Our Privacy Policy

Keeping your personal details personal

Webmed - Confidential, discreet, professional

Webmed Pharmacy aim to offer a professional, easy to navigate, very quick service, supplying only UK sourced genuine medicines through our General Pharmaceutical Council (GPhC) regulated pharmacy.

Confidential, discreet next working day delivery of medicines for sensitive or intimate conditions; within a 1 hour time slot to most postcodes in the UK.

You will not be asked for your name, address or contact details until you have successfully completed the medical questionnaire. At which stage you will create your own username and password for your personal login, giving you access to our secure site.

Personal and medical information is completely confidential and securely stored as required by the new General Data Protection Regulation (GDPR)which became effective from 25th May 2018 and supersedes the U.K. Data Protection Act 1998.

Webmed Pharmacy Ltd has implemented appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject.  For more details on GDPR see the section below. 

We are registered with the Information Commissioners Office (ICO), Registration no. ZA108924. The ICO is the U.K.’s independent body set up to uphold and protect your information rights. Only our doctors and authorised pharmacy staff have access to your information. We do not send any confidential information by email and any personal communication is made in the secure “My account” section of the website.

We do not share any information with third parties for marketing purposes.

We never store your debit or credit card information.

We use cookies on our website to help us recognise your preferences and to improve the quality of our service to you.

You will be given an option for your preferred method of communication via email or SMS. Order confirmation emails will be from:, which will only give your order number. For full details of your order you can login to your account using your secure password.

All our Doctor’s, are U.K. registered and regulated by the General Medical Council (GMC). If they decide you are suitable for the treatment, based on the information supplied on the medical questionnaire, they will issue you with a prescription. We will then dispense your treatment and deliver it the next working day.

You can select your payment preference as we accept all major credit and debit cards. On your statement the charge will appear as “WEBMED” with no reference to medication or pharmacy.

All treatments will be delivered in plain unmarked packaging inserted inside the DPD or Royal Mail Special Delivery bag and will need to be signed for upon receipt.

The price you see is ALL you pay, with no annoying extra charges at checkout. This includes the cost of the prescription, medication and delivery. We include DPD next working day delivery or Royal Mail Special Delivery as standard. This makes our service to you “unique”.

Repeat Orders – made simple with just a few clicks. After entering our website, through your secure login password, you select your treatment, dosage and quantity. A pop up box will then ask if you have had any changes to your medication or condition since completing your questionnaire within the last year.  If you answer “No”, then you proceed straight to checkout.

In short - WebMed Pharmacy offer a secure, discreet and confidential service.

General Data Protection Regulation (GDPR) - more information.

The General Data Protection Regulation (GDPR) comes into effect in the UK from 25 May 2018. If an organisation needs to be compliant with the current Data Protection Act 1998, it also needs to be compliant with the GDPR. The GDPR applies to all EU member states and will occur regardless of Brexit negotiations; it is designed to harmonise data privacy laws across Europe.

In the UK, the Data Protection Act 2018 will be introduced following finalisation of the Data Protection Bill 2016 which is currently passing through Parliament. The DPA 2018 will accompany the GDPR and establish rules for processing data which is outside of GDPR, for example, law enforcement.

The Information Commissioner’s Office (ICO) is the regulator for data protection law in the UK and referred to as the ‘supervisory authority’ within the GDPR.

Information covered by the GDPR

The GDPR applies to ‘personal data’ – the GDPR defines it in a more detailed manner than the DPA to clarify that even information such as an IP address can be ‘personal data’. The expanded definition reflects changes in technology and the way information about people is collected by organisations, incorporating a wide range of personal identifiers to be included within the GDPR definition of ‘personal data’.

The GDPR applies to manually held personal data in filing systems, as well as automated personal data.

According to the GDPR, ‘sensitive personal data’ is referred to as ‘special categories of personal data’ and includes, for example, genetic data and biometric data where it is processed to identify an individual.

Application of GDPR

The GDPR applies to all data controllers and data processors.

