have already visited the site while they are on facebook or another platform powered by it	Third Party	Persistant
IDE	Doubleclick	Helps show relevant advertising	Third Party	Persistent
_gcl_au	Google Tag Manager	To store and track conversations	Third Party	Persistant
GPS	Youtube.com	Collects data through videos embedded on our website in order to target advertising	Third Party	Persistent
YSC	Youtube.com	Track views of embedded videos.	Third Party	Persistent
Visitor_Info1_Live	Youtube.com	Unique identifier to track video views	Third Party	Persistent
tk_lr, tk_r3d tk_or	WordPress	Gathers information for our own, first party analytics tool about how our services are used. A collection of internal metrics for user activity, used to improve user experience	Third Party	Persistent

Do I have to agree to the websites use of cookies?

No. If you do not consent to our use of cookies, you can set your browser settings to reject cookies. These settings are usually found in the “options” or “preferences” menu of your web browser. You can find more details about how to control cookies here. Alternatively, you can use the “Help” option in your web browser get more details. Some of the features of our website may not work or will be curtailed from working effectively without cookies. As a result, changing your browser settings to reject cookies may have a negative impact on your ability to use our website.

If you use our website with your web browser set to accept cookies, you consent to our use of cookies as described in this cookies policy. If you do not accept our use of cookies, you should either (a) immediately stop using our services or (b) use the settings described above to reject cookies. To withdraw your consent to our use of cookies, you should either (a) cease using our website or (b) delete our cookies using your web browser’s settings and set your browser to reject future cookies. You can find out more about deleting and blocking cookies here and using your web browser’s “Help” option.

Security

We take our security responsibilities seriously, employing the most appropriate physical and technical measures. These measures include anti-virus protection systems, firewalls, and data encryption technologies, CCTV, premises alarmed when not occupied, staff training, secure data storage and transfer. We review our security policy regularly. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately.

Governing Law and Jurisdiction

This legal policy and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.

General

Delay or failure on our part in enforcing any of our rights shall not constitute a waiver by us of our rights and remedies. If any part of this Privacy Policy is held to be invalid or unenforceable, the validity or enforceability of the remainder will not be affected.

Contacting us

If you have any questions about this policy, our practices relating to the website or your dealing with the website you can contact us at info@healthwave.ie.

Changes to this policy

We may revise this policy on occasion. This privacy policy was last updated 22 August 2020.

Prepared by Ambit Compliance.