Notice: Staff training 22/11/24 - Closed for the day.
Not just CBD! Our treatments contain THC
Questions? Visit our new patient series
Risk free! See our Money-back eligibility guarantee
Over 40,000 people in the Releaf community!
Are you eligible? Find out in 20 seconds!
Log inAm I eligible?

Privacy Policy

Last updated 26 September 2024

Releaf Dispensary Ltd ("we" or "us") is committed to protecting and respecting your privacy.

This policy (together with our website terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.releaf.co.uk, you are accepting and consenting to the practices which are described in this policy.

For the purpose of the Data Protection Act 2018, the UK General Data Protection Regulation or any other applicable legislation, the data controller is Releaf Dispensary Ltd, a company registered in England and Wales with company number 14097825 and our registered office at 1 King's Avenue, London, N21 3NA.

We are also registered with the ICO: registration no. 00014863793

Please note that links from our website may take you to external websites, which are not covered by this policy. We recommend that you check their privacy policies yourself before submitting any personal information. We will not be responsible for the content, function or information collection policies of these external websites.

Information We Collect From You

Personal information or personal data means any information about an individual from which that person can be identified and is generally referred to throughout this Privacy Policy as “personal data”. It does not include data where the identity has been removed (anonymous data).

We will collect and process the following data about you:

  • Information you give us. This is information about you that you give us by filling in forms on our website, www.releaf.co.uk, ("our site") or by corresponding with us by phone, email or otherwise. It includes information that you provide when you register to use our site, subscribe to our service, search for a product or service, conclude a transaction on our site, participate in discussion boards or other social media functions on our site, or enter a competition, promotion or survey, and when you report a problem with our site. The information you give to us may include your name, postal address, email address and phone number, financial and credit card information, personal description and/or photograph.

  • Special category data you give to us. This is sensitive information that you give to us by filling in forms on our site or by corresponding with us by phone, email, video or otherwise. You will provide us with special category data when concluding a transaction and completing our screening information as part of your consultation. It may include, but is not limited to, information relating to genetics, ethnic origin, health, biometrics, sex life and/or sexual orientation.

  • Information we collect about you. With regard to each of your visits to our site, we will automatically collect the following information:

  • technical information, including the internet protocol (IP) address which is used to connect your computer to the internet, your log-in information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and

  • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.

  • Information we receive from other sources. This is information that we receive about you if you use any of the other websites that we operate or the other services that we provide. In this case, we will have informed you when we collected that data if we intend to share such data internally and combine it with data collected on our site. We will also have told you for what purpose we will share and combine your data. We work closely with selected third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and will notify you when we receive information about you from them and the purposes for which we intend to use that information.

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this policy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

Cookies

Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. By continuing to browse our site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer, provided you accept them. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

  • Strictly necessary cookies: These are required for the operation of our site. They include cookies that enable you to log into secure areas of our site, use the shopping cart, or make use of e-billing services.

  • Analytical/performance cookies: These allow us to track the number of visitors to our site. This helps us to improve the way our site works, for example by ensuring that users are finding what they are looking for easily.

  • Functionality cookies: These are used to recognise you when you return to our site, enabling us to personalise our content for you, greet you by name and remember your preferences.

  • Targeting cookies: These cookies record your visit to our site, the pages you have visited and the links you have followed. We will use this information to make our site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

  • Third party service provider cookies: if you interact with our ‘refer a friend’ programme. You can view the Mention Me cookies here.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our site.

We use information held about you in the following ways:

How we will use your information

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. 

We will only use your personal data when the law allows us to do so.

We have set our lawful basis for processing of personal data, and we will use your personal data in the following circumstances:

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;

  • where you have consented before the processing;

  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

  • where we need to comply with a legal or regulatory obligation; 

  • to provide you with information about other goods and services that we offer that are similar to those that you have already purchased or enquired about;

  • to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (email or SMS) with information about goods and services which are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the order form on which we collect your data;

  • to notify you about changes to our service; and

  • to ensure, using internal data analytics and other related marketing methods, that content from our site is presented in the most effective manner for you and for your computer.

  • Where it is necessary for our legitimate interests to improve our services, we may process feedback provided by you via our feedback forms. This allows us to better understand your needs and tailor our services accordingly. We have assessed that this processing does not override your rights and freedoms as a data subject.