A data controller determines how and why personal data is processed

A data processor carries out the processing on behalf of the data controller


The GDPR does not apply to certain activities, including processing that is:

Covered by the Law Enforcement Directive

For national security purposes

Carried out by individuals purely for personal/household activities

Key considerations

There are a few key areas to consider regarding preparation for and compliance with the GDPR as described briefly below.

Lawful processing

Organisations need to identify and document their lawful basis for processing personal data and sensitive personal data, as well as the necessity for the processing. There are six lawful basis for processing data. These are:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary in order to protect the vital interests of the data subject or of another      natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Point (f)... shall not apply to processing carried out by public authorities in the performance of their tasks.


This is one of the six lawful bases for processing data. Consent must be given freely, be specific, informed and unambiguous regarding the individual’s wishes, thus offering individuals genuine control and choice over their data. It must also be verifiable and positively opted-in. Organisations must provide a simple and straightforward way for individuals to withdraw consent. If it is too difficult to obtain consent, there may be other lawful basis more appropriate under which to process data.

Consent cannot be inferred from, for example, the individual’s failure to respond, or through pre-ticked consent boxes or lack of action on the individual’s part, or through any other means of consent by default. Consent cannot be part of any terms and conditions of a service; it must be given separately.

Consent is not always required, and there are five other lawful basis for processing data. However, consent must be obtained where no other lawful basis for data processing is applicable.

The Information Commissioner’s Office (ICO) has published draft guidance on consent under the GDPR. The final guidelines will only be published by the ICO after the Article 29 Working Party of European Data Protection Authorities (WP29) has agreed it Europe-side consent guidelines; this is expected to be December 2017.

Individual’s rights

Under the GDPR, the following rights are applicable to all individuals:

1. The right to be informed

This is regarding the need for transparency over how organisations use personal data. It obliges organisations to provide ‘fair processing information’. This is usually through a privacy notice. The information must be:

  • concise, transparent, intelligible and easily accessible
  • written in clear and plain language, particularly if addressed to a child; and
  • free of charge

2. The right of access

This gives individuals the right to obtain confirmation from organisations of processing of their personal data, access to their personal data and other supplementary information. The information must be supplied latest within a month of request.

3. The right to rectification

Individuals can have inaccurate or incomplete personal data rectified. Any data supplied to third parties by your organisation must also be rectified and the individual informed about the third parties to whom your organisation has supplied data to. This must be done within one month.

4. The right to erasure

Also known as the ‘right to be forgotten’, individuals can request your organisation to delete or remove all personal data where there is no convincing reason to continue processing it. There are exceptions to this. These exceptions include medical records in accordance with the National Pharmaceutical Association (NPA). A copy of prescriptions need to be kept for two years following delivery. Personal medical records need to be kept for ten years following the subjects death. However, the account can be de-activated to be maintained confidentially and securely.

5. The right to restrict processing

This permits organisations to store personal data, but not to further process it, for example, where the individual questions the accuracy of the data, processing should be restricted until its accuracy can be verified.

6. The right to data portability

This allows individual to obtain their personal data from organisations and reuse it (move, copy or transfer) easily for their own purposes across different IT systems in a safe and secure manner. In most cases, this information will need to be provided free of charge.

7. The right to object

Individuals can object to having their personal data processed for direct marketing and some other types of processing.

8. Rights in relation to automated decision making and profiling

Individual have this right to not be subject to decision making based on automated processing to safeguard against the risk of a potentially damaging decision could be made without human intervention.

The Data Protection Officer (DPO) is Superintendent Pharmacist Margaret Hudson and the Data Controller (DC) is Peter Hudson.  Both can be contacted by email at: or telephone 0161 491 1899. 

We pride ourselves in a quality, reliable and trustworthy service to you...

where integrity matters


All our doctors are based in the UK to ensure you receive the best possible treatment.


We're regulated by the General Pharmaceutical Council and the Care Quality Commission, supplying only supply UK sourced genuine medicines.

We use cookies to help us provide you with a better service, but do not track anything that can be used to personally identify you. If you prefer us not to set these cookies, please visit our Cookie Settings page or continue browsing our site to accept them. Close