In this Notice, “we”, “us” and “our” refers to Rokshaw Limited trading as Curaleaf Pharmacy. Our registered office is at Unit 5a, East Way, Rivergreen Industrial Estate, Sunderland SR4 6AD.
We are committed to safeguarding your privacy; this policy sets out how we will treat your personal information.
We are registered with the Information Commissioner’s Office as a Data Controller. Our registration number is: ZA638358
(1) What information do we collect?
We may collect, store and use the following kinds of personal data:
(a) information we obtain from you directly; this may include your name, postal and billing address, email address, telephone number and any other personal information you voluntarily provide us with directly;
(b) information about your visits to and use of this website;
(c) information about any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services;
(d) information that you provide to us for the purpose of registering with us and/or subscribing to our website services and/or email notifications; and
(e) information to fulfil our legal and contractual obligations in respect of the goods and services we offer.
(2) Information about website visits
We may collect information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and number of page views. We may use this information in the administration of this website, to improve the website’s usability, and for marketing purposes.
We may send a cookie which may be stored by your browser on your computer’s hard drive. We may use the information we obtain from the cookie in the administration of this website, to improve the website’s usability and for marketing purposes. We may also use that information to recognise your computer when you visit our website, and to personalise our website for you.
Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookie by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.) This will, however, have a negative impact upon the usability of many websites , including this one.
(3) Using your personal data
(a) fulfil our obligations with regards to your contract with us, (for example as a result of you making a purchase) which may include communicating with you with respect to your purchase, processing payments, delivering orders and to provide customer service.
(c) tell you about products and services and send you promotional materials, subject to your consent to such marketing as required by applicable law;
(d) provide other companies with statistical information about our users – but this information will not be used to identify any individual user; and
(e) improve your browsing experience by personalising the website.
We may share your personal information with our chosen email provider, Mailchimp. Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a US company that stores personal information in the US. Information is shared with Mailchimp on the basis of approved standard contractual clauses for data transfers – see Section 5 below.
The Mailchimp services enable us to, among other things, send and manage email campaigns, serve advertisements and view real-time data analytics. You can find out more about how Mailchimp collects and stores your information at https://mailchimp.com/legal/privacy/.
We will not without your express consent provide your personal information to any third parties for the purpose of their direct marketing.
(4) Other disclosures
(a) to the extent that we are required to do so by law;
(b) in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
(d) with other trusted third party service providers and suppliers who work on our behalf, such as delivery services, software, data hosting and other IT service providers and payment processors. These third party service providers are required to use your personal information only to provide the services requested by or otherwise in accordance with our instructions and in accordance with contracts which include provisions to protect your personal information and limit its use.
(5) International data transfers
Your personal information may be transferred to and processed in other countries where laws governing the processing of personal information may be less stringent that the laws in this country. In such cases, we will ensure that there are adequate safeguards in place to protect your personal information, such as a data transfer agreement with the recipient based on standard contractual clauses approved for use by the data protection authority in the UK – the Information Commissioner’s Office.
(6) Security of your personal data
We will take appropriate technical and organisational measures to protect your personal information from loss, misuse, accidental or unlawful destruction, unauthorised disclosure or access, alteration and against all other unlawful forms of processing.
We will only retain your personal information as long as is reasonably required to comply with legal or regulatory requirements applicable to us.
(7) Policy amendments
(8) Your rights
You may instruct us to provide you with any personal information we hold about you.
You may instruct us not to process your personal data for marketing purposes or to restrict the way in which we use your personal information. In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, and in any case you will always be provided with an opportunity to opt-out of the use of your personal data for marketing purposes where we send you such information by email.
You may instruct that we update the personal information we hold about you, or correct any personal information that you think is incorrect or incomplete.
You may request that we delete personal information that we hold about or withdraw consent at any time to our processing of your personal information (to the extent such processing is based on consent).
Data subjects have the right to request access to their personal data processed by us. These requests are called Subject Access Requests (SARs). When a data subject makes a SAR, we shall take the following steps:
(a) log the date on which the request was received (to ensure that the relevant timeframe of one month for responding to the request is met);
(b) confirm the identity of the data subject who is the subject of the personal data. For example, we may request additional information from the data subject to confirm their identity;
(c) search databases, systems, applications and other places where the personal data which is the subject of the request may be held; and
(d) confirm to the data subject whether or not personal data of the data subject making the SAR is being processed.
In order to exercise any of your rights or to request a Subject Access Request, please contact Customer Services at 0800 141 2055 or at firstname.lastname@example.org. Alternatively, if preferred, you may request this online using this form.
To request a Subject Access Request on behalf of someone else with whom you have legal authority to act, please complete this form.
For further information please contact Customer Services at 0800 141 2055 or email@example.com
In order to enact any of your rights, please contact us at firstname.lastname@example.org. Please note, if you request that we change or delete your personal information, we may still need to retain certain information as required by applicable law.
If you are unhappy with the way we have treated your personal information or have any privacy query, you can contact us in accordance with Section 10 below (Contact). Additionally, you have the right to complain to the independent regulator in charge of upholding information rights in the interest of the public – the Information Commissioner’s Office (ico.org.uk). We would however, appreciate the chance to deal with your concerns before you approach the regulator, so please contact us in the first instance.
(9) Third party websites
The website contains links to other websites. We are not responsible for the privacy policies of third party websites.
If you have any questions about this privacy notice or our treatment of your personal data, please write to us by email to email@example.com.