In certain circumstances, we need your personal data to comply with our contractual obligations or to pursue our legitimate interests in a way which might be reasonably expected as part of our running our business. For example, in order to provide the services to you, we need to use the information you provide us to enable us to provide those services and/or products ordered,

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Special Category Data

We rely upon your explicit consent to allow us to process your special category data, which is necessary for the purpose of preventative or occupational medicine, medical diagnosis and provision of health treatment, which is carried out in accordance with regulatory guidelines.

We will use this information to carry out our obligations arising from any contracts which are entered into between you and us and to provide you with the information, products and services that you request from us.

Information we collect about you

We will use this information:

  • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;

  • to allow you to participate in interactive features of our service, when you choose to do so;

  • as part of our efforts to keep our site safe and secure;

  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and

  • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

Automated decisions and profiling

We may use automated decision-making and profiling to provide some services and to tailor the information we provide to you to your specific circumstances. If we process your personal data via automated means, it is only done so using appropriate mathematical and statistical procedures and with the intervention and oversight of a human being who is able to interpret any results provided. 

Who do we share your information with?

We will only ever share your personal information with trusted third parties. We may share your information with selected third parties including: (i) within our company and partners, including business partners, distributors, suppliers and sub-contractors for the performance of any contract we enter into with them or you; (ii) advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; and (iii) analytics and search engine providers that assist us in the improvement and optimisation of our website.

We only provide third parties with the information they need to know to perform their specific services. Where personal data is shared with a managed service provider or other third-party supplier, we work closely with them to ensure that your personal data is secure and protected at all times. 

Our contracts with third parties make it clear that they must hold personal data securely, abide by the principles and provisions of data protection rules, and only use information as we instruct them to. In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected. If we stop using their services, any of your personal data held by them will either be deleted or rendered anonymous.

Sharing your information within our company and partners

We share the information that you provide to us with our staff so that we can facilitate your access to certain products and services which are made available via our site.

We may share the information that you provide to us with other partner companies and other websites that we operate. For example, if you conclude a transaction online, we may share information with the prescribing doctor to enable you to receive the prescription and also the pharmacy to arrange dispatch to you via post.

Sharing Your Information with Delivery Services

In order to deliver products (such as prescriptions) to you, we may share your personal data (such as name, postal address, and contact details) with trusted delivery services, including Royal Mail and other delivery providers. This sharing of data is necessary to fulfil the contract between you and Releaf and ensure timely delivery of your products.

Sharing your information with third parties

We may share your information with selected third parties including:

  • advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but have the right to provide them with aggregate information about our users. We may make use of the personal data that we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;

  • analytics and search engine providers that assist us in the improvement and optimisation of our site. Google uses the information we share to measure the effectiveness of advertising, personalised ads, and more when consent is given. For more information, please see Google’s Privacy & Terms site

  • credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you;

  • a medical evidence gathering agency, Medidata Exchange Limited t/a Medi2Data, a company registered in England and Wales with company number 09481183 and its registered office at Ty Derw, Lime Tree Court, Mulberry Drive, Cardiff Gate Business Park, Pontprennau, Cardiff, Wales, CF23 8AB, further to your submission of a consent to request a copy of your summary care records from your GP. For information on how Medi2data processes your personal information, see Medi2data’s privacy policy - https://www.medi2data.com/wp-content/uploads/2022/03/DataPolicy.pdf;

  • data sharing with:

  • Xeal Pharma Limited (company number 10124700) with its registered office at Unit 13 Vauxhall Trading Estate, Dollman Street, Nechells, Birmingham, England, B7 4RA), a GPhC regulated entity that operates a registered pharmacy that dispenses prescriptions;

where there is a shared legitimate interest and the sharing of data will allow those parties to provide more relevant experiences for the customer. This data may also include personal data and special category data; and

  • in order to offer you certain payment methods (e.g. Klarna), we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.

There are certain exceptional circumstances in which we may disclose your information to other third parties. This would be where we believe that the disclosure is:

  • required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings;

  • necessary to protect the safety of our employees, our property or the public;

  • necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction; and/or

  • proportionate as part of a merger, business or asset sale, in the event that this happens we will share your information with the prospective seller or buyer involved.

How long do we keep your personal information?

