Healthwave Limited (we or us) is committed to protecting and respecting your privacy.
The Data Controller
For the purpose of the Data Protection Acts 1988 – 2018 and the General Data Protection Regulation (GDPR), the data controller is Healthwave Limited. We are registered in Ireland under company number 528404 and we have our registered office at Unit 2, Dundrum Retail and Office Park, Sandyford Road, Dundrum, Dublin 16. Healthwave Limited is a wholly owned subsidiary of COGA Investments Limited.
What personal data do we process?
- Information provided by you:
You may give us information about you by filling in forms on our website healthwave.ie (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our service, contact us, place an order, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site. The information you give us may include your name, shipping and billing address, gender, date of birth, household members name/DOB and gender, e-mail address, phone number, marketing preferences, financial and credit card information, transaction history, passwords, dependents information, spouse (if registered), details of prescribed medications, drugs payment scheme or medical card information and details of healthcare professionals.
If you join Healthwave through an employer scheme we will also hold a record of your employer.
If you decide to use our ‘refer-a-friend’ scheme we may require your friends name and email address.
- Information we collect about you:
With regard to each of your visits to our site we may automatically collect the following information: Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
If you contact us by telephone, we may record the phone number you use to call our customer service number. As part of quality monitoring, we record telephone calls.
Healthwave operate in-store CCTV for safety and security purposes. CCTV recordings are stored securely and accessed on a need-to-know basis only. For full information refer to our CCTV policy. We may record telephone calls to improve the quality of our service.
- Information we receive from other sources:
We may receive information about you from other sources. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. From time to time it will be necessary for us to liaise with prescribing medical professionals (GPs and others) to verify the accuracy of information provided.
How do we use this information?
- To provide our service to our members – In other words, to fulfil your prescription, to provide you with the information, products and services that you request from us including medication, delivery, pharmacist visit etc.
- To provide you with information about other goods and services we offer – that are similar to those that you have already purchased or enquired about. We will only send you this information if you have opted to receive it.
- To permit selected third parties to provide you, with information about goods or services we feel may interest you – We will only send you this information if you have opted to receive it.
- To respond to your query.
- To notify you about changes to our service.
- To administer our website including troubleshooting, data analysis, testing, research, statistical and survey purposes and to ensure that content from our site is presented in the most effective manner for you and for your computer.
- Security and prevention of fraud – we may use your information to keep our systems and users safe.
Legal Basis for Data Processing
Under Data Protection Law Healthwave is required to ensure that there is an appropriate basis for the processing of personal data and to advise what that basis is.
The primary bases used by Healthwave are:
- a) Processing necessary for the performance of a contract (e.g. contract of sale or service)
- b) Processing necessary for Healthwave to pursue its legitimate interests (e.g. CCTV)
- c) Processing based on the Data Subject’s consent
- d) Processing that is required under applicable law (e.g. reporting of private vaccinations etc.)
- e) Processing that is required to safeguard the vital interests of a data subject (e.g. verification of details in a prescription)
Where we rely on legitimate business interests to justify the purposes of using data subject’s personal data, these interests will usually be:
- Compliance with a variety of legal and regulatory obligations;
- The pursuit of commercial activities and objectives;
- Improve and develop our products/services or operations;
- Protecting our business, owners, employees, customers or third parties;
We process sensitive data based on one of the following conditions:
- Explicit consent of the data subject;
- Pursuant to contracts entered into by us as health practitioners as per Article 9 2(h) ‘processing is necessary … pursuant to contract with a health professional’
- For the establishment, exercise or defence of legal claims.
- For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
- For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.
You have the right to request:
- A copy of data we hold about you (Right of Access)
- That any error in data we hold about you is corrected (Right of Rectification)
- That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it (Right of Erasure)
- That we refrain from processing data for a specific purpose (Right to Restrict processing)
- A copy of the data in a structured, commonly used and machine-readable form to enable you to reuse your personal data for your own purposes across different services (Right of Data Portability)
- You have the right to complain to the Irish Data Protection Commission (dataprotection.ie) and to seek compensation through the courts.
We will accede to any such valid requests within 30 calendar days of the receipt of a valid request in writing. Please send all requests in writing to Data Protection Manager, Healthwave, Unit 2 Dundrum Retail & Office Park, Sandyford Road, Dundrum, Dublin 16 or firstname.lastname@example.org. We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.
Who do we share your information with?
We do not share your information with data processors other than set out in this policy. We may share your personal information with any member of our group, which means our holding company, as defined in the Companies Act 1963.
We may share your information with selected data processors including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- To process payments (Stripe).
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
- Third parties for whom you have provided your consent for us to share your data.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- As part of our operational processes: Healthwave use a carefully selected combination of software systems (Touchstore), communication systems (MS Outlook), Customer Relationship Management Systems (Zendesk) and storage systems to store and process personal data.
For some processing activities, the company is required to disclose data to 3rd parties who are not data processors acting on its behalf or data controllers on whose behalf the company is working.
These categories of recipients include
- Tax Authorities (e.g. Irish Revenue Commissioners)
- Law enforcement (where required for the investigation, detection or prosecution of criminal offences)
- HSE & data subject’s GP (as specified in the Medicinal Products Act 2011, S.I. No. 525) – to report all private vaccines administered by the pharmacy.
