Webmed - Confidential, discreet, professional
Webmed Pharmacy aim to offer a professional, easy to navigate, very quick service, supplying only UK sourced genuine medicines through our General Pharmaceutical Council (GPhC) regulated pharmacy.
Confidential, discreet next working day delivery of medicines for sensitive or intimate conditions; within a 1 hour time slot to most postcodes in the UK.
You will not be asked for your name, address or contact details until you have successfully completed the medical questionnaire. At which stage you will create your own username and password for your personal login, giving you access to our secure site.
Personal and medical information is completely confidential and securely stored as required by the new General Data Protection Regulation (GDPR)which became effective from 25th May 2018 and supersedes the U.K. Data Protection Act 1998.
Webmed Pharmacy Ltd has implemented appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject. For more details on GDPR see the section below.
We are registered with the Information Commissioners Office (ICO), Registration no. ZA108924. The ICO is the U.K.’s independent body set up to uphold and protect your information rights. Only our doctors and authorised pharmacy staff have access to your information. We do not send any confidential information by email and any personal communication is made in the secure “My account” section of the website.
We do not share any information with third parties for marketing purposes.
We never store your debit or credit card information.
You will be given an option for your preferred method of communication via email or SMS. Order confirmation emails will be from: firstname.lastname@example.org, which will only give your order number. For full details of your order you can login to your account using your secure password.
All our Doctor’s, are U.K. registered and regulated by the General Medical Council (GMC). If they decide you are suitable for the treatment, based on the information supplied on the medical questionnaire, they will issue you with a prescription. We will then dispense your treatment and deliver it the next working day.
You can select your payment preference as we accept all major credit and debit cards. On your statement the charge will appear as “WEBMED” with no reference to medication or pharmacy.
All treatments will be delivered in plain unmarked packaging inserted inside the DPD or Royal Mail Special Delivery bag and will need to be signed for upon receipt.
The price you see is ALL you pay, with no annoying extra charges at checkout. This includes the cost of the prescription, medication and delivery. We include DPD next working day delivery or Royal Mail Special Delivery as standard. This makes our service to you “unique”.
Repeat Orders – made simple with just a few clicks.
After entering our website, through your secure login password, you select your treatment, dosage and quantity.
A pop up box will then ask if you have had any changes to your medication or condition since completing your questionnaire within the last year. If you answer “No”, then you proceed straight to checkout.
In short - WebMed Pharmacy offer a secure, discreet and confidential service.
General Data Protection Regulation (GDPR) - more information.
The General Data Protection
Regulation (GDPR) comes into effect in the UK from 25 May 2018. If an
organisation needs to be compliant with the current Data Protection Act 1998,
it also needs to be compliant with the GDPR. The GDPR applies to all EU member
states and will occur regardless of Brexit negotiations; it is designed to
harmonise data privacy laws across Europe.
In the UK, the Data Protection
Act 2018 will be introduced following finalisation of the Data Protection Bill
2016 which is currently passing through Parliament. The DPA 2018 will accompany
the GDPR and establish rules for processing data which is outside of GDPR, for
example, law enforcement.
The Information Commissioner’s Office (ICO) is the regulator
for data protection law in the UK and referred to as the ‘supervisory
authority’ within the GDPR.
Information covered by the GDPR
The GDPR applies to ‘personal
data’ – the GDPR defines it in a more detailed manner than the DPA to clarify
that even information such as an IP address can be ‘personal data’. The expanded
definition reflects changes in technology and the way information about people
is collected by organisations, incorporating a wide range of personal
identifiers to be included within the GDPR definition of ‘personal data’.
The GDPR applies to manually
held personal data in filing systems, as well as automated personal data.
to the GDPR, ‘sensitive personal data’ is referred to as ‘special categories of
personal data’ and includes, for example, genetic data and biometric data where
it is processed to identify an individual.
Application of GDPR
The GDPR applies to all data
controllers and data processors.
