Privacy notice
How we handle your personal and clinical information under the GDPR and the Data Protection Act 2018.
Data controller
BlackrockMeds Pharmacy Ltd. is the Data Controller for all personal and clinical data collected through this site and during the provision of our pharmacy services. We are committed to protecting your privacy and ensuring your health information is handled securely in compliance with Irish and EU data protection laws.
What we collect
To provide safe and effective healthcare services, we collect:
- Personal details: Name, contact information, and account credentials.
- Clinical information: Medical history, clinical questionnaire responses, prescription details, and dispense records.
- Transactional data: Payment and delivery details necessary to fulfil your orders.
Lawful basis for processing
We process your personal data primarily for the provision of healthcare services (Article 9(2)(h) GDPR) and to fulfil our contractual obligations to you. We also process data to meet our legal obligations under pharmacy and medicines legislation. Where we use your data for marketing purposes (e.g. refill reminders or promotions), we will only do so with your explicit consent, which you can withdraw at any time.
Data sharing
Your health data is strictly confidential. We only share it when necessary for your care or when legally required. This may include sharing information with your GP via secure Healthmail, or with regulatory bodies such as the Pharmaceutical Society of Ireland (PSI) or the HSE, as mandated by law.
Retention periods
We retain your information only for as long as necessary:
- Clinical and prescription records: Generally retained for a minimum of two years, in accordance with pharmacy regulatory guidance.
- Financial records: Retained for six years to comply with Revenue requirements.
- General pharmacy records: May be retained for up to seven years in line with best practice guidelines.
Your rights
Under the GDPR, you have the right to:
- Access a copy of your personal data.
- Request rectification of inaccurate information.
- Request the erasure of your data (subject to legal retention requirements).
- Restrict or object to certain processing activities.
- Request data portability (e.g. transferring your Patient Medication Record to another pharmacy).
If you have concerns about how we handle your data, you have the right to lodge a complaint with the Data Protection Commission (dataprotection.ie).
Cookies and tracking
We use cookies and similar technologies to operate the site, improve your experience, and analyse how our services are used. For full details on the types of cookies we use and how to manage your preferences, please see our Cookie notice.