John Bannon Pharma Ltd Privacy Statement
Your privacy is very important to us at John Bannon Pharma Limited (JBPL). The General Data Protection Regulations (GDPR) regulates the processing of your personal information. We are committed to ensuring your privacy is protected by complying with our obligations as data controller under the GDPR.
The following privacy statement relates to how we process any personal or non-personal data. Any links to external websites contained on www.johnbannonpharma.ie are clearly identifiable as such. John Bannon Pharma Ltd are not responsible for any content or privacy policies of these external websites.
If you are not completely satisfied with the following Privacy Statement you should not use the website.
Types of information collected
The basis on which we process your personal and other data is based on your consent which you have the right to withdraw at any time
Two types of information are collected:
“Personal Data”
Personal data is the type of information that identifies you or can be used to identify you and includes your name, email address, billing & shipping address, device IP addresses, phone numbers company name, company registration number, job title, registration number, prescription forms and any other information required to process orders. This type of information is only collected from you when you voluntarily submit it to us via the website, email, new customer account forms, or other means. We also offer the facility to make payment using credit card. We do not hold credit card information on file and will request these on an order by order basis.
“Non-Personal Data”
John Bannon Pharma Limited gathers non-personal statistical and analytical data from all visitors to www.johnbannonpharma.ie in order to understand how our customers use the website. This type of non-personal data is comprised of information which is anonymous and could not be used to identify or contact you, such as the length of time you spent on the website and the pages you visited.
Purposes for which we hold your Information
Personal Data
We process Personal Data you voluntarily submit to us for the following purposes:
(a) to contact or respond to any communications you may have sent us
(b) to process any orders or enquiries from you and ensure correct operation of your account
(c) to be utilised in any website activity statistical reporting
(d) to include you in any newsletters or promotional offers that you have opted in to receive from John Bannon Ltd
(e) to collect and record data through a Customer Relationship Management (CRM) system in order to better understand and serve our customers’ needs
(f) to comply with legal and regulatory obligations
Non-Personal Data:
Non-personal data gathered from visitors to www.johnbannonpharma.ie is collected in an anonymous and aggregate form in order to gain a better understanding of how our customers use our website and to assist us in making improvements to our customer experience of the
website.
Disclosure of information to third parties
We may share Personal Data that we receive from account holders including information used to set-up their account with the following third parties:
Our service providers – This includes external third-party service providers, such as accountants, auditors, experts, lawyers, credit reference agencies, and other outside professional advisors; IT systems, support and hosting service providers; card payment tools; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
All our on-line service providers are based in Ireland, based in countries recognised as having adequate level of data protection, or have in place Data Processing Addendums containing Standard Contractual Clauses as set out by the EU.
Government or other public authorities – This includes, but is not limited to, Revenue, law enforcement or other agencies to which we are required to disclose Personal Data by law, or by a warrant or court order.
Professional regulators – This includes the HPRA who ensure we maintain appropriate professional and service standards and that your declarations and ours are accurate for compliance and enforcement purposes.
Our Suppliers – we may share Personal Data limited to your account name, account number and partial account address, and details of your purchases with a restricted list of our suppliers to fulfil our and our suppliers’ legitimate interests. These legitimate interests include ensuring product safety and fulfilling reporting requirements with regards to faulty products and recalls, as well as supplying you with free-of-charge products and technical/marketing assistance. Our suppliers have a legitimate interest in wanting to help build and develop your business
We will always process this information under contract and you may write to us to opt-out.
Security
Any Personal or Non-Personal Data submitted to John Bannon Pharma Limited is held securely on an Irish based server and cloud. Applications are kept securely onsite. Orders sent through our online portal are encrypted on a secure server. We will take all reasonable steps to protect your Personal and Non-Personal Data submitted.
Retaining and deleting personal data
Data such as your name, address, email address, phone number, and transaction history will be retained for as long as your account remains active and open. We are legally obliged to store financial records for 6 years. If you would like us to destroy information we hold about you, please let us know. However, please note that if you use any of our services which require you to provide personal information, deleting our records may mean that you will need to resubmit it to continue using such services. Order and prescription forms will be held as required by regulatory authorities for 5 years.
Your rights
Under data protection law you have a number of rights. These are listed below, for further information on these rights please visit the Irish Data Protection Commissioners website www.dataprotection.ie
- Your rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.