A data controller determines
how and why personal data is processed
data processor carries out the processing on behalf of the data controller
The GDPR does not apply to
certain activities, including processing that is:
Covered by the Law
For national security
out by individuals purely for personal/household activities
There are a few key areas to
consider regarding preparation for and compliance with the GDPR as described
Organisations need to identify and document their lawful
basis for processing personal data and sensitive personal data, as well as the
necessity for the processing. There are six lawful basis for processing data.
(a) the data subject has given consent to the
processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance
of a contract to which the data subject is party or in order to take steps
at the request of the data subject prior to entering into a contract;
(c) processing is
necessary for compliance with a legal obligation to which the controller
(d) processing is
necessary in order to protect the vital interests of the data subject or
of another natural person;
(e) processing is
necessary for the performance of a task carried out in the public interest or
in the exercise of official authority vested in the controller;
(f) processing is
necessary for the purposes of the legitimate interests pursued by the
controller or by a third party, except where such interests are
overridden by the interests or fundamental rights and freedoms of the data
subject which require protection of personal data, in particular where the data
subject is a child.
Point (f)... shall
not apply to processing carried out by public authorities in the performance of
This is one of the
six lawful bases for processing data. Consent must be given freely, be
specific, informed and unambiguous regarding the individual’s wishes, thus
offering individuals genuine control and choice over their data. It must also
be verifiable and positively opted-in. Organisations must provide a simple and
straightforward way for individuals to withdraw consent. If it is too difficult
to obtain consent, there may be other lawful basis more appropriate under which
to process data.
Consent cannot be
inferred from, for example, the individual’s failure to respond, or through
pre-ticked consent boxes or lack of action on the individual’s part, or through
any other means of consent by default. Consent cannot be part of any terms and
conditions of a service; it must be given separately.
Consent is not
always required, and there are five other lawful basis for processing data.
However, consent must be obtained where no other lawful basis for data
processing is applicable.
Commissioner’s Office (ICO) has published draft guidance on consent under the
GDPR. The final guidelines will only be published by the ICO after the Article
29 Working Party of European Data Protection Authorities (WP29) has agreed it
Europe-side consent guidelines; this is expected to be December 2017.
Under the GDPR, the following rights are applicable to
1. The right to be informed
This is regarding the need for transparency over how
organisations use personal data. It obliges organisations to provide ‘fair
processing information’. This is usually through a privacy notice. The
information must be:
- concise, transparent, intelligible and easily accessible
- written in clear and plain language, particularly if addressed to a child; and
- free of charge
2. The right of access
This gives individuals the right to obtain
confirmation from organisations of processing of their personal data, access to
their personal data and other supplementary information. The information must
be supplied latest within a month of request.
3. The right to rectification
Individuals can have inaccurate or incomplete personal
data rectified. Any data supplied to third parties by your organisation must
also be rectified and the individual informed about the third parties to whom
your organisation has supplied data to. This must be done within one month.
4. The right to erasure
Also known as the ‘right to be forgotten’, individuals
can request your organisation to delete or remove all personal data where there
is no convincing reason to continue processing it. There are exceptions to
this. These exceptions include medical records in accordance with the National
Pharmaceutical Association (NPA). A copy of prescriptions need to be kept for
two years following delivery. Personal medical records need to be kept for ten
years following the subjects death. However, the account can be de-activated to
be maintained confidentially and securely.
5. The right to restrict processing
This permits organisations to store personal data, but
not to further process it, for example, where the individual questions the
accuracy of the data, processing should be restricted until its accuracy can be
6. The right to data portability
This allows individual to obtain their personal data
from organisations and reuse it (move, copy or transfer) easily for their own
purposes across different IT systems in a safe and secure manner. In most
cases, this information will need to be provided free of charge.
7. The right to object
Individuals can object to having their personal data
processed for direct marketing and some other types of processing.
8. Rights in relation to automated decision making and
this right to not be subject to decision making based on automated processing
to safeguard against the risk of a potentially damaging decision could be made
without human intervention.
The Data Protection Officer (DPO) is Superintendent Pharmacist Margaret Hudson and the Data Controller (DC) is Peter Hudson. Both can be contacted by email at: email@example.com or telephone 0161 491 1899.