More from Curaleaf
Thinking of transferring from your current Pharmacy to Curaleaf Pharmacy? Call us on 0800 141 2055 or click here to send us a message and find out more.

Privacy Policy

In this Notice, “we”, “us” and “our” refers to Rokshaw Limited trading as Curaleaf Pharmacy. Rokshaw Limited is the controller of your personal data. Our registered office is at Unit 5a East Way, Rivergreen Industrial Estate, Sunderland SR4 6AD. You can contact us at [email protected].

We are committed to safeguarding your privacy; this policy sets out how we will treat your personal information.

We are registered with the Information Commissioner’s Office as a Data Controller. Our registration number is: ZA638358

(1) What information do we collect?

We may collect, store and use only the personal data that is necessary, relevant and adequate for the purposes set out in this privacy policy, including the following kinds of personal data:

(a) information we obtain from you directly; this may include your name, postal and billing address, email address, telephone number and any other personal information you voluntarily provide us with directly;

(b) information about your visits to and use of this website;

(c) information about any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services;

(d) information that you provide to us for the purpose of registering with us and/or subscribing to our website services and/or email notifications; and

(e) information to fulfil our legal and contractual obligations in respect of the goods and services we offer.

(2) Information about website visits

We may collect information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and number of page views. We may use this information in the administration of this website, to improve the website’s usability, and, where required, for analytics or marketing purposes only with your consent.

We use cookies on this website. A cookie is a text file sent by a web server to a web browser, and stored by the browser. The text file is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may send cookies which may be stored by your browser on your computer’s hard drive. We use strictly necessary cookies for the administration of this website and to improve the website’s usability. We also use analytics, functionality and marketing cookies to recognise your computer when you visit our website, to personalise our website for you, and for analytics or marketing purposes, and these non-essential cookies are used only with your consent.

Most browsers allow you to refuse to accept cookies. You can also manage your preferences for non-essential cookies through our cookie consent mechanism. This will, however, have a negative impact upon the usability of many websites, including this one.

We use different categories of cookies on this website, including strictly necessary cookies, analytics cookies, functionality cookies and marketing cookies. Strictly necessary cookies are used to enable core website functions and are not set on the basis of consent, while analytics, functionality and marketing cookies are used only with your consent and for the specific purposes described in our cookie consent mechanism.

Information about the duration of cookies, the third parties that may set or access them, and the options available to accept or reject non-essential cookies is provided through our cookie consent mechanism.

(3) Using your personal data

Personal data submitted to us will be used for the purposes specified in this privacy policy or in relevant parts of the website.

In addition to the uses identified elsewhere in this privacy policy, we may use your personal information on the following lawful bases to:

(a) fulfil our obligations with regards to your contract with us, (for example as a result of you making a purchase) which may include communicating with you with respect to your purchase, processing payments, delivering orders and to provide customer service; the lawful basis for this processing is performance of a contract and, where applicable, compliance with legal obligations.

(b) personalise your visits to our website, improve your browsing experience, analyse website use, and generate statistical information; the lawful basis for this processing is our legitimate interests in operating, improving and securing our website and services, and consent where required by applicable law, including for certain cookies and similar technologies.

(c) tell you about products and services and send you promotional materials, subject to your consent to such marketing as required by applicable law; the lawful basis for this processing is consent where required by applicable law and, where permitted, our legitimate interests in promoting our business.

(d) comply with applicable legal and regulatory requirements, including retaining records and responding to lawful requests from authorities; the lawful basis for this processing is compliance with legal obligations and, where applicable, our legitimate interests in establishing, exercising or defending legal claims.

(e) provide other companies with statistical information about our users – but this information will not be used to identify any individual user; and

(f) improve your browsing experience by personalising the website.

We may share your personal information with our chosen email provider, Mailchimp. Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a US company that stores personal information in the US. Information is shared with Mailchimp on the basis of approved standard contractual clauses for data transfers – see Section 5 below.

The Mailchimp services enable us to, among other things, send and manage email campaigns, serve advertisements and view real-time data analytics. You can find out more about how Mailchimp collects and stores your information at https://mailchimp.com/legal/privacy/.

We will not without your express consent provide your personal information to any third parties for the purpose of their direct marketing.