- HPRA & Pharmaceutical Companies – where information regarding adverse reactions is provided to the pharmacy and it is deemed necessary and proportionate to report this information.
Other Healthcare Professionals
From time to time Healthwave may deem it necessary to liaise with GPs or prescribing doctors regarding a prescription if there is genuine concern or confusion regarding its content.
Security of Personal Data
Healthwave uses appropriate technical, organisational, legal and physical measures which comply with data protection laws to keep personal data secure. These measures include anti-virus protection systems, firewalls, and data encryption technologies, CCTV, premises alarmed when not occupied, staff training, secure data storage and transfer.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately.
Transfers outside of the EEA
Healthwave may make use of services provided by 3rd parties which may necessitate the transfer of personal data outside of the EU/EEA. Where data needs to be transferred or processed outside of the EU/EEA Healthwave choose providers who process data based on:
- EU/US Privacy Shield
- Model Contract Clauses
- An Adequacy Decision from the European Commission.
- Healthwave may record telephone calls to monitor and improve its service through training. It may also use calls to respond to queries or complaints and/or to comply with legal or regulatory obligations.
- Healthwave may monitor other communications (electronic or written) to monitor the quality of the service provided, to respond to queries or complaints and /or to comply with legal or regulatory obligations.
Healthwave retains personal data about individuals for a range of periods. The basis for our retention periods is based on our contractual obligations. We commit to not keeping personal data for longer than is necessary and review records on an annual basis. Healthwave will retain data as set out in our Data Retention Policy.
We use a range of technologies on our website www.healthwave.ie some of which are controlled by us (first party) and some are controlled by other organisations (third party).
These technologies include (but are not limited to) cookies, scripts, fonts and images; some of which are considered as necessary for us to be able to deliver the web site to you and others which we use to enhance our understanding of how you use our web site; to assist in our marketing activities and other purposes explained below.
Under European law we are required to obtain your consent for any use of these technologies which is not considered as necessary, as well as provide you with clear information as to what these technologies do; and the third parties we work with.
The Technologies We Use
Cookies are small files containing specific information relating to your use of our website – such as login credentials; items in a shopping cart and tracking identifiers. Cookies are placed on your computer or device and are set by our web server and the web servers of third parties we use on our web site. Cookies can be read, updated or deleted by those same servers, each time you visit our web site, depending on the type of cookie it is.
Cookies which are only related to a single session (a single visit to our website) are deleted automatically when you close your web browser – these are typically considered as necessary for us to deliver the website to you and are sometimes known as session cookies.
Other cookies (such as tracking cookies or authentication cookies) are often saved for an extended period of time from days to years, known as persistent cookies.
Who sets these Cookies?
First party cookies are stored and accessed by our web server; third party cookies are stored and accessed by other organisations, such as analytics providers and advertisers.
- Necessary Cookies: These are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- Analytical/Performance Cookies: These cookies are set by our analytics providers and allow us to record certain information about you, such as the pages you visit on our website, how many times you visit our website, and links you might click on. Furthermore, when you connect to our analytics provider in order for them to set the cookie – they may also collect other information about you such as your geographical location; your IP address; what type of device you are using and various information about the device. This information can be used to create a unique fingerprint to help further identify you on other websites you might visit and can be used to create a profile of your online activities and interests.
- Marketing Cookies: Cookies set by our marketing providers are used for the purpose of tracking your online activities to create a profile and give us a better understanding of your interests.
Details on Non-Essential Cookies
These are used for other business purposes which are not considered necessary to deliver the website to you.
|Cookie/Tracker Request||Who can store and access the cookie?||What is the cookie used for?|
|_gid||Google Analytics||For the purpose of analyzing the use of our website|
|_zlcmid||Zopim Live Chat Function||For the purpose of facilitating live chat with web visitors|
|Google Analytics||For the purpose of analyzing the use of our website|
|Crazy Egg||Crazy Egg||Site analytics – Collects and analyzes data related to site usage and performance|
|New Relic||New Relic||Deep performance site analytics|
|Cookie/Tracker Request||Who can store and access the cookie?||What is the cookie used for?|
|_fbp||Facebook use this to track which websites you visit for the purpose of delivering behavioral advertising.|
|googleads.g.doubleclick.net||Provides advertising or advertising-related services such as data collection, behavioural analysis or retargeting.|
|Cookie/Tracker Request||Who can store and access the technology||What is the technology used for?|
|_cfduid||Cloudflare||Identify individual users on shared IP addresses|
|Fr||Tracks logged out facebook users|
|Cookie/Tracker Request||Technology provider||What is the technology used for?|
|AWSALB||Amazon web services||Allocate server traffic to make a smooth user experience|
Your choices regarding these technologies
Essential technologies will be placed in your web browser without your prior consent. These are being used to maintain the functionality of the website. Any non-essential technologies will only be placed in your web browser with your prior consent.
We take our security responsibilities seriously, employing the most appropriate physical and technical measures. We review our security policy regularly.
Governing Law and Jurisdiction
This legal notice and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.