We will only store your personal information for as long as we need it for the purposes for which it was collected. Where we provide you with any service (e.g. subscription service), we will retain any information that you provide to us at least for as long as we continue to provide that service to you.

In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Data storage and how we protect your personal data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

We work hard to keep your information and personal data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your personal information and protect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.  

The data that we collect from you will be transferred to, and stored at, a destination within the UK. It will also be processed by staff operating within the UK who work for us or for one of our suppliers. This includes staff who are engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. All of our employees understand the content of this Privacy Policy and are appropriately trained in data protection legal requirements.

All information that you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your rights

You have the right to be informed

We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it. We have written this policy to do just that, but if you have any questions or require more specific information, please get in touch with us. 

You have the right to access your personal data

You have the right to ask us to confirm whether or not we hold any of your personal information. If we do, you have the right to have a copy of your information and to be informed of the following:

  • Why we have been using your information

  • What categories of information we were using

  • Who we have shared the information with

  • How long we envisage holding your information

In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold. The first copy of your information that you request from us will be provided free of charge. If you require further copies, we may charge an administrative fee to cover our costs.

You have the right to correct any inaccurate or incomplete personal data

Where you have requested a copy of the information we hold about you, you may notice that there are inaccuracies in the records, or that certain parts are incomplete. If this is the case, you can contact us so that we can correct our records.

You have the right to be forgotten

There may be times where it is no longer necessary for us to hold personal information about you. This could be if:

  • the information is no longer needed for the original purpose that we collected it for;

  • you withdraw your consent for us to use the information (and we have no other legal reason to keep using it);

  • you object to us using your information and we have no overriding reason to keep using it;

  • we have used your information unlawfully; and/or

  • we are subject to a legal requirement to delete your information.

In those situations, you have the right to have your personal data deleted. If you believe one of these situations applies to you, please contact us.

You have the right to have a copy of your data transferred to you or a third party in a compatible format

Also known as data portability, you have the right to obtain a copy of your personal data for your own purposes. This right allows you to move, copy or transfer your personal data more easily from one IT system to another, in a safe and secure way. If you would like us to transfer a copy of your data to you or another organisation in a structured, commonly use and machine-readable format, please contact us. There is no charge for you exercising this right.

You have the right to object to direct marketing

You can tell us at any time that you would prefer that we do not use your information for direct marketing purposes. If you would not like to receive any direct marketing from us, please contact us or use the stop links provided in any of our marketing communications, and we will stop sending direct marketing immediately.

You have the right to object to us using your information for our own legitimate interests

Sometimes, we use your personal information to achieve goals that will help us as well as you. This includes:

  • when we tell you about products or services that are similar to ones that you have already bought;

  • when we use your information to help us make our business better; or

  • when we contact you to interact, communicate or let you know about changes we are making

We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object. Unless we have a compelling reason to continue, we must stop using your personal data for these purposes. In order to exercise your right to object to our use of your data for the purposes above, please contact us.

You have the right to restrict how we use your personal data

You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:

  • you have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify this;

  • you have objected to us using your information for our own legitimate interests and we are in the process of considering your objection;

  • we have used your information in an unlawful way, but you do not want us to delete your data; or

  • we no longer need to use the information, but you need it for a legal claim.

If you believe any of these situations apply, please contact us.

You have rights related to automated-decision making and profiling

We will advise you and seek to obtain your consent if we use solely automated decision-making or profiling to make a decision which will have a legal effect upon you or otherwise significantly affect you. In instances where we do make decisions wholly by automated means, you have the right to ask that a human reviews any decision made. If you have any concerns or questions about this right, please contact us.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. 

Other

All pharmaceutical service Providers will use a patient medical record system which is owned by Releaf Dispensary Ltd and licensed to them, and which conforms with ISO27001 & ISO9001 and has Cyber Essentials Plus certification.

Our systems are certified as being subjected to the regular performance of penetration tests.

Changes to our privacy policy

Any changes that we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check frequently to see any updates or changes to our privacy policy.

How can we help more. 

If you have any questions that haven’t been covered within this Privacy Policy, or would like us to address any complaints, questions, comments or requests regarding this Privacy Policy, please contact us in the first instance using: 

FAO Data Protection Officer

Releaf Dispensary Limited
Unit 3 Castlebridge Office Village

Castle Marina Road

Nottingham NG7 1TN

OR

support@releaf.co.uk 

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO.