Phlo Technologies Ltd, trading as Hello Eve (and also referred to here as "we" or "us"), respects your privacy, and we are committed to protecting it through our compliance with this policy.
We collect, use and are responsible for certain personal information about you. When we do so we are subject to the UK's Data Protection Act, its Privacy and Electronic Communications Regulations (PECR) and the General Data Protection Regulation, which applies across the European Union. We are responsible as 'controller' of that personal information for the purposes of those laws.
We operate an ISO27001-aligned Information Security Management System.
We, us, our
Phlo Technologies Ltd., a company incorporated in Scotland under company number SC496769 whose registered address is C/O Gillespie & Anderson, 147 Bath Street, Glasgow G2 4SN.
Our data protection officer
Any information relating to an identified or identifiable individual.
Special category personal information
Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership.
Genetic and biometric data.
Data concerning health, sex life or sexual orientation.
This policy describes the types of information we may collect as part of our HELLO EVE business:
• On or in connection with our operation of this Website.
• In email, text, and other electronic messages between you and us, or which are forwarded to us, regarding HELLO EVE.
• When you interact with HELLO EVE advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
Unless otherwise stated, it does not apply to information collected by:
• Us offline or through any other means, including on any other website operated by Phlo Technologies Ltd or any third party (including our affiliates and subsidiaries); or
• Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the HELLO EVE Digital Properties.
We use your personal information to provide, personalise and improve our websites, apps and services, promote goods and services, administer loyalty programs and competitions, receive and fulfil your orders and subscriptions, and address your customer support needs. Your personal information is also used and shared as required by law or in connection with legal matters. In particular, we use information about you, such as your order history, to provide you with related offers.
For these purposes, information is shared with other companies (including affiliates and subsidiaries, if any exist at the relevant time), as well as a number of service providers and partners described below. In the event of a sale of all or part of our business, your personal information will (to the extent permitted by law, and subject to us obtaining any necessary consents from you) be transferred to the new owner.
Where we rely on your consent, such as to send you direct marketing, to share your health details and related order history with third parties, and/or to personalise offers, you can withdraw this consent at any time.
We can be required by law to collect, retain and in some cases share sensitive personal information without your consent, for example to public authorities monitoring the prevalence of infectious diseases. We will take all necessary safeguards when doing so.
Please read this policy carefully to understand our policies and practices regarding your information, how we will treat it, and your rights, such as your right to object to certain processing. This policy may change from time to time, so please check the policy periodically for updates.
We collect several types of information about users of HELLO EVE Digital Properties ("personal information"), directly or through our service providers. We collect this information:
• Directly from you when you provide it to us.
• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies and other tracking technologies (described below), and through "chatbots" or related communication systems.
• From third parties, for example our business partners.
The information you provide to us on or through HELLO EVE Digital Properties, or information we create based on that information, may include:
• Information (for instance name, login details, contact details, delivery addresses, and details about your health, allergies and prescriptions, or a history of conditions in your family) that you provide by filling in forms on HELLO EVE Digital Properties. This includes information provided at the time of registering to use HELLO EVE Digital Properties or requesting further services. We may also ask you for information when you report a problem with HELLO EVE Digital Properties.
• Customer service notes.
• Records and copies of correspondence (including email addresses), if you contact us and/or we contact you, and/or use our Live Chat function on an HELLO EVE Digital Property.
• Your responses to surveys, and the content and details (e.g. date) of any product or service reviews you leave.
• Details of transactions you carry out through HELLO EVE Digital Properties and of the fulfilment of your orders. You may be required to provide financial information before placing an order through HELLO EVE Digital Properties.
• Your search queries on HELLO EVE Digital Properties.
• Details about any consents you have provided or withdrawn, and things you have opted out of (e.g. newsletters).
If you provide family medical history to us, we ask that you respect your family's privacy by only not including superfluous information such as their name, address or contact details. We will not have their contact details in order to provide them with a privacy notice, but if they have questions, you can tell them to get in touch with us.
As you navigate through and interact with HELLO EVE Digital Properties, we may use automatic data collection technologies, such as Google Analytics, to collect certain information about your equipment, browsing actions, and patterns, including:
• Details of your visits to HELLO EVE Digital Properties, including traffic data, location data, logs, and other communication data and the resources that you access and use on HELLO EVE Digital Properties.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve HELLO EVE Digital Properties and other Phlo digital properties, and to deliver a better and more personalised service, including by enabling us to:
• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customise Phlo digital properties according to your individual interests.
• Speed up your searches.
• Recognise you when you return to HELLO EVE Digital Properties or other Phlo digital properties.
The technologies we use for this automatic data collection may include:
• Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
• Chrome: http://support.google.com/chrome/bin/answer.py?hl=en-GB&hlrm=nl&answer=95647
• Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?s=cookies&r=5&as=s
• Safari: https://support.apple.com/en-gb/HT201265
If you disable the cookies that the Website uses, this may impact your experience while on the Website, for example you may not be able to visit certain areas of the Website or you may not receive personalised information when you visit the Website. You can also delete cookies already stored on your computer. Doing this may have a negative impact on the usability of many websites.