(4) Other disclosures

In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we may disclose information about you:

(a) to the extent that we are required to do so by law;

(b) in connection with any legal proceedings or prospective legal proceedings;

(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and

(d) with other trusted third party service providers and suppliers who work on our behalf, such as delivery services, software, data hosting, AI chatbot providers and other IT service providers and payment processors. These third party service providers are required to use your personal information only to provide the services requested by or otherwise in accordance with our instructions and in accordance with contracts which include provisions to protect your personal information and limit its use.

Except as provided in this privacy policy, we will not provide your information to third parties.

(5) International data transfers

Your personal information may be transferred to and processed in other countries, including the United States, where laws governing the processing of personal information may be less stringent than the laws in this country. In such cases, we will ensure that there are adequate safeguards in place to protect your personal information, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism approved for use in the UK, as applicable to the recipient and destination country. You may contact us using the details below if you would like further information about the countries to which your personal information is transferred and the safeguards used for those transfers.

(6) Security of your personal data

We will take appropriate technical and organisational measures to protect your personal information from loss, misuse, accidental or unlawful destruction, unauthorised disclosure or access, alteration and against all other unlawful forms of processing. In the event of a personal data breach, we will notify you and any applicable regulators in accordance with our legal obligations.

We will store all the personal information you provide on our secure servers. All electronic transactions you make to or receive from us will be encrypted, and access will be limited only to those individuals who have a need to know in order to carry out their tasks and any services requested by you. Zendesk is used for our email communication, the Zendesk privacy policy can be found here

We will only retain your personal information for as long as necessary for the relevant purpose, including: customer account data for the life of the account and up to 6 years thereafter; transaction records for up to 6 years; marketing data until you withdraw consent or unsubscribe and up to 2 years thereafter to maintain suppression records; enquiry data for up to 2 years from our last interaction; and suppression records for as long as necessary to ensure your marketing preferences are respected.

(7) Policy amendments

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

We may also notify you of changes to our privacy policy by email.

(8) Your rights

You have the right to request access to the personal information we hold about you, and to request information about how we process it.

You may object to our processing of your personal data, including for direct marketing purposes, and you may request that we restrict the way in which we use your personal information. In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, and in any case you will always be provided with an opportunity to opt-out of the use of your personal data for marketing purposes where we send you such information by email.

You may instruct that we update the personal information we hold about you, or correct any personal information that you think is incorrect or incomplete.

You may request that we rectify inaccurate personal information that we hold about you, erase personal information that we hold about you, receive the personal information that you have provided to us in a structured, commonly used and machine-readable format, transmit that data to another controller where technically feasible, or withdraw consent at any time to our processing of your personal information (to the extent such processing is based on consent).

You also have the right to request restriction of processing in certain circumstances. Data subjects have the right to request access to their personal data processed by us. These requests are called Subject Access Requests (SARs). When a data subject makes a SAR, we shall take the following steps:

(a) log the date on which the request was received (to ensure that the relevant timeframe of one month for responding to the request is met);

(b) confirm the identity of the data subject who is the subject of the personal data. For example, we may request additional information from the data subject to confirm their identity;

(c) search databases, systems, applications and other places where the personal data which is the subject of the request may be held; and

(d) confirm to the data subject whether or not personal data of the data subject making the SAR is being processed.

In order to exercise any of your rights or to request a Subject Access Request, please contact Customer Services at 0800 141 2055 or at [email protected]. Alternatively, if preferred, you may request this online using this form.

To request a Subject Access Request on behalf of someone else with whom you have legal authority to act, please complete this form.

For further information please contact Customer Services at 0800 141 2055 or [email protected]

In order to enact any of your rights, please contact us at [email protected]. Please note, if you request that we change or delete your personal information, we may still need to retain certain information as required by applicable law.

If you are unhappy with the way we have treated your personal information or have any privacy query, you can contact us in accordance with Section 10 below (Contact). You also have the right to complain to the independent regulator in charge of upholding information rights in the interest of the public – the Information Commissioner’s Office (ico.org.uk). We would however, appreciate the chance to deal with your concerns before you approach the regulator, so please contact us in the first instance.

(9) Third party websites

The website contains links to other websites. We are not responsible for the privacy policies of third party websites.

(10) Contact

If you have any questions about this privacy notice or our treatment of your personal data, please contact our data protection officer at [email protected]

< Back to Home