WWallis Jones Pharmacy

Privacy

Privacy Notice

Last updated: 10 June 2026

Wallis Jones Pharmacy ("we", "us", "the pharmacy") is committed to protecting your privacy and the confidentiality of your health information. This notice explains how we collect, use, store and share your personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the common law duty of confidence owed to all patients.

1. Who we are

Wallis Jones Pharmacy, 6 Manor Road North, Hinchley Wood, Esher KT10 0SH. We are the data controller for the personal information we collect about you. You can contact us on 020 8398 2494 or by email at wjones.chemist@gmail.com.

Data Protection lead: please ask to speak to the Superintendent Pharmacist, or write to the address above marked "Data Protection".

2. What information we collect

  • Identification & contact details — name, date of birth, address, postcode, phone number, email.
  • GP details — the name of your GP practice (where you choose to share this).
  • Health information — symptoms, medical history, current medication, allergies, pregnancy/breastfeeding status, vaccination history and any other clinical information needed to safely provide the service you booked. This is "special category" data under UK GDPR Article 9.
  • Booking details — the service you booked, date and time, and any notes added by the pharmacist after your consultation.
  • Technical data — your IP address (used only to prevent abuse of the booking form; not used to identify you).

3. Why we use your information and our lawful basis

  • To provide pharmacy and healthcare services to you — UK GDPR Article 6(1)(e) (public task) for NHS services, Article 6(1)(b) (contract) for private services. For health data we rely on Article 9(2)(h) (provision of healthcare) and your explicit consent given on the booking form.
  • To meet our legal and regulatory obligations — as a pharmacy regulated by the General Pharmaceutical Council (GPhC) we must keep accurate clinical records (Article 6(1)(c)).
  • To contact you about your appointment — using the contact methods you tick on the form.
  • To protect the security of our services — preventing fraudulent or abusive bookings.

4. Who we share your information with

  • The NHS — where the service is NHS-commissioned, we are required to submit a record of the consultation to the NHS Business Services Authority and, where relevant, to your GP via the NHS Spine.
  • Your GP — only with your consent (or where clinically necessary in your vital interests), and only the relevant clinical summary.
  • Our IT providers — the platforms that host this website and store the booking database act as data processors under written contract and are not permitted to use your data for any other purpose.
  • We will never sell your data, and we will not share it for marketing.

5. How long we keep your information

In line with NHS Records Management Code of Practice we keep pharmacy clinical records for 8 years after the date of the last consultation for adults, and until the patient's 25th birthday for children. After this period, records are automatically and permanently deleted from our database.

6. How we keep your information safe

  • All information is transmitted over encrypted (HTTPS) connections.
  • The booking database is access-controlled — only authorised pharmacy staff with an admin account can view bookings, and every access is logged.
  • Staff are trained in confidentiality and information governance.
  • We apply rate limiting and other technical controls to protect the booking form from abuse.

7. Your rights

Under UK GDPR you have the right to:

  • Ask for a copy of the information we hold about you (Subject Access Request).
  • Ask us to correct information that is inaccurate.
  • Ask us to delete your information (subject to our legal duty to retain clinical records).
  • Withdraw your consent at any time — this will not affect care already provided.
  • Object to or restrict certain types of processing.
  • Complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113 if you are unhappy with how we have handled your data.

To exercise any of these rights, contact us using the details in section 1.

8. Cookies

This website does not set tracking or advertising cookies. We may use minimal technical cookies that are strictly necessary to keep you signed in to admin areas.

9. Changes to this notice

We may update this notice from time to time. The date at the top shows when it was last changed.