Phlo Technologies Ltd operates several related services. In some cases, the company might look to use data in an integrated fashion across its business, for instance where a service might be interesting to users of the other services. In that case, personal information from one service might be relevant to HELLO EVE (and vice-versa).
Sometimes, we also receive personal information from third parties. In particular:
• Your doctor may send us your prescriptions or other information, with your permission.
• We may have to check local or national health system records about you (e.g. summary care records), particularly in urgent cases or when it is not possible to speak to you or your doctor about your needs (e.g. outside working hours).
• We may obtain information about you from public sources, e.g. social media, particularly where you are using those to communicate with us (e.g., via Twitter); and/or from other third parties that hold information about you, for example so we can better understand your needs and interests.
• We may obtain information about you from people that contact us, e.g. concerned family members or law enforcement officials.
We use (e.g. collect, store, analyse and/or share) information that we collect about you or that you provide to us, including personal information:
a) To fulfil a contract, or take steps linked to a contract: this is relevant where you wish to make a purchase from us or subscribe to our services, or enter a competition or loyalty scheme we offer. This includes:
• Keeping a list of items you add to your "shopping cart", so you can complete the checkout process.
• Verifying your identity and/or contact details.Checking relevant health details (e.g., allergies to certain types of medication).
• Taking payments.
• Arranging the delivery or other provision of products, services, prizes or rewards.
• In order to contact you in urgent cases regarding your services and products, for example to notify you of product recalls, or where ethics or professional rules of conduct require that we provide information to you about your health.
b) As required to conduct our business and pursue our, your and/or other persons' other legitimate interests. * In particular, we use personal information in our, your or third parties' legitimate interest:
• To present HELLO EVE Digital Properties and their contents to you, in a fast and secure manner, e.g. by using your IP address to send you the web pages you request; to estimate your location in order to deliver website content from a place near you (thereby reducing website loading times); and to combat the use of automated software agents ("bots") that would otherwise disrupt the service). This improves customer satisfaction and protects our and your interests in service security.
• To provide you with information, products, or services that you request from us, in cases where this is not done pursuant to a contract between us.
• To provide you with notices about your account.
• To enforce our rights, including those arising from any contracts entered into between you and us, including for billing and collection. More generally, we will use personal information in connection with legal claims, and for compliance, regulatory or investigative purposes; including disclosures of such information in connection with civil litigation (e.g. consumer disputes or intellectual property matters), law enforcement enquiries, or voluntary inspections.
• To notify you about changes to HELLO EVE Digital Properties, any products or services we offer or provide through them, or other Phlo services.
• To ensure Phlo customers' needs are being correctly identified and addressed (improving their experience and supporting the success of our business), for example by:
– Inviting you to take part in customer feedback surveys or market research;
– Addressing complaints or comments received from you or from others about Phlo products, services, digital content, marketing, suppliers or partners; or
– Monitoring, improving and protecting Phlo products, services and website/app content, for example by learning about how people use Phlo websites, and what features could be improved.
• To produce statistics about the medicines we have dispensed and other products we have sold – these statistics (which will normally not be linked to you, e.g. because they are about an entire category of our customers) can help inform Phlo and third parties' business decisions.
• To personalise HELLO EVE Digital Properties and other Phlo services, products, services or promotions for you (for example, reminders to order refills of a product you previously purchased or reviewed).
• To detect, prevent and/or report suspected crime (e.g. fraud) or other misconduct.
• To verify creditworthiness and/or identity.
• To conduct research (e.g., to produce statistics allowing a better understanding of health trends and risks, and to invite you to participate in research projects).
*Regarding data used in our or a third party's "legitimate interests": Even if we or third parties have a legitimate interest in a proposed use of your personal information, this does not automatically mean we can engage in that use; companies must also consider your own interests, for instance risks to your privacy. If you have any questions, or would like to object to our processing of personal information in accordance based on "legitimate interests", you can get in touch using the contact details set out below.
c) As required or authorised by applicable rules and regulations, for example:
• Keeping, inspecting and disclosing records in order to meet tax/accounting legal requirements.
• Keeping and reporting data about the incidence of certain diseases, for public health statistical purposes.
• In response to orders from government or law enforcement authorities conducting an investigation or prosecution.
d) Where you give us consent, the consent itself will explain the data uses it covers. This could include:
• Sending you newsletters and direct marketing in relation to our relevant products and services, or other products and services provided by Phlo and selected partners;
• Placing cookies and using similar technologies to store or access information on your device; or
• Transferring personal information, e.g. within or outside our group.
Note that consent is not always required for these activities, so consent is only our legal basis for such processing if we have in fact requested your consent to it.
e) In any other way we may describe when you provide the information.
We may disclose aggregated information about our users, and other information that does relate to any identifiable individual, without restriction.
• Internally within our company; or to our subsidiaries, affiliates or a parent company.
• To contractors, service providers, and other third parties we use to support our business, including, but not limited to, other pharmacies when transferring prescriptions. We use third parties for services including website hosting; IT maintenance; customer support and call centre operation; identity and fraud checking; payment processing; shipping and returns of ordered products; loyalty programs and competitions; market research; website and app analytics; marketing; manufacturing or supply. A periodically-updated list of our main service providers is available in the Service Providers section of this policy.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of HELLO EVE assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information about HELLO EVE Digital Properties' users is among the assets transferred.
• To fulfil the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent, for purposes and to the types of recipient disclosed to you when that consent is requested (for example, sharing information about an online consultation, with your GP/family doctor).
We may also disclose your personal information:
• To comply with any court order, law, legal process or request, including to respond to any government or regulatory request.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Phlo Technologies Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
If personal information is transferred to a recipient outside the UK or the European Economic Area, and the recipient is in a country that is not subject to an "adequacy decision" by the EU Commission or equivalent, that personal information will so far as feasible be protected pursuant to additional safeguards such as officially-approved standard contractual clauses, an appropriate Privacy Shield certification (or similar), or a vendor's Processor Binding Corporate Rules. More details, such as a copy of or link to the relevant safeguards, can be provided upon request, by contacting us at the details provided below. Note that those additional safeguards may not be usable in all circumstances, for example in the case of (i) disclosures to foreign authorities, (ii) where an urgent data transfer is necessary in your or another person's vital interests, or (iii) where you have expressly consented to the data transfers.
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
• Cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent.
• Promotional Offers from Phlo Technologies Ltd. If you do not wish to have your contact information used by Phlo Technologies Ltd to promote its own or our affiliates' products or services, you can opt-out by sending us an email. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to services communications and other communications relating to a product purchase, warranty registration, product service experience or other transactions.
• Clinical information will be stored on HELLO EVE systems. This information will be deleted in accordance with applicable law and the Records Management Code of Practice for Health and Social Care, or equivalent.
• Account information for individuals (including people who have completed the on-line registration process) who have not used our consultation services will be deleted after two years, unless we are required to retain such information for any legal or regulatory reason.
• Account information about individuals (for example, your name, log in details, summary details of services you have used, any complaints you have made about our service) who have accessed our services will be kept until two years after they last accessed the services or communicated with us, whichever is later. Notwithstanding the foregoing, where we process personal information in connection with performing a contract (including our terms of service, or individual transactions) or for a competition, we keep the data for 8 years from your last interaction with us.
• Where we process personal information (including order details) for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests. We also keep a record of that request indefinitely, so that we can continue to respect your request in future.
• Where we process personal information for site security purposes, we retain it for 12 months.
We retain accounting records for the minimum periods or, where applicable, the maximum periods specified by applicable law pertinent to those records.
Depending on applicable law, you may have the right:
• To ask us for a copy of personal information about you;
• To correct or delete that personal information;
• To restrict the processing of that personal information;
• In the case of personal information you provided, or which is used to perform a contract with you, to obtain a "portable" copy of that personal information and to ask us to share that information with another organisation.
In addition, you can object to the processing of your personal information in some circumstances (in particular, where we don’t have to process the information to meet a contractual or other legal requirement, or where we are using the information for direct marketing).
These rights may however be limited, for example if fulfilling your request would reveal personal information about another person, would infringe the rights of another person or legal entity (including our rights), or if you ask us to delete or change data which we are required by law to keep (or have other compelling legitimate interests in keeping). We will inform you of relevant exemptions we need to rely on, when responding.
To exercise any of these rights, or to obtain other information, you may send us an email. Please note, however that in some cases, we might not be able to delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred. In the UK, this is the Information Commissioner (https://ico.org.uk) Relevant data protection authorities in the EU are listed here: https://edpb.europa.eu/about-edpb/board/members_en
In order to purchase products, the provision of billing and delivery information, and often also information about your health or prescription, is mandatory: if it is not provided, then we will not be able to safely complete and fulfil or renew your order or subscription. Similarly, in order to enter competitions, you need to provide basic details about yourself, in case you are selected as a winner. Mandatory fields in forms will be marked as such. Other information is optional, but the quality of the products, services and promotions you receive may be reduced, for instance they may be less relevant to your interests.
HELLO EVE takes the security of information very seriously and has established security standards and procedures to prevent unauthorised access to patient information. We maintain physical, electronic, and procedural safeguards to comply with applicable standards to guard health information, including storing all information you provide to us on secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the HELLO EVE Digital Properties, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of HELLO EVE Digital Properties like message boards. The information you share in public areas may be viewed by any user of HELLO EVE Digital Properties.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to HELLO EVE Digital Properties. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on HELLO EVE Digital Properties.
HELLO EVE shares your personal information with our service providers who process your data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure.
Like any business, we use many other providers to help us operate our business and who process your personal information as part of providing their services to us. A list of these providers is below:
Google Cloud Platform – for data storage and hosting
SignEasy – for electronic signature used in prescriptions
Facebook – for advertising and marketing
Google Analytics– to analyse and develop our web services
Google AdWords – for advertising and marketing
Checkout.com – for payment processing
Royal Mail / DX / DPD - for delivery services
Postmark - For sending